Custom Search

Tuesday, May 31, 2011

Botnet Statistics [2011-05-30]

detection period: 2011-05-30 00:00-23:59 UTC
total number of suspected botnet IPs: 3340
number of botnet IPs notified to network operators: 2569
number of blocked spams: 46648
recipient count of blocked spams: 1409155

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1BSNLNET549
2HINET-NET312
3CHINANET-GD133
4KORNET-KR98
5RCOM90
6TATACOMM-IN65
7002.558.134/0001-5855
8AR-TEAR7-LACNIC47
9UKRTELNET45
10CRTC44

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1India869
2China535
3Taiwan326
4Russian Federation272
5Brazil234
6South Korea141
7Ukraine115
8Argentina87
9United States48
10Indonesia45

Monday, May 30, 2011

Botnet Statistics [2011-05-29]

My fake open relay is back to work.

detection period: 2011-05-29 00:00-23:59 UTC
total number of suspected botnet IPs: 2176
number of botnet IPs notified to network operators: 1543
number of blocked spams: 26291
recipient count of blocked spams: 690672

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD129
2HINET-NET112
3BSNLNET105
4KORNET-KR100
5UKRTELNET50
6BY-BELPAK-2009121040
7CRTC38
8CHINANET-JS35
9002.558.134/0001-5826
10000.065.376/0002-6526

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China449
2Russian Federation257
3India219
4South Korea140
5Taiwan136
6Brazil134
7Ukraine115
8Belarus47
9Argentina46
10United States38

Sunday, May 29, 2011

Building a botnet detector with Exim and SQLite, a step-by-step procedure wannabe

In this post, I am going to explain how I employ greylisting to collect IP addresses of botnets. Please read "Botnet Detection with Greylisting" first to get familiar with the general idea. I will mostly talk about implementation details here.

To detect botnets in my way of greylisting, you would need:
  • A UNIX-like host
    Linux, FreeBSD, NetBSD, or Solaris will all do. You don't need high-end hardware. Doorstop:) with single Pentium-III CPU, 64MB RAM, and 5GB hard disk should be plenty enough. Cheap VPS is even better, because it is easy to install and configure, saves on power and network bills, and are both environment and pocket friendly.

  • Heavily spammed domains with no active mailbox
    We are going to trace back to the origin of spam to find botnets, so you need to possess some domains which regularly get lots of spam (something like 5K spam every day will do). No spam, no bots. To prevent collateral damage to existing mailboxes and simplify the system, my detection is designed for domains no longer in use, which I call them as "trap domains" below. You need to modify the system yourself when applying it to active domains.
I myself use a Linux VPS with Debian 5 distribution. The trap domains I use had been expired for some time, so there should be no active mail accounts in them. You are assumed be an experienced network administrator, familiar with setting up MX records, mail system troubleshooting, etc. What my detection system does is really simple:
  • Identify bots with greylisting
    Any hosts trying to send mail to trap domains is all a bit problematic, but I want to focus on botnets, which seldom could pass greylisting. Mail servers (or abused open relays) which do retry sending mail will get a response like "no such user" for each recipient, and the corresponding sessions will be eliminated when compiling the resulting IP list of botnets.

  • Log full mail headers for trap domains
    Most abuse contacts want you to include at least full mail headers when reporting mail related abuses, because it is easier for them to explain what happened to their clients. So for every mail destined for trap domains, and not originating from known mail servers, I keep its full mail header in log files for later notifications.
Here come the detailed implementation procedures:
  1. Install Exim with SQLite support.
    Exim is the SMTP server I am most familiar with, and its powerful ACL is a tremendous help for my detection. I knew from the start that I would need to query the data collected by greylisting a lot, so I based the greylisting I use on the Simple Greylist for Exim, which gives me the ability to use SQL without maintaining a full blown database server.

