Custom Search

Saturday, June 4, 2011

Botnet Statistics for May 2011

My way of counting numbers seems to screw the statistics somewhat.

I use both fake open relay and greylisting to detect botnets and compile their IP list. But only fake open relay has non-zero blocked spams. The reason: acting as open relay, it has to accept everything in its SMTP port. My greylisting never accept spam. It either rejects the mail temporarily, or if the sender retries, rejects the recipients permanently. I only count spam accepted as "blocked spam."

This might cause some discrepancies between different lists. If a certain country is mostly detected by greylisting, it might be high on the country list, but no so high on lists of both blocked spams and blocked recipients. I did not forsee this problem when I started incorporating greylisting into my statistics.

I do not intend to change my way of counting for the time being.

detection period: 2011-05-01 00:00 - 2011-05-31 23:59 UTC
total number of suspected botnet IPs: 46494
number of blocked spams: 2036931
recipient count of blocked spams: 63221233

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China15696
2Taiwan6309
3India4851
4Russian Federation2235
5Brazil1905
6South Korea1638
7Ukraine1073
8Indonesia988
9Viet Nam943
10Argentina774
11Pakistan625
12United States616
13Poland516
14Belarus439
15Colombia391
16Romania350
17Kazakhstan335
18Chile317
19Spain308
20Serbia296
21Philippines256
22Saudi Arabia253
23Germany220
24Peru216
25Morocco195

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China556899
2Taiwan243573
3Brazil193970
4Russian Federation92351
5United States91660
6India86549
7France67563
8Colombia62517
9Indonesia34684
10Germany34366
11Thailand31767
12Mexico31042
13Ukraine30977
14Poland25883
15South Korea24982
16Iran23624
17Argentina23285
18Italy19292
19Philippines18619
20Kazakhstan16441
21Canada16370
22Singapore16190
23Chile16117
24Viet Nam12880
25Hong Kong12554

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

RankCountryrecipient count of blocked spams
1China14265994
2Taiwan6720196
3Brazil6655135
4United States3162593
5Russian Federation3129275
6India2961235
7France2356125
8Colombia2144002
9Germany1186905
10Indonesia1164338
11Mexico1079780
12Thailand1062320
13Ukraine1047584
14Poland841282
15South Korea836183
16Iran797950
17Argentina790602
18Italy670122
19Philippines649631
20Singapore565605
21Canada556573
22Kazakhstan553643
23Chile551695
24Hong Kong435970
25Japan430650

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET6077
2CHINANET-GD4961
3BSNLNET2415
4UNICOM-HA2408
5CTTNET2051
6UNICOM-GD1515
7KORNET-KR884
8CRTC858
9UNICOM-BJ668
10VNPT-VNNIC-VN595
11PTCL569
12CHINANET-JS553
13TELKOMNET471
14RCOM442
15UKRTELNET430
16BHARTI-IN406
17AR-TEAR7-LACNIC403
18002.558.134/0001-58383
19BY-BELPAK-20091210358
20000.065.376/0002-65324
21TATACOMM-IN300
22002.558.157/0001-62275
23MTNLISP254
24076.535.764/0326-90224
25CHINANET-SH192

The top 25 networks (as found in WHOIS), ordered by number of blocked spams are:

RankNetwork# of blocked spams
1HINET-NET228134
2CHINANET-ZJ-WZ116289
3CHINANET-GD50592
4UNICOM-GD47502
5CO-ACSA-LACNIC42253
6CHINANET-ZJ40865
7CHINANET-JS35032
8OVH31998
9000.065.376/0002-6530078
10UNICOM-SD29891
11FR-OVH-2006092029071
12033.530.486/0001-2927686
13003.420.926/0002-0526243
14RCOM17325
15TATACOMM-IN15364
16002.558.157/0001-6215303
17BSNLNET15245
18004.027.547/0001-3114157
19002.558.134/0001-5813966
20UNICOM-HA12935
21TELKOMNET12074
22THAINET-TH11988
23CHINANET-JX11858
24CHINANET-AH10690
25CHINANET-SH10367

The top 25 networks (as found in WHOIS), ordered by recipient count of blocked spams are:

RankNetworkrecipient count of blocked spams
1HINET-NET6263385
2CHINANET-ZJ-WZ1782063
3CO-ACSA-LACNIC1473929
4CHINANET-GD1380910
5CHINANET-JS1185468
6OVH1119645
7000.065.376/0002-651043476
8FR-OVH-200609201014718
9UNICOM-SD967811
10033.530.486/0001-29956293
11CHINANET-ZJ945880
12003.420.926/0002-05903726
13RCOM597857
14TATACOMM-IN532914
15002.558.157/0001-62521188
16BSNLNET516173
17004.027.547/0001-31489296
18002.558.134/0001-58478172
19UNICOM-HA418453
20TELKOMNET414404
21THAINET-TH410271
22CHINANET-JX390436
23CHINANET-AH373580
24CHINANET-SH354330
25IT-IUNET-961209352398

No comments:

Post a Comment