Custom Search

Monday, January 31, 2011

Botnet Statistics [2011-01-30]

detection period: 2011-01-30 00:00-23:59 UTC
total number of suspected botnet IPs: 1846
number of botnet IPs notified to network operators: 1604
number of blocked spams: 239748
recipient count of blocked spams: 6031419

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD482
2UNICOM-BJ329
3HINET-NET227
4BSNLNET21
5003.420.926/0002-0517
6AR-TEAR7-LACNIC16
7033.530.486/0001-2916
8000.065.376/0002-6516
9CHINANET-ZJ-WZ15
10CHINANET-JS15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China966
2Taiwan230
3Brazil120
4Russian Federation63
5India59
6Thailand46
7Argentina35
8Kazakhstan28
9Indonesia28
10United States25

Sunday, January 30, 2011

DISAN: a proposed framework for botnet mitigation

With the limited experience I gained from botnet detection and notification last year, I am going to propose a botnet mitigation framwork here, in the hope to solve the botnet threat we face currently. While still sounding like a very serious problem today, in reality botnets have shrunk quite a bit, as evident from the global spam drop observed in the second half of 2010. So the framework I am proposing is meant to reinforce what has already been done right.

The primary objective of this framework will be to find out the locations of botnets (that is, their IP addresses), and subsequently notify the unknowning victims. The framework will comprise three parts: detection, information sharing, and notification. Let's just call it "DISAN." The "A" from the word "and" is kept for ease of pronounciation.

The keyword for the detection part is "diversity," which mainly applies to how and where (in the cyber world) to detect botnets. Most detection methods work by monitoring various abnormal network behaviors that botnets exhibit, like sending spam, DDoS, etc. Different monitoring mechanisms are going to uncover differnet botnets, so it is necessary to diversify the detection approaches. As botnets are not evenly distributed in the Internet, it is also better to scatter the detection systems around the globe as diversely as possible. Various VPS offerings can help us achieve that.

The keyword for the information sharing part is "trust." Detection is not needed if you can get information about botnets from somebody else. But if you don't trust them, the usefulness of the information to you will be problematic. Likewise, if the information providers don't trust you, they might be reluctant to share with you the IP addresses of botnets, which are potentially vulnerable computers. So it would be better if information providers and recipients belong to an existing structure (like workgroups, taskforce, etc.), and already have mutual trust among them.

The keyword for the last part, notification, is "awareness." The only reason why botnets are such a formidable threat today, is because the victims do not know that their computers have been compromised. Then as time goes by, botnet herders are destined to have many zombie computers waiting for their commands. Without the victims cleaning the computers and fixing the vulnerabilities, efforts like taking C&C servers offline are futile, as I pointed out in my previous post.

Botnet Statistics [2011-01-29]

detection period: 2011-01-29 00:00-23:59 UTC
total number of suspected botnet IPs: 3156
number of botnet IPs notified to network operators: 2676
number of blocked spams: 241840
recipient count of blocked spams: 6305267

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD526
2BSNLNET500
3UNICOM-BJ323
4HINET-NET228
5RCOM91
6TATACOMM-IN81
7AR-TEAR7-LACNIC53
8HATHWAY-NET46
9TRUENET36
10000.065.376/0002-6531

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1064
2India784
3Taiwan235
4Brazil184
5Russian Federation153
6Thailand111
7Argentina90
8Kazakhstan57
9Ukraine54
10Indonesia36

Saturday, January 29, 2011

Botnet Statistics [2011-01-28]

detection period: 2011-01-28 00:00-23:59 UTC
total number of suspected botnet IPs: 3661
number of botnet IPs notified to network operators: 3066
number of blocked spams: 219328
recipient count of blocked spams: 5483390

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET550
2CHINANET-GD533
3UNICOM-BJ367
4HINET-NET246
5RCOM112
6TATACOMM-IN97
7HATHWAY-NET47
8AR-TEAR7-LACNIC44
9TRUEBB-NET37
10002.558.134/0001-5834

