Custom Search

Wednesday, April 7, 2010

Botnet Statistics [2010-04-06]

A network named RITELE have been staying on my botnet charts for several weeks. After looking up for its WHOIS data, why it is staying there is beyond me. That particular network is composed of 2 class B networks, and belongs to Research Institution of Telecom in Beijing, China.

Although I could not find their website, an organization with such name (Research? Telecom?) should be very good at securing their computers. It is very unusual to let hundreds of their computers participate in spam runs for so long. Did I notify the wrong contact? I don't think so, because it is CNCERT who I notify of most bots in China.

detection period: 2010-04-06 00:00-23:59 UTC
total number of suspected botnet IPs: 2827
number of botnet IPs notified to network operators: 2599
number of blocked spams: 101451
recipient count of blocked spams: 1747767

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1293
2RITELE357
3BSNLNET148
4002.558.157/0001-6251
5AR-TEAR7-LACNIC45
6UNICOM-SD26
7RCOM26
8076.535.764/0326-9026
9TATACOMM-IN25
10HATHWAY-NET24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1Taiwan1306
2China623
3India244
4Brazil234
5Argentina89
6Russian Federation52
7United States33
8Indonesia25
9Ukraine19
10Colombia19

No comments:

Post a Comment