[nsp-sec] Daily Reports Summary for week ending 2011-11-21
Tim Wilde
twilde at cymru.com
Mon Nov 21 09:47:42 EST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Good morning everyone!
Immediately below you will find the weekly summary of Daily Reports /
ASN Alerts submissions for the week ending 21 NOV 2011.
CURRENT WEEK'S DATA PREVIOUS WEEK
report UniqueIPs Change ASNs bogon noroute UniqueIPs ASNs
- ------ ------------------------------------------ -----------------
Beagle 2,291 + 1.6% 247 0 0 2,255 238
Bots 2,940,792 + 15.7% 11056 1807 2786 2,542,242 10913
Bruteforce 521 - 12.3% 302 0 0 594 310
Ddosreport 554 - 37.3% 278 1 1 884 373
Fastflux 0 NaN 0 0 0 0 0
Flowbots 285 - 9.8% 78 1 1 316 89
Malwareurl 12,503 + 52.4% 1996 1 4 8,206 1570
Nachi 1,535 - 1.9% 308 10 10 1,565 307
Openresolvers 700,714 + 0.6% 10345 0 19 696,577 10428
Phishing 1,542 + 5.5% 528 3 3 1,462 494
Proxy 428 + 1.9% 225 0 0 420 220
Routers 303 + 72.2% 63 0 1 176 52
Scanners 19,056 + 2.0% 3009 7 11 18,686 3079
Slammer 238 +100.0% 114 2 2 119 66
Spam 5,390,772 + 4.9% 11722 0 1236 5,139,223 11275
Spreaders 625 + 9.3% 186 0 0 572 184
Stormworm 1,318 + 4.2% 289 0 0 1,265 310
TOTALS 8,880,837 + 7.6% 17122 1826 3579 8,249,959 16850
Bots totals continue high due to DNSChanger malware data coming in.
We'd be particularly interested in feedback about this particular
data; are you getting too many records of mtype DNSChanger for each
IP, not enough records for each IP, or just right? We can adjust the
sampling rate if there's a consensus one way or the other. Also note
that the FBI has provided resources to which you can direct your
customers for these DNSChanger infections:
http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911
https://forms.fbi.gov/dnsmalware
They have particularly asked that folks fill out the victim report
form (the second of those two links) to help with building the case
against the individuals involved in this malware infection.
For information regarding these projects please visit our website at:
<https://www.cymru.com/nsp-sec/ASN-Alert/>
<https://www.cymru.com/nsp-sec/dailyreports/>
Please note that the nsp-security section on our website is
password-protected. Your nsp-sec mailing list username and password
can be used to access these pages. If you have problems logging in
please verify your account information at:
<http://www.nsp-security.org/>
Team Cymru couldn't provide our services without the generous
donations and support from a great community of folks. We always
welcome feedback regarding the daily reports or any of our services.
Technical questions regarding reports, data, etc, can be sent to
support at cymru.com, more general communications to team-cymru at cymru.com.
Thank you for your continued support!
Regards,
Tim Wilde
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-847-378-3333 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAk7KZI4ACgkQluRbRini9thsfwCcD/ClIv5bhQw2xGTu76IdKkbY
SyYAn1zMKW7KP8PkTzzG7JJ9A7SWF5bq
=gWQz
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list