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1174
2India878
3Taiwan256
4Brazil254
5Russian Federation184
6Thailand114
7Argentina86
8Kazakhstan73
9Ukraine64
10United States47

Friday, January 28, 2011

Botnet Statistics [2011-01-27]

detection period: 2011-01-27 00:00-23:59 UTC
total number of suspected botnet IPs: 2744
number of botnet IPs notified to network operators: 2220
number of blocked spams: 243632
recipient count of blocked spams: 7372701

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ379
2BSNLNET315
3HINET-NET241
4CHINANET-GD170
5TATACOMM-IN60
6RCOM56
7002.558.134/0001-5836
8HATHWAY-NET34
9UKRTELNET33
10TRUENET27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China801
2India521
3Taiwan249
4Brazil215
5Russian Federation151
6Thailand103
7Ukraine66
8Kazakhstan63
9Argentina62
10United States45

Thursday, January 27, 2011

Botnet Statistics [2011-01-26]

detection period: 2011-01-26 00:00-23:59 UTC
total number of suspected botnet IPs: 2059
number of botnet IPs notified to network operators: 1681
number of blocked spams: 249074
recipient count of blocked spams: 7794178

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ361
2HINET-NET235
3CHINANET-GD158
4BSNLNET78
5RCOM28
6002.558.134/0001-5828
7CHINANET-ZJ-WZ23
8000.065.376/0002-6522
9AR-TEAR7-LACNIC21
10003.420.926/0002-0521

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China740
2Taiwan238
3Brazil174
4India163
5Russian Federation123
6Thailand74
7United States43
8Kazakhstan42
9Argentina42
10Ukraine41

Wednesday, January 26, 2011

Botnet Statistics [2011-01-25]

detection period: 2011-01-25 00:00-23:59 UTC
total number of suspected botnet IPs: 2295
number of botnet IPs notified to network operators: 1807
number of blocked spams: 248842
recipient count of blocked spams: 7850190

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ265
2HINET-NET220
3BSNLNET208
4CHINANET-GD142
5RCOM54
6002.558.134/0001-5845
7TATACOMM-IN25
8TRUEBB-NET23
9HATHWAY-NET23
10CHINANET-JS23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China639
2India353
3Taiwan228
4Brazil211
5Russian Federation131
6Thailand80
7United States60
8Kazakhstan56
9Indonesia44
10Ukraine42

Tuesday, January 25, 2011

Botnet Statistics [2011-01-24]

detection period: 2011-01-24 00:00-23:59 UTC
total number of suspected botnet IPs: 2440
number of botnet IPs notified to network operators: 1935
number of blocked spams: 257910
recipient count of blocked spams: 8115365

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ280
2HINET-NET235
3BSNLNET235
4CHINANET-GD149
5RCOM53
6TATACOMM-IN45
7002.558.134/0001-5831
8CHINANET-JS27
9TRUENET24
10HATHWAY-NET23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China676
2India401
3Taiwan242
4Brazil199
5Russian Federation120
6Thailand93
7Kazakhstan58
8United States56
9Indonesia49
10South Korea46

Monday, January 24, 2011

Botnet Statistics [2011-01-23]

detection period: 2011-01-23 00:00-23:59 UTC
total number of suspected botnet IPs: 2668
number of botnet IPs notified to network operators: 2142
number of blocked spams: 166118
recipient count of blocked spams: 4743909

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET335
2UNICOM-BJ274
3HINET-NET246
4CHINANET-GD137
5RCOM60
6TATACOMM-IN59
7HATHWAY-NET41
8AR-TEAR7-LACNIC36
9TRUEBB-NET35
10TRUENET32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China676
2India544
3Taiwan250
4Brazil195
5Russian Federation165
6Thailand126
7Argentina71
8Kazakhstan62
9Ukraine56
10United States51

Sunday, January 23, 2011

Botnet Statistics [2011-01-22]

detection period: 2011-01-22 00:00-23:59 UTC
total number of suspected botnet IPs: 3043
number of botnet IPs notified to network operators: 2458
number of blocked spams: 299951
recipient count of blocked spams: 9434433

