A week ago, I still detected more than 5000 bots on December 4. This week I detected far less bots, sometimes dropped below 1000 per day. But the weekly bot count graph in Shadowserver disagrees with my statistics. Its bot count increased from around 20K to just below 80K, almost quadrupled in the past week. Considering the recent Wikileaks controversy, and the fact that I can only detect spam sending bots, I guess a large portion of those new bots are used for DDoS attacks.
detection period: 2010-12-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1303
number of botnet IPs notified to network operators: 989
number of blocked spams: 344381
recipient count of blocked spams: 8365799
The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | HINET-NET | 429 |
| 2 | KORNET-KR | 19 |
| 3 | 033.530.486/0001-29 | 17 |
| 4 | UNICOM-SD | 16 |
| 5 | CHINANET-ZJ-WZ | 15 |
| 6 | CHINANET-JS | 14 |
| 7 | CHINANET-FJ | 14 |
| 8 | CHINANET-GD | 13 |
| 9 | 002.558.157/0001-62 | 12 |
| 10 | CO-ACSA-LACNIC | 10 |
The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
| Rank | Country | # of suspected botnet IPs |
|---|---|---|
| 1 | Taiwan | 440 |
| 2 | China | 204 |
| 3 | Brazil | 87 |
| 4 | Russian Federation | 71 |
| 5 | United States | 41 |
| 6 | India | 41 |
| 7 | South Korea | 35 |
| 8 | Poland | 29 |
| 9 | Colombia | 26 |
| 10 | Ukraine | 25 |
No comments:
Post a Comment