Custom Search

Thursday, January 19, 2012

Botnet Statistics [2012-01-18]

What's going on? I haven't heard about any major malware infection lately, but more than 7,400 bots were detected yesterday, most of which were identified by greylisting. Even with more than 300 malware-infected computers, Longtime champion China falls to number 6. The new king is Indonesia, with 928 bots there. And it's much harder to enter into top 10. Brazil, at number 10, has 239 bots.

Update: this sudden increase of spam sending IPs might have something to do with this. According to BBC, a flaw in McAfee's software "Rumor Service" makes affected machines act as open relays, thus could be abused to send spam mail.

detection period: 2012-01-18 00:00-23:59 UTC
total number of suspected botnet IPs: 7407
number of botnet IPs notified to network operators: 5301
number of spam blocked: 4981
recipient count of spam blocked: 150949

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1MTNLISP331
2PTCL302
3HINET-NET272
4KORNET-KR263
5TELKOMNET246
6BSNLNET156
7BY-BELPAK-20091210152
8VNPT-VNNIC-VN147
9PE-PETD2-LACNIC93
10PE-TPSA-LACNIC71

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Indonesia928
2India813
3Russian Federation545
4South Korea440
5Pakistan358
6China331
7Peru323
8Taiwan315
9Poland298
10Brazil239

No comments:

Post a Comment