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET535
2UNICOM-BJ245
3HINET-NET235
4CHINANET-GD149
5TATACOMM-IN100
6RCOM79
7HATHWAY-NET49
8AR-TEAR7-LACNIC45
9002.558.134/0001-5841
10TRUEBB-NET37

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India842
2China664
3Taiwan247
4Brazil215
5Russian Federation169
6Thailand122
7Argentina89
8Kazakhstan66
9United States55
10Ukraine53

Saturday, January 22, 2011

Botnet Statistics [2011-01-21]

detection period: 2011-01-21 00:00-23:59 UTC
total number of suspected botnet IPs: 3404
number of botnet IPs notified to network operators: 2739
number of blocked spams: 300417
recipient count of blocked spams: 9570119

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET640
2UNICOM-BJ238
3HINET-NET233
4CHINANET-GD137
5RCOM112
6TATACOMM-IN95
7HATHWAY-NET57
8AR-TEAR7-LACNIC56
9000.065.376/0002-6545
10TRUEBB-NET41

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India993
2China670
3Brazil271
4Taiwan248
5Russian Federation195
6Thailand123
7Argentina101
8Kazakhstan86
9Ukraine64
10United States63

Friday, January 21, 2011

Botnet Statistics [2011-01-20]

detection period: 2011-01-20 00:00-23:59 UTC
total number of suspected botnet IPs: 3189
number of botnet IPs notified to network operators: 2534
number of blocked spams: 254870
recipient count of blocked spams: 8225581

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET678
2HINET-NET188
3UNICOM-BJ152
4CHINANET-GD134
5RCOM101
6TATACOMM-IN97
7HATHWAY-NET69
8TRUEBB-NET38
9ALLIANCEBROADBAND38
10000.065.376/0002-6538

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1034
2China562
3Brazil257
4Taiwan203
5Russian Federation179
6Thailand119
7Kazakhstan72
8Ukraine71
9Argentina71
10United States61

Thursday, January 20, 2011

Botnet Statistics [2011-01-19]

detection period: 2011-01-19 00:00-23:59 UTC
total number of suspected botnet IPs: 1841
number of botnet IPs notified to network operators: 1334
number of blocked spams: 314601
recipient count of blocked spams: 10636863

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET137
2HINET-NET133
3RCOM35
4000.065.376/0002-6534
5CHINANET-ZJ-WZ32
6002.558.134/0001-5830
7UKRTELNET28
8AR-TEAR7-LACNIC25
9TRUENET24
10TATACOMM-IN24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China269
2India261
3Brazil215
4Taiwan145
5Russian Federation124
6Thailand101
7United States57
8Ukraine57
9Argentina54
10Indonesia53

Wednesday, January 19, 2011

Botnet Statistics [2011-01-18]

detection period: 2011-01-18 00:00-23:59 UTC
total number of suspected botnet IPs: 1741
number of botnet IPs notified to network operators: 1258
number of blocked spams: 329869
recipient count of blocked spams: 11026352

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET135
2HINET-NET119
3RCOM33
4UKRTELNET28
5AR-TEAR7-LACNIC28
6000.065.376/0002-6528
7002.558.134/0001-5824
8TRUENET22
9TATACOMM-IN22
10003.420.926/0002-0521

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China251
2India243
3Brazil210
4Russian Federation133
5Taiwan129
6Thailand81
7United States62
8Ukraine58
9Argentina54
10Indonesia48

Tuesday, January 18, 2011

Botnet Statistics [2011-01-17]

detection period: 2011-01-17 00:00-23:59 UTC
total number of suspected botnet IPs: 1342
number of botnet IPs notified to network operators: 900
number of blocked spams: 328378
recipient count of blocked spams: 11188877

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET72
2HINET-NET32
3RCOM25
4002.558.134/0001-5824
5CHINANET-JS23
6000.065.376/0002-6520
7033.530.486/0001-2919
8003.420.926/0002-0519
9UNICOM-SD17
10CHINANET-ZJ-WZ17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China232
2Brazil163
3India153
4Russian Federation104
5Thailand65
6United States56
7Taiwan41
8Indonesia38
9South Korea37
10Ukraine35