    If you want to build Exim from source under Debian (like what I did), at least you need to make sure you have the development file for SQLite ready and change the makefile for Exim accordingly. Install the necessary library with the following command:

Botnet Statistics [2011-05-28]

It turned out that I did not notice the SMTP server in my fake open relay died unexpectedly. That is why it had collected nothing for the past few days. I will see whether it can capture anything tomorrow.

detection period: 2011-05-28 00:00-23:59 UTC
total number of suspected botnet IPs: 1188
number of botnet IPs notified to network operators: 816
number of blocked spams: 0
recipient count of blocked spams: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD129
2BSNLNET36
3CRTC33
4CHINANET-JS31
5KORNET-KR29
6AR-TEAR7-LACNIC24
7PTCL16
8TELKOMNET12
9VNPT-VNNIC-VN11
10TATACOMM-IN11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China357
2India95
3Russian Federation65
4Argentina47
5Brazil46
6South Korea44
7Indonesia37
8United States33
9Poland30
10Chile28

Saturday, May 28, 2011

Botnet Statistics [2011-05-27]

detection period: 2011-05-27 00:00-23:59 UTC
total number of suspected botnet IPs: 1518
number of botnet IPs notified to network operators: 1088
number of blocked spams: 0
recipient count of blocked spams: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD127
2BSNLNET79
3CHINANET-JS53
4CRTC38
5TELKOMNET30
6AR-TEAR7-LACNIC24
7KORNET-KR23
8UNICOM-SD19
9RCOM19
10CHINANET-SH16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China487
2India167
3Russian Federation82
4Indonesia68
5Brazil60
6Argentina47
7South Korea46
8Chile35
9Colombia32
10United States30

Friday, May 27, 2011

Botnet Statistics [2011-05-26]

My fake open relay catched no spam yesterday. Now only my greylisting is working.

detection period: 2011-05-26 00:00-23:59 UTC
total number of suspected botnet IPs: 988
number of botnet IPs notified to network operators: 686
number of blocked spams: 0
recipient count of blocked spams: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD149
2BSNLNET57
3CRTC39
4KORNET-KR23
5CTTNET23
6CHINANET-JS18
7UNICOM-SD16
8002.558.134/0001-5816
9RCOM15
10BHARTI-IN10

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China395
2India117
3Russian Federation83
4Brazil59
5South Korea39
6United States31
7Ukraine30
8Taiwan19
9Indonesia14
10Argentina13

Thursday, May 26, 2011

Botnet Statistics [2011-05-25]

Well, it seems that my fake open relay could not attract spam any more. I don't believe that I have forced those spammers out of business. I guess they beat me this time.

detection period: 2011-05-25 00:00-23:59 UTC
total number of suspected botnet IPs: 1370
number of botnet IPs notified to network operators: 919
number of blocked spams: 123
recipient count of blocked spams: 4331

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD159
2BSNLNET61
3CTTNET36
4CRTC32
5CHINANET-JS30
6VNPT-VNNIC-VN25
7KORNET-KR23
8TELKOMNET20
9UNICOM-SD19
10BHARTI-IN15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China484
2India130
3Russian Federation103
4Brazil65
5South Korea50
6Indonesia45
7United States44
8Viet Nam35
9Ukraine31
10Argentina27

Wednesday, May 25, 2011

Botnet Statistics [2011-05-24]

detection period: 2011-05-24 00:00-23:59 UTC
total number of suspected botnet IPs: 2020
number of botnet IPs notified to network operators: 1430
number of blocked spams: 94944
recipient count of blocked spams: 3270685

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET156
2CHINANET-GD126
3BSNLNET63
4CHINANET-JS41
5UNICOM-GD39
6UNICOM-BJ35
7CRTC34
8CTTNET29
9KORNET-KR26
10UNICOM-SD25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China602
2Taiwan178
3India145
4Brazil145
5Russian Federation129
6South Korea66
7United States61
8Indonesia61
9Viet Nam38
10Ukraine38

Tuesday, May 24, 2011

Botnet Statistics [2011-05-23]

detection period: 2011-05-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1920
number of botnet IPs notified to network operators: 1344
number of blocked spams: 93611
recipient count of blocked spams: 3228489

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET124
2CHINANET-GD122
3BSNLNET93
4UNICOM-GD43
5CHINANET-JS37
6CRTC26
7RCOM25
8TELKOMNET20
9CHINANET-ZJ19
10000.065.376/0002-6519

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China539
2India200
3Taiwan146
4Brazil136
5Russian Federation106
6South Korea63
7United States60
8Indonesia54
9Poland44
10Ukraine42

Monday, May 23, 2011

Botnet Statistics [2011-05-22]

detection period: 2011-05-22 00:00-23:59 UTC
total number of suspected botnet IPs: 1749
number of botnet IPs notified to network operators: 1223
number of blocked spams: 94320
recipient count of blocked spams: 3254285

