Now I detect botnets with both fake open relays and greylisting. I could only detect about 14000 bots in February if greylisting is not used. After all, some spammers might have been driven out of business by my fake open relays, which have been operating for one and a half years now. But the numbers for blocked spams and recipients do not include the number from greylisting, as it gets much less spam mail than fake open relays.
detection period: 2011-02-01 00:00 - 2011-02-28 23:59 UTC
total number of suspected botnet IPs: 39902
number of blocked spams: 5971039
recipient count of blocked spams: 156118318
The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:
| Rank | Country | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 11731 |
| 2 | Taiwan | 5627 |
| 3 | India | 2838 |
| 4 | Brazil | 1995 |
| 5 | Viet Nam | 1698 |
| 6 | Indonesia | 1684 |
| 7 | Russian Federation | 1607 |
| 8 | South Korea | 1059 |
| 9 | Pakistan | 936 |
| 10 | Ukraine | 871 |
| 11 | Thailand | 732 |
| 12 | Belarus | 697 |
| 13 | Argentina | 481 |
| 14 | Colombia | 460 |
| 15 | Kazakhstan | 450 |
| 16 | United States | 409 |
| 17 | Peru | 338 |
| 18 | Poland | 310 |
| 19 | Germany | 283 |
| 20 | Romania | 277 |
| 21 | Saudi Arabia | 243 |
| 22 | Iran | 223 |
| 23 | Chile | 195 |
| 24 | Israel | 186 |
| 25 | France | 184 |
The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:
| Rank | Country | # of blocked spams |
|---|---|---|
| 1 | China | 1652622 |
| 2 | Brazil | 652219 |
| 3 | Taiwan | 356441 |
| 4 | India | 339544 |
| 5 | United States | 339027 |
| 6 | Russian Federation | 261236 |
| 7 | Colombia | 206402 |
| 8 | Indonesia | 177712 |
| 9 | Poland | 140927 |
| 10 | South Korea | 124034 |
| 11 | Thailand | 120969 |
| 12 | Ukraine | 88984 |
| 13 | Philippines | 88518 |
| 14 | France | 87309 |
| 15 | Germany | 68682 |
| 16 | Viet Nam | 66843 |
| 17 | Italy | 59903 |
| 18 | Spain | 58577 |
| 19 | Argentina | 55247 |
| 20 | Mexico | 50735 |
| 21 | Japan | 48374 |
| 22 | United Kingdom | 43967 |
| 23 | Netherlands | 37509 |
| 24 | Turkey | 37489 |
| 25 | European Union | 36650 |
The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:
| Rank | Country | recipient count of blocked spams |
|---|---|---|
| 1 | China | 37991841 |
| 2 | Brazil | 17770374 |
| 3 | United States | 9953708 |
| 4 | Taiwan | 9131848 |
| 5 | India | 8755238 |
| 6 | Russian Federation | 6939250 |
| 7 | Colombia | 5573732 |
| 8 | Indonesia | 4735802 |
| 9 | Poland | 3522806 |
| 10 | South Korea | 3435207 |
| 11 | Thailand | 3277442 |
| 12 | Ukraine | 2608151 |
| 13 | Philippines | 2392940 |
| 14 | France | 2173634 |
| 15 | Germany | 1997437 |
| 16 | Italy | 1824146 |
| 17 | Viet Nam | 1701654 |
| 18 | Argentina | 1624490 |
| 19 | Spain | 1609469 |