Monday, January 17, 2011

Botnet Statistics [2011-01-16]

detection period: 2011-01-16 00:00-23:59 UTC
total number of suspected botnet IPs: 1296
number of botnet IPs notified to network operators: 930
number of blocked spams: 334517
recipient count of blocked spams: 11409437

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET154
2BSNLNET32
3TRUENET21
4KORNET-KR20
5002.558.134/0001-5819
6CHINANET-ZJ-WZ18
7003.420.926/0002-0518
8UKRTELNET16
9TRUEBB-NET15
10CHINANET-JS14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China204
2Taiwan157
3Brazil138
4Russian Federation90
5India78
6Thailand77
7United States51
8Ukraine38
9South Korea38
10Indonesia31

Sunday, January 16, 2011

Botnet Statistics [2011-01-15]

detection period: 2011-01-15 00:00-23:59 UTC
total number of suspected botnet IPs: 1093
number of botnet IPs notified to network operators: 773
number of blocked spams: 334989
recipient count of blocked spams: 11397750

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ93
2CHINANET-GD68
3HINET-NET45
4KORNET-KR21
5003.420.926/0002-0518
6RCOM13
7CO-ACSA-LACNIC13
8CHINANET-JS13
9UNICOM-SD12
10CHINANET-ZJ-WZ11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China331
2Brazil97
3Russian Federation57
4United States54
5Taiwan53
6India48
7South Korea40
8Indonesia31
9Colombia31
10Thailand27

Saturday, January 15, 2011

Botnet Statistics [2011-01-14]

detection period: 2011-01-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1087
number of botnet IPs notified to network operators: 739
number of blocked spams: 334238
recipient count of blocked spams: 11265656

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ95
2CHINANET-GD56
3KORNET-KR21
4CHINANET-ZJ-WZ17
5CHINANET-JS16
6RCOM15
7003.420.926/0002-0515
8UNICOM-SD14
9BSNLNET14
10CO-ACSA-LACNIC12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China333
2Brazil99
3Russian Federation69
4United States58
5India50
6South Korea45
7Indonesia33
8Colombia30
9Thailand25
10Kazakhstan22

Friday, January 14, 2011

Botnet Statistics [2011-01-13]

detection period: 2011-01-13 00:00-23:59 UTC
total number of suspected botnet IPs: 1354
number of botnet IPs notified to network operators: 993
number of blocked spams: 285319
recipient count of blocked spams: 9014914

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ224
2CHINANET-GD106
3RCOM22
4KORNET-KR20
5CHINANET-ZJ-WZ18
6003.420.926/0002-0517
7CHINANET-JS16
8BSNLNET16
9CO-ACSA-LACNIC14
10UNICOM-SD13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China523
2Brazil109
3Russian Federation82
4India71
5United States64
6South Korea43
7Colombia33
8Indonesia29
9Thailand25
10France24

Thursday, January 13, 2011

Botnet Statistics [2011-01-12]

detection period: 2011-01-12 00:00-23:59 UTC
total number of suspected botnet IPs: 1125
number of botnet IPs notified to network operators: 785
number of blocked spams: 223651
recipient count of blocked spams: 7173266

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-BJ175
2KORNET-KR16
3CHINANET-GD16
4CHINANET-ZJ-WZ14
5CHINANET-JS14
6003.420.926/0002-0514
7UNICOM-SD13
8CO-ACSA-LACNIC13
9BSNLNET12
10033.530.486/0001-2912

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China383
2Brazil94
3Russian Federation76
4United States58
5India47
6South Korea42
7Indonesia31
8Colombia28
9Thailand22
10Poland22

Wednesday, January 12, 2011

Botnet Statistics [2011-01-11]

detection period: 2011-01-11 00:00-23:59 UTC
total number of suspected botnet IPs: 1083
number of botnet IPs notified to network operators: 749
number of blocked spams: 307522
recipient count of blocked spams: 10299471