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET142
2CHINANET-GD127
3UNICOM-BJ66
4UNICOM-GD51
5CRTC37
6CTTNET34
7CHINANET-JS32
8BSNLNET20
9TELKOMNET18
10PTCL18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China631
2Taiwan156
3Russian Federation90
4Brazil90
5India65
6United States63
7South Korea47
8Indonesia42
9Ukraine32
10Argentina32

Sunday, May 22, 2011

Botnet Statistics [2011-05-21]

detection period: 2011-05-21 00:00-23:59 UTC
total number of suspected botnet IPs: 1867
number of botnet IPs notified to network operators: 1409
number of blocked spams: 41473
recipient count of blocked spams: 1280305

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET190
2CHINANET-GD186
3UNICOM-GD144
4CHINANET-JS44
5UNICOM-BJ37
6CTTNET34
7CRTC32
8TELKOMNET28
9CHINANET-ZJ24
10CHINANET-SH17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China840
2Taiwan208
3Brazil73
4United States65
5Russian Federation59
6Indonesia57
7India53
8Viet Nam30
9South Korea30
10Argentina29

Saturday, May 21, 2011

Botnet Statistics [2011-05-20]

detection period: 2011-05-20 00:00-23:59 UTC
total number of suspected botnet IPs: 1282
number of botnet IPs notified to network operators: 997
number of blocked spams: 20927
recipient count of blocked spams: 469710

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GD235
2HINET-NET155
3CHINANET-GD116
4BSNLNET63
5UNICOM-BJ36
6CHINANET-JS32
7KORNET-KR31
8CRTC31
9CTTNET29
10RCOM17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China591
2Taiwan162
3India111
4South Korea60
5Brazil44
6Russian Federation36
7United States17
8Ukraine16
9Indonesia16
10Viet Nam14

Friday, May 20, 2011

Botnet Statistics [2011-05-19]

detection period: 2011-05-19 00:00-23:59 UTC
total number of suspected botnet IPs: 1819
number of botnet IPs notified to network operators: 1400
number of blocked spams: 16648
recipient count of blocked spams: 272784

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GD269
2HINET-NET255
3CHINANET-GD102
4BSNLNET88
5CTTNET41
6VNPT-VNNIC-VN36
7CRTC36
8UNICOM-BJ32
9CHINANET-JS30
10RCOM25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China639
2Taiwan259
3India194
4Brazil106
5Russian Federation76
6Viet Nam52
7South Korea51
8Ukraine48
9Indonesia43
10United States35

Thursday, May 19, 2011

Botnet Statistics [2011-05-18]

detection period: 2011-05-18 00:00-23:59 UTC
total number of suspected botnet IPs: 2067
number of botnet IPs notified to network operators: 1559
number of blocked spams: 14764
recipient count of blocked spams: 248147

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-GD269
2HINET-NET250
3CHINANET-GD152
4BSNLNET62
5UNICOM-BJ58
6KORNET-KR46
7VNPT-VNNIC-VN44
8CTTNET35
9CRTC27
10CHINANET-JS26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China706
2Taiwan260
3India144
4Brazil117
5Russian Federation92
6South Korea85
7Viet Nam63
8Ukraine48
9Indonesia37
10Argentina30

Wednesday, May 18, 2011

Botnet Statistics [2011-05-17]

detection period: 2011-05-17 00:00-23:59 UTC
total number of suspected botnet IPs: 2306
number of botnet IPs notified to network operators: 1677
number of blocked spams: 104773
recipient count of blocked spams: 3376789

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET260
2UNICOM-GD215
3CHINANET-GD97
4BSNLNET73
5UNICOM-BJ33
6CHINANET-JS33
7KORNET-KR31
8CRTC27
9000.065.376/0002-6527
10RCOM25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China686
2Taiwan279
3India181
4Brazil170
5Russian Federation134
6South Korea77
7Ukraine60
8United States51
9Colombia40
10Poland37

Tuesday, May 17, 2011

Botnet Statistics [2011-05-16]

detection period: 2011-05-16 00:00-23:59 UTC
total number of suspected botnet IPs: 2951
number of botnet IPs notified to network operators: 2087
number of blocked spams: 164634
recipient count of blocked spams: 5351567