| 20 | Mexico | 1528301 |
| 21 | United Kingdom | 1318905 |
| 22 | Japan | 1267370 |
| 23 | Canada | 1091878 |
| 24 | European Union | 1081394 |
| 25 | Turkey | 1075689 |
The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | CHINANET-GD | 5629 |
| 2 | HINET-NET | 5482 |
| 3 | UNICOM-BJ | 1978 |
| 4 | BSNLNET | 1258 |
| 5 | VNPT-VNNIC-VN | 1210 |
| 6 | PTCL | 825 |
| 7 | TELKOMNET | 756 |
| 8 | CRTC | 551 |
| 9 | BY-BELPAK-20091210 | 545 |
| 10 | CTTNET | 516 |
| 11 | KORNET-KR | 510 |
| 12 | UNICOM-HA | 493 |
| 13 | 002.558.134/0001-58 | 439 |
| 14 | 002.558.157/0001-62 | 317 |
| 15 | UNICOM-HN | 303 |
| 16 | RCOM | 300 |
| 17 | UKRTELNET | 295 |
| 18 | TATACOMM-IN | 293 |
| 19 | 000.065.376/0002-65 | 290 |
| 20 | 076.535.764/0326-90 | 262 |
| 21 | CHINANET-JS | 251 |
| 22 | AR-TEAR7-LACNIC | 233 |
| 23 | TRUENET | 176 |
| 24 | CHINANET-HN | 166 |
| 25 | CHINANET-ZJ-WZ | 161 |
The top 25 networks (as found in WHOIS), ordered by number of blocked spams are:
| Rank | Network | # of blocked spams |
|---|---|---|
| 1 | CHINANET-ZJ-WZ | 379624 |
| 2 | HINET-NET | 300195 |
| 3 | 003.420.926/0002-05 | 158123 |
| 4 | CHINANET-GD | 145683 |
| 5 | UNICOM-SD | 119948 |
| 6 | CO-ACSA-LACNIC | 111031 |
| 7 | 033.530.486/0001-29 | 99313 |
| 8 | CHINANET-JS | 92262 |
| 9 | RCOM | 80968 |
| 10 | KORNET-KR | 74897 |
| 11 | CHINANET-ZJ | 65399 |
| 12 | TELKOMNET | 64463 |
| 13 | BSNLNET | 58706 |
| 14 | VNPT-VNNIC-VN | 58033 |
| 15 | UNICOM-BJ | 57090 |
| 16 | BHARTI-IN | 51775 |
| 17 | INTER-SAT | 49664 |
| 18 | 002.558.157/0001-62 | 48431 |
| 19 | TATACOMM-IN | 45215 |
| 20 | UNICOM-HE | 44202 |
| 21 | 076.535.764/0326-90 | 42981 |
| 22 | 004.027.547/0001-31 | 40099 |
| 23 | FR-OVH-20060920 | 35347 |
| 24 | GT-TESA-LACNIC | 33504 |
| 25 | VE-CSVE-LACNIC | 33398 |
The top 25 networks (as found in WHOIS), ordered by recipient count of blocked spams are:
| Rank | Network | recipient count of blocked spams |
|---|---|---|
| 1 | HINET-NET | 7710035 |
| 2 | CHINANET-ZJ-WZ | 5773410 |
| 3 | 003.420.926/0002-05 | 4225707 |
| 4 | UNICOM-SD | 3303953 |
| 5 | CO-ACSA-LACNIC | 3058745 |
| 6 | CHINANET-GD | 2852395 |
| 7 | CHINANET-JS | 2774802 |
| 8 | 033.530.486/0001-29 | 2678401 |
| 9 | RCOM | 2084967 |
| 10 | KORNET-KR | 1968991 |
| 11 | TELKOMNET | 1644661 |
| 12 | VNPT-VNNIC-VN | 1423392 |
| 13 | BSNLNET | 1419662 |
| 14 | BHARTI-IN | 1332968 |
| 15 | TATACOMM-IN | 1264869 |
| 16 | 002.558.157/0001-62 | 1264549 |
| 17 | INTER-SAT | 1186846 |
| 18 | CHINANET-ZJ | 1175551 |
| 19 | 076.535.764/0326-90 | 1146810 |
| 20 | UNICOM-HE | 1096710 |
| 21 | 004.027.547/0001-31 | 1069112 |
| 22 | VE-CSVE-LACNIC | 957024 |
| 23 | 000.065.376/0002-65 | 892529 |
| 24 | OVH | 879711 |
| 25 | CO-ETBE-LACNIC | 874974 |
No comments:
Post a Comment