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET130
2KORNET-KR19
3CHINANET-JS15
4UNICOM-SD14
5CHINANET-GD14
6003.420.926/0002-0514
7033.530.486/0001-2913
8CO-ACSA-LACNIC12
9CHINANET-FJ12
10BSNLNET12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China229
2Taiwan137
3Brazil97
4Russian Federation71
5United States59
6India49
7South Korea43
8Indonesia30
9Colombia25
10Thailand23

Tuesday, January 11, 2011

Botnet Statistics [2011-01-10]

detection period: 2011-01-10 00:00-23:59 UTC
total number of suspected botnet IPs: 1001
number of botnet IPs notified to network operators: 661
number of blocked spams: 334812
recipient count of blocked spams: 11474862

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET80
2KORNET-KR18
3003.420.926/0002-0515
4UNICOM-SD14
5RCOM14
6CHINANET-JS14
7CHINANET-GD14
8033.530.486/0001-2913
9CO-ACSA-LACNIC12
10076.535.764/0326-9011

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China203
2Brazil99
3Taiwan86
4United States56
5Russian Federation53
6India46
7South Korea39
8Indonesia34
9Poland26
10Colombia26

Monday, January 10, 2011

Botnet Statistics [2011-01-09]

detection period: 2011-01-09 00:00-23:59 UTC
total number of suspected botnet IPs: 921
number of botnet IPs notified to network operators: 640
number of blocked spams: 336817
recipient count of blocked spams: 11567907

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET104
2CHINANET-ZJ-WZ24
3CHINANET-GD23
4KORNET-KR17
5003.420.926/0002-0514
6UNICOM-SD13
7CHINANET-JS13
8033.530.486/0001-2913
9UNICOM-BJ12
10CO-ACSA-LACNIC10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China219
2Taiwan108
3Brazil77
4Russian Federation51
5United States42
6South Korea36
7India30
8Indonesia28
9Colombia24
10Poland23

Sunday, January 9, 2011

Botnet Statistics for the year of 2010

My detection systems have been working throughout 2010. It would be interesting to summarize my data for the whole year. Because some ip blocks are missing from my network mapping table, around 4000 botnet IPs could not be mapped to the networks they belong to. I am a bit lazy recently, so I decide not to amend the mapping table this time, and release the yearly statistics without the top 25 networks.

In terms of number of bots, I expected China or Taiwan to take the crown, but to my surprise, India tops the list by a large margin. The top 6 countries are India, China, Brazil, Taiwan, Argentina, and Russian Federation. All but Argentina have been regulars on my botnet charts. Argentina has been successfully staying out of my daily chart for some time.

My statistics is by no means complete. It just describes the bots I found with the particular detection mechanism I use, which are fake open relays. Botnet detection with other means may come out with vastly different results.

detection period: 2010-01-01 00:00 - 2010-12-31 23:59 UTC
total number of suspected botnet IPs: 414398
number of blocked spams: 79256717
recipient count of blocked spams: 2328674624

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India152502
2China83429
3Brazil43875
4Taiwan32981
5Argentina25599
6Russian Federation15658
7Thailand12348
8United States6342
9Ukraine5434
10Uruguay3883
11Mexico3759
12Ethiopia2376
13Chile2069
14Belarus1699
15Germany1621
16South Korea1396
17Kazakhstan1357
18Colombia1353
19Indonesia1264
20Algeria1175
21France1057
22Japan999
23Hong Kong718
24Italy644
25Spain593

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China19216036
2Taiwan10256800
3Brazil8999024
4United States5823431
5India4072434
6Russian Federation3738420
7Colombia2414074
8Thailand1928087
9Indonesia1578363
10Argentina1351358
11South Korea1160235
12France1153097
13Germany1133384
14Poland1110894
15Ukraine964565
16Italy816715
17United Kingdom590121
18Malaysia573573
19Mexico530913
20Iran465483
21Philippines460976
22Czech Republic460585
23Chile451506
24Saudi Arabia410480
25Turkey375195