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET320
2UNICOM-GD281
3CHINANET-GD224
4UNICOM-BJ52
5VNPT-VNNIC-VN49
6KORNET-KR47
7CRTC46
8PTCL42
9CHINANET-JS38
10BSNLNET36

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China917
2Taiwan340
3Brazil164
4South Korea150
5India149
6Russian Federation129
7Viet Nam75
8Ukraine71
9United States60
10Poland51

Monday, May 16, 2011

Botnet Statistics [2011-05-15]

detection period: 2011-05-15 00:00-23:59 UTC
total number of suspected botnet IPs: 2629
number of botnet IPs notified to network operators: 2009
number of blocked spams: 101904
recipient count of blocked spams: 3246910

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET328
2CHINANET-GD323
3UNICOM-GD223
4UNICOM-BJ78
5KORNET-KR46
6CRTC46
7CHINANET-JS43
8000.065.376/0002-6530
9VNPT-VNNIC-VN28
10BSNLNET27

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China984
2Taiwan350
3Brazil138
4Russian Federation115
5South Korea108
6India98
7United States61
8Ukraine52
9Viet Nam40
10Indonesia39

Sunday, May 15, 2011

Botnet Statistics [2011-05-14]

detection period: 2011-05-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1646
number of botnet IPs notified to network operators: 1365
number of blocked spams: 15988
recipient count of blocked spams: 334595

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET326
2CHINANET-GD238
3UNICOM-GD208
4BSNLNET45
5CRTC37
6CHINANET-ZJ-WZ28
7UNICOM-BJ24
8RCOM17
9TELKOMNET15
10CHINANET-JS15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China697
2Taiwan337
3India130
4Brazil70
5Russian Federation63
6Poland26
7South Korea25
8Indonesia23
9United States21
10Ukraine19

Saturday, May 14, 2011

Botnet Statistics [2011-05-13]

detection period: 2011-05-13 00:00-23:59 UTC
total number of suspected botnet IPs: 2551
number of botnet IPs notified to network operators: 1866
number of blocked spams: 154915
recipient count of blocked spams: 4969946

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET244
2CHINANET-GD234
3UNICOM-GD222
4UNICOM-HA99
5KORNET-KR38
6CRTC36
7BSNLNET32
8VNPT-VNNIC-VN30
9CHINANET-JS27
10TELKOMNET26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China903
2Taiwan265
3Russian Federation145
4Brazil142
5India129
6Ukraine89
7South Korea84
8United States59
9Indonesia55
10Viet Nam48

Botnet Statistics [2011-05-12]

detection period: 2011-05-12 00:00-23:59 UTC
total number of suspected botnet IPs: 2418
number of botnet IPs notified to network operators: 1807
number of blocked spams: 203714
recipient count of blocked spams: 6733072

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET293
2UNICOM-GD231
3UNICOM-HA219
4CHINANET-GD217
5BSNLNET44
6CHINANET-JS30
7CRTC24
8PTCL23
9002.558.157/0001-6221
10VNPT-VNNIC-VN20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1001
2Taiwan311
3India142
4Brazil133
5Russian Federation100
6United States52
7Ukraine46
8South Korea46
9Indonesia45
10Poland34

Botnet Statistics [2011-05-11]

detection period: 2011-05-11 00:00-23:59 UTC
total number of suspected botnet IPs: 2504
number of botnet IPs notified to network operators: 1996
number of blocked spams: 210570
recipient count of blocked spams: 6908441

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET363
2UNICOM-HA252
3UNICOM-GD227
4CHINANET-GD224
5CHINANET-JS46
6KORNET-KR42
7VNPT-VNNIC-VN36
8UNICOM-BJ26
9BHARTI-IN26
10CHINANET-ZJ-WZ23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1041
2Taiwan377
3Brazil137
4India110
5South Korea78
6Russian Federation74
7Viet Nam50
8Ukraine45
9Indonesia44
10United States41

Wednesday, May 11, 2011

Botnet Statistics for April 2011

detection period: 2011-04-01 00:00 - 2011-04-30 23:59 UTC
total number of suspected botnet IPs: 61430
number of blocked spams: 2406521
recipient count of blocked spams: 65644324

