[nsp-sec] Daily Reports Summary for week ending 2011-04-18

[Tim Wilde]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good morning all!

Immediately below you will find the weekly summary of Daily Reports /
ASN Alerts submissions for the week ending 18 APR 2011.

                       CURRENT WEEK'S DATA               PREVIOUS WEEK

report       UniqueIPs   Change  ASNs  bogon  noroute    UniqueIPs  ASNs
- ------     ------------------------------------------  -----------------
Beagle           2,884  -  4.0%   265      0        0        3,005   263
Bots         1,782,866  + 49.6% 10994      0       30    1,191,479  9215
Bruteforce         345  + 22.8%   194      0        0          281   179
Ddosreport       1,132  +  2.2%   441      3        6        1,108   430
Fastflux         1,093  - 63.7%   236      0        0        3,015   426
Flowbots             0  -100.0%     0      0        0            1     1
Malwareurl      14,930  - 10.3%  2070      1        1       16,649  2169
Nachi            1,802  -  0.9%   331     15       16        1,819   337
Openresolvers  667,762  -  3.1% 10049      0       11      689,099 10056
Phatbot            594  +  1.2%   197      0        0          587   171
Phishing         1,532  + 10.9%   555      2        2        1,381   510
Proxy           21,192  + 10.0%  1677      0        2       19,261  1816
Routers            258  -  9.8%    50      0        0          286    63
Scanners        36,577  -  9.1%  3337      1        4       40,219  3736
Slammer            199  +342.2%    90      0        0           45    28
Spam         5,758,378  - 13.1% 11293      0      571    6,627,279 13614
Spreaders          825  + 17.2%   274      0        0          704   221
Stormworm        3,079  -  7.3%   459      0        0        3,320   471

TOTALS       8,095,455  -  4.0% 16716     19      640    8,436,880 17286

The drop in spam and surge in bots this week is more an artifact of some
data being reclassified than actual major shifts in those two
categories; the overall change of 4% helps show that we didn't actually
have a huge increase or decrease, just keeping on keeping on.

Please note that there are some new family names being included in the
bots report; the bots report page is NOT intended to list all possible
family names, but rather only those that we feel require additional
explanation.  If it's not listed there, odds are it's intended that the
name represent a commonly known family name that should be relatively
easy to find in your search engine of choice.

That said, you're always welcome to ask us for more information, and
especially to report possible false positives, as we're constantly
evaluating and re-evaluating all of our data sources for the
appropriateness of their inclusion, and your feedback is the best way
for us to do that!

For information regarding these projects please visit our website at:

	<https://www.cymru.com/nsp-sec/ASN-Alert/>
	<https://www.cymru.com/nsp-sec/dailyreports/>

Please note that the nsp-security section on our website is
password-protected.  Your nsp-sec mailing list username and password can
be used to access these pages.  If you have problems logging in please
verify your account information at:

	<http://www.nsp-security.org/>

Team Cymru couldn't provide our services without the generous donations
and support from a great community of folks.  We always welcome feedback
regarding the daily reports or any of our services.  Please feel free to
send questions, comments or concerns to us at team-cymru at cymru.com.

Thank you for your continued support!

Regards,
Tim Wilde

- -- 
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAk2sQLAACgkQluRbRini9tgcNwCffP6IP33kra/g+yacEnVGCaDb
3TEAnjDYGuklkAYQaVUHE8yMhI66UKQp
=YNnz
-----END PGP SIGNATURE-----