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2011-01-08]

detection period: 2011-01-08 00:00-23:59 UTC
total number of suspected botnet IPs: 995
number of botnet IPs notified to network operators: 701
number of blocked spams: 335925
recipient count of blocked spams: 11504519

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET133
2UNICOM-BJ45
3CHINANET-GD45
4KORNET-KR15
5CHINANET-ZJ-WZ14
6033.530.486/0001-2913
7UNICOM-SD12
8CHINANET-JS12
9003.420.926/0002-0512
10RCOM10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China257
2Taiwan138
3Brazil77
4United States46
5India42
6Russian Federation40
7South Korea34
8Indonesia26
9Colombia23
10Thailand18

Saturday, January 8, 2011

Botnet Statistics [2011-01-07]

detection period: 2011-01-07 00:00-23:59 UTC
total number of suspected botnet IPs: 1020
number of botnet IPs notified to network operators: 697
number of blocked spams: 336822
recipient count of blocked spams: 11570120

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET110
2CHINANET-GD39
3UNICOM-BJ33
4WHOLESALEINTERNET-230
5KORNET-KR14
6CHINANET-JS14
7033.530.486/0001-2914
8CHINANET-ZJ-WZ13
9UNICOM-SD12
10003.420.926/0002-0512

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China248
2Taiwan121
3Brazil80
4United States77
5Russian Federation41
6India38
7South Korea36
8Indonesia30
9Colombia25
10Thailand24

Friday, January 7, 2011

Botnet Statistics [2011-01-06]

detection period: 2011-01-06 00:00-23:59 UTC
total number of suspected botnet IPs: 1237
number of botnet IPs notified to network operators: 888
number of blocked spams: 270297
recipient count of blocked spams: 8884339

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET177
2CHINANET-GD82
3UNICOM-BJ47
4WHOLESALEINTERNET-226
5CHINANET-ZJ-WZ23
6KORNET-KR16
7CHINANET-JS16
8033.530.486/0001-2914
9UNICOM-SD12
10RCOM12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China335
2Taiwan185
3United States87
4Brazil87
5Russian Federation51
6India43
7South Korea42
8Indonesia31
9Colombia25
10Poland23

Thursday, January 6, 2011

Botnet Statistics [2011-01-05]

detection period: 2011-01-05 00:00-23:59 UTC
total number of suspected botnet IPs: 1299
number of botnet IPs notified to network operators: 978
number of blocked spams: 237236
recipient count of blocked spams: 7648778

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET239
2CHINANET-GD169
3WHOLESALEINTERNET-221
4KORNET-KR16
5CHINANET-JS16
6033.530.486/0001-2914
7RCOM13
8CHINANET-ZJ-WZ13
9UNICOM-SD11
10CO-ACSA-LACNIC11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China356
2Taiwan247
3Brazil88
4United States72
5Russian Federation52
6India40
7South Korea39
8Indonesia30
9Colombia26
10Thailand25

Wednesday, January 5, 2011

Botnet Statistics [2011-01-04]

detection period: 2011-01-04 00:00-23:59 UTC
total number of suspected botnet IPs: 1117
number of botnet IPs notified to network operators: 846
number of blocked spams: 205878
recipient count of blocked spams: 6821910

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET227
2CHINANET-GD147
3CHINANET-JS16
4WHOLESALEINTERNET-215
5KORNET-KR14
6CHINANET-ZJ-WZ14
7UNICOM-SD13
8CHINANET-FJ12
9CO-ACSA-LACNIC11
10033.530.486/0001-2911

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China310
2Taiwan235
3Brazil70
4United States61
5Russian Federation40
6South Korea32
7India25
8Indonesia24
9Colombia22
10Thailand19

Tuesday, January 4, 2011

Botnet Statistics [2011-01-03]

detection period: 2011-01-03 00:00-23:59 UTC
total number of suspected botnet IPs: 3032
number of botnet IPs notified to network operators: 2424
number of blocked spams: 225575
recipient count of blocked spams: 7619701