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China15733
2Taiwan9383
3India5676
4Russian Federation4208
5South Korea3112
6Brazil2219
7Ukraine1864
8Indonesia1654
9Viet Nam1502
10Pakistan1089
11United States875
12Colombia730
13Belarus711
14Argentina704
15Poland651
16Kazakhstan528
17Romania503
18Serbia484
19Spain481
20Peru417
21Saudi Arabia406
22United Kingdom356
23Thailand336
24Morocco318
25Philippines312

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1Taiwan685699
2China647688
3Brazil180028
4Russian Federation95487
5United States90492
6India59527
7France50181
8Colombia47077
9Thailand43564
10Poland39904
11Indonesia35200
12Ukraine33967
13Mexico27650
14Iran23989
15South Korea23777
16Germany21490
17Chile18292
18Kazakhstan17331
19Argentina15830
20Italy15668
21Czech Republic14611
22Guatemala11379
23Canada10302
24Viet Nam9720
25European Union9294

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2011-05-10]

detection period: 2011-05-10 00:00-23:59 UTC
total number of suspected botnet IPs: 2481
number of botnet IPs notified to network operators: 1874
number of blocked spams: 207499
recipient count of blocked spams: 6763296

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET362
2UNICOM-GD233
3CHINANET-GD219
4UNICOM-HA142
5BSNLNET31
6VNPT-VNNIC-VN26
7CHINANET-JS26
8TELKOMNET24
9BHARTI-IN24
10002.558.157/0001-6223

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China895
2Taiwan377
3Brazil149
4India131
5Russian Federation104
6United States72
7Indonesia54
8South Korea50
9Ukraine44
10Viet Nam40

Tuesday, May 10, 2011

Botnet Statistics [2011-05-09]

detection period: 2011-05-09 00:00-23:59 UTC
total number of suspected botnet IPs: 2773
number of botnet IPs notified to network operators: 2150
number of blocked spams: 89808
recipient count of blocked spams: 2658788

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET371
2UNICOM-HA267
3UNICOM-GD233
4CHINANET-GD221
5CTTNET112
6PTCL40
7UNICOM-BJ38
8CRTC35
9CHINANET-JS35
10KORNET-KR34

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1149
2Taiwan385
3Brazil140
4India121
5Russian Federation77
6South Korea70
7United States61
8Pakistan45
9Viet Nam41
10Indonesia40

Botnet Statistics [2011-05-08]

detection period: 2011-05-08 00:00-23:59 UTC
total number of suspected botnet IPs: 2421
number of botnet IPs notified to network operators: 2093
number of blocked spams: 43971
recipient count of blocked spams: 990736

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA365
2HINET-NET362
3CTTNET296
4UNICOM-GD270
5CHINANET-GD195
6CRTC41
7UNICOM-BJ35
8CHINANET-JS30
9BSNLNET17
10UNICOM-SD15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1356
2Taiwan372
3India69
4Brazil50
5Russian Federation45
6Indonesia38
7Kazakhstan33
8Argentina31
9Ukraine27
10Poland25

Sunday, May 8, 2011

Botnet Statistics [2011-05-07]

detection period: 2011-05-07 00:00-23:59 UTC
total number of suspected botnet IPs: 2736
number of botnet IPs notified to network operators: 2298
number of blocked spams: 43067
recipient count of blocked spams: 979571

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET365
2CTTNET315
3UNICOM-HA299
4CHINANET-GD289
5UNICOM-GD276
6BSNLNET50
7CRTC41
8VNPT-VNNIC-VN35
9PTCL30
10KORNET-KR30

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1412
2Taiwan372
3India118
4Brazil105
5South Korea63
6Argentina51
7Viet Nam47
8Russian Federation42
9Indonesia39
10Pakistan35

Saturday, May 7, 2011

Botnet Statistics [2011-05-06]

detection period: 2011-05-06 00:00-23:59 UTC
total number of suspected botnet IPs: 2887
number of botnet IPs notified to network operators: 2551
number of blocked spams: 45051
recipient count of blocked spams: 956227

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD882
2HINET-NET361
3UNICOM-HA312
4CTTNET280
5UNICOM-GD176
6BSNLNET45
7CRTC38
8UNICOM-BJ30
9CHINANET-JS25
10PTCL21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1891
2Taiwan367
3India102
4Brazil88
5Russian Federation41
6Viet Nam39
7Indonesia34
8Kazakhstan29
9Ukraine26
10United States25

