[nsp-sec] Daily Reports Weekly Summaries for 18 JUN, 25 JUN, 02 JUL, 09 JUL, and 16 JUL 2012
Tim Wilde
twilde at cymru.com
Tue Jul 17 13:31:15 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings everyone!
Wow have I been lax lately, sorry about that. The extremely high
"noroute" number (and high number in general) in the bots category in
the 25 JUN 2012 week is due to an attack against the DNSChanger
sinkhole that poisoned that data, after which we stopped reporting on
it. That week also reflects an open resolver rescan. Nothing else
hugely out of the ordinary to report!
18 JUN CURRENT WEEK'S DATA PREVIOUS WEEK
report UniqueIPs Change ASNs bogon noroute UniqueIPs ASNs
- ------ ------------------------------------------ -----------------
Beagle 2,856 - 1.0% 235 0 0 2,884 231
Bots 1,414,014 - 16.9% 9253 893 1370 1,701,414 9513
Bruteforce 420 + 4.0% 236 0 0 404 224
Ddosreport 764 + 19.6% 322 1 1 639 284
Fastflux 0 NaN 0 0 0 0 0
Flowbots 260 - 20.7% 43 2 3 328 38
Malwareurl 12,127 + 3.5% 2011 1 1 11,715 1967
Nachi 1,018