[nsp-sec] Daily Reports Summary for week ending 2010-06-21

Tim Wilde twilde at cymru.com
Mon Jun 21 13:23:19 EDT 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings, Everyone!

Big spike in ssh brute force this week, as observed by several folks in
some threads, I've seen the same big increase on both my personal system
on a Verizon FIOS residential connection and a personal VPS out in the
wild green yonder, so they're scanning pretty far and wide.  Fun times
abound!  Thanks to all who've submitted, as a reminder, for the
bruteforce category in particular, all are welcome to submit, guidelines
can be found here:

	<https://www.cymru.com/nsp-sec/dailyreports/bruteforce.html>

Below is the weekly summary of ASN Alert/Daily Reports submissions for
the week ending 21 JUN 2010.  For information regarding these projects
please visit our website at:

	<https://www.cymru.com/nsp-sec/ASN-Alert/>
	<https://www.cymru.com/nsp-sec/dailyreports/>

Please note that the nsp-security section on our website is
password-protected.  Your nsp-sec mailing list username and password can
be used to access these pages.  If you have problems logging in please
verify your account information at:

	<http://www.nsp-security.org/>

Team Cymru couldn't provide our services without the generous donations
and support from a great community of folks.  We always welcome feedback
regarding the daily reports or any of our services.  Please feel free to
send questions, comments or concerns to us at team-cymru at cymru.com.

Thank you for your continued support!

Best regards,
Tim

- -- 
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/

                       CURRENT WEEK'S DATA               PREVIOUS WEEK

report       UniqueIPs   Change  ASNs  bogon  noroute    UniqueIPs  ASNs
- ------     ------------------------------------------  -----------------
Beagle           2,000  - 39.9%   237      0        0        3,326   359
Blaster             88  + 39.7%    55      0        0           63    46
Bots         2,926,684  + 63.7% 10907      0      294    1,787,453 10328
Bruteforce       1,632  +309.0%   621      0        0          399   241
Dameware            23  -  8.0%    17      0        0           25    18
Ddosreport       1,349  -  6.3%   537      3        4        1,439   560
Defacement           0    NaN       0      0        0            0     0
Dipnet               6  -  0.0%     6      0        0            6     6
Fastflux         4,692  + 72.5%   406      1        2        2,720   403
Flowbots            21  - 34.4%    11      1        1           32    11
Malwareurl      29,399  -  1.0%  2820      4        6       29,692  2876
Mydoom               8  -  0.0%     3      0        0            8     8
Nachi            2,725  +  0.2%   389      9       12        2,719   387
Openresolvers  997,279  -  2.6% 10574      0       50    1,023,877 10688
Phatbot          1,081  +  1.6%   270      0        0        1,064   267
Phishing         2,062  -  1.3%   731      3        3        2,089   711
Proxy           31,337  - 12.2%  1524      0        8       35,690  1555
Routers            265  + 21.6%    84      0        0          218    80
Scanners         6,194  + 17.7%  1203      0        4        5,264   999
Sinit                7  - 12.5%     6      0        0            8     6
Slammer          1,892  -  3.5%   453      3       24        1,961   468
Spam         7,468,582  -  6.4% 11629      2     1706    7,981,190 11825
Spreaders        3,605  +  2.0%   742      0        2        3,534   669
Stormworm        7,798  -  0.6%   713      0        6        7,845   704
Toxbot           6,402  -  4.2%   453      0        0        6,685   445

TOTALS      11,220,308  +  5.3% 16606     21     2100   10,655,750 16489
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkwfoAcACgkQluRbRini9tjUfgCeOvQKfkX2CdrlAHDOcpDV5SNG
VGUAniWTZrWtVOryZ9u73G7t8R7KUmv5
=h13G
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list