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET763
2HINET-NET209
3CHINANET-GD169
4RCOM116
5TATACOMM-IN104
6HATHWAY-NET91
7ALLIANCEBROADBAND46
8000.065.376/0002-6533
9002.558.134/0001-5832
10AR-TEAR7-LACNIC31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1177
2China420
3Brazil239
4Taiwan225
5Thailand115
6Russian Federation112
7Argentina68
8United States62
9Ukraine59
10South Korea58

Monday, January 3, 2011

Botnet Statistics [2011-01-02]

detection period: 2011-01-02 00:00-23:59 UTC
total number of suspected botnet IPs: 1403
number of botnet IPs notified to network operators: 1050
number of blocked spams: 237103
recipient count of blocked spams: 7994086

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET198
2CHINANET-GD174
3KORNET-KR21
4BSNLNET21
5000.065.376/0002-6520
6002.558.134/0001-5817
7RCOM16
8002.558.157/0001-6215
9UNICOM-SD14
10TRUEBB-NET14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China360
2Taiwan209
3Brazil123
4India71
5Thailand62
6Russian Federation58
7South Korea44
8United States43
9Argentina38
10Kazakhstan35

Sunday, January 2, 2011

Botnet Statistics for December 2010

detection period: 2010-12-01 00:00 - 2010-12-31 23:59 UTC
total number of suspected botnet IPs: 27020
number of blocked spams: 9202335
recipient count of blocked spams: 300574994

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India7625
2Taiwan6434
3China5981
4Brazil1194
5Russian Federation1049
6Thailand930
7Argentina679
8Ukraine506
9Kazakhstan222
10South Korea207
11Belarus186
12United States173
13Indonesia129
14Ethiopia108
15Chile101
16Germany94
17Bulgaria90
18Uruguay88
19Colombia86
20Mexico73
21Algeria73
22France63
23Poland54
24Saudi Arabia53
25Italy48

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China2078835
2Brazil941721
3United States595124
4Russian Federation517418
5Colombia332338
6India305268
7Taiwan281333
8South Korea227967
9Poland224771
10Indonesia216008
11France214358
12Ukraine197655
13Thailand195921
14Germany189537
15Argentina177570
16Italy162827
17Saudi Arabia138022
18United Kingdom107581
19Chile100575
20Mexico100458
21Spain99605
22Canada82613
23Philippines78657
24Czech Republic75535
25Venezuela74325

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2011-01-01]

detection period: 2011-01-01 00:00-23:59 UTC
total number of suspected botnet IPs: 3042
number of botnet IPs notified to network operators: 2454
number of blocked spams: 263716
recipient count of blocked spams: 8422416

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET758
2HINET-NET203
3CHINANET-GD164
4RCOM121
5TATACOMM-IN83
6HATHWAY-NET74
7AR-TEAR7-LACNIC48
8000.065.376/0002-6535
9TRUEBB-NET33
10002.558.134/0001-5833

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1119
2China485
3Taiwan221
4Brazil200
5Thailand127
6Russian Federation120
7Argentina88
8Ukraine58
9South Korea57
10Kazakhstan55

Saturday, January 1, 2011

Botnet Statistics [2010-12-31]

On the last day of 2010, I detected substantially more bots in India. Was there a malware outbreak happening in India?

detection period: 2010-12-31 00:00-23:59 UTC
total number of suspected botnet IPs: 3517
number of botnet IPs notified to network operators: 2826
number of blocked spams: 254531
recipient count of blocked spams: 8504023

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET937
2HINET-NET170
3RCOM148
4CHINANET-GD148
5TATACOMM-IN117
6HATHWAY-NET100
7AR-TEAR7-LACNIC78
8000.065.376/0002-6547
9ALLIANCEBROADBAND41
10TRUENET39

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India1407
2China473
3Brazil267
4Taiwan183
5Russian Federation160
6Thailand149
7Argentina133
8Ukraine69
9Kazakhstan66
10South Korea56