Custom Search

Sunday, December 12, 2010

Botnet Statistics [2010-12-11]

A week ago, I still detected more than 5000 bots on December 4. This week I detected far less bots, sometimes dropped below 1000 per day. But the weekly bot count graph in Shadowserver disagrees with my statistics. Its bot count increased from around 20K to just below 80K, almost quadrupled in the past week. Considering the recent Wikileaks controversy, and the fact that I can only detect spam sending bots, I guess a large portion of those new bots are used for DDoS attacks.

detection period: 2010-12-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1303
number of botnet IPs notified to network operators: 989
number of blocked spams: 344381
recipient count of blocked spams: 8365799

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET429
2KORNET-KR19
3033.530.486/0001-2917
4UNICOM-SD16
5CHINANET-ZJ-WZ15
6CHINANET-JS14
7CHINANET-FJ14
8CHINANET-GD13
9002.558.157/0001-6212
10CO-ACSA-LACNIC10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan440
2China204
3Brazil87
4Russian Federation71
5United States41
6India41
7South Korea35
8Poland29
9Colombia26
10Ukraine25

No comments:

Post a Comment