Botnet Statistics [2011-05-05]

detection period: 2011-05-05 00:00-23:59 UTC
total number of suspected botnet IPs: 2778
number of botnet IPs notified to network operators: 2328
number of blocked spams: 37627
recipient count of blocked spams: 858499

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA351
2CTTNET344
3CHINANET-GD275
4HINET-NET193
5BSNLNET117
6UNICOM-GD116
7RCOM41
8CHINANET-JS38
9CRTC31
10TELKOMNET30

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1346
2India269
3Taiwan204
4Brazil148
5Russian Federation85
6Indonesia65
7Kazakhstan45
8Viet Nam43
9Ukraine40
10Argentina35

Thursday, May 5, 2011

Botnet Statistics [2011-05-04]

detection period: 2011-05-04 00:00-23:59 UTC
total number of suspected botnet IPs: 2573
number of botnet IPs notified to network operators: 1922
number of blocked spams: 84610
recipient count of blocked spams: 2867322

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA307
2CTTNET289
3BSNLNET143
4HINET-NET119
5CHINANET-GD107
6CHINANET-JS38
7PTCL31
8RCOM30
9KORNET-KR27
10UNICOM-SD26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1039
2India297
3Brazil178
4Taiwan132
5Russian Federation105
6United States67
7Indonesia50
8South Korea47
9Ukraine46
10Kazakhstan41

Wednesday, May 4, 2011

Botnet Statistics [2011-05-03]

detection period: 2011-05-03 00:00-23:59 UTC
total number of suspected botnet IPs: 2561
number of botnet IPs notified to network operators: 1933
number of blocked spams: 97289
recipient count of blocked spams: 3332625

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA294
2CTTNET288
3HINET-NET204
4CHINANET-GD102
5UNICOM-HN83
6TELKOMNET44
7BSNLNET44
8UNICOM-GD35
9VNPT-VNNIC-VN30
10CHINANET-JS26

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1080
2Taiwan218
3India145
4Brazil124
5Indonesia99
6Russian Federation78
7United States58
8Viet Nam56
9Argentina42
10South Korea38

Tuesday, May 3, 2011

Botnet Statistics [2011-05-02]

detection period: 2011-05-02 00:00-23:59 UTC
total number of suspected botnet IPs: 2534
number of botnet IPs notified to network operators: 1783
number of blocked spams: 94329
recipient count of blocked spams: 3248592

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET186
2UNICOM-HA155
3CHINANET-GD105
4CTTNET98
5UNICOM-HN97
6BSNLNET97
7UNICOM-GD72
8KORNET-KR52
9TELKOMNET44
10CRTC43

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China787
2India229
3Taiwan200
4Brazil170
5South Korea115
6Indonesia82
7Russian Federation80
8United States53
9Argentina50
10Ukraine48

Monday, May 2, 2011

Botnet Statistics [2011-05-01]

detection period: 2011-05-01 00:00-23:59 UTC
total number of suspected botnet IPs: 1886
number of botnet IPs notified to network operators: 1277
number of blocked spams: 95851
recipient count of blocked spams: 3282162

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET189
2CHINANET-GD170
3UNICOM-GD74
4PTCL43
5CRTC37
6BSNLNET35
7TELKOMNET30
8CHINANET-JS25
9KORNET-KR23
10VNPT-VNNIC-VN22

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China496
2Taiwan201
3Brazil130
4India101
5Russian Federation77
6United States61
7Indonesia57
8South Korea51
9Pakistan45
10Ukraine44

Sunday, May 1, 2011

Botnet Statistics [2011-04-30]

detection period: 2011-04-30 00:00-23:59 UTC
total number of suspected botnet IPs: 2457
number of botnet IPs notified to network operators: 1796
number of blocked spams: 56121
recipient count of blocked spams: 1544889

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET338
2UNICOM-GD244
3CHINANET-GD111
4BSNLNET79
5PTCL47
6CRTC39
7CHINANET-JS34
8AR-TEAR7-LACNIC34
9000.065.376/0002-6527
10UNICOM-BJ25

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China627
2Taiwan351
3India202
4Brazil159
5Russian Federation88
6Indonesia60
7Argentina57
8Ukraine55
9United States54
10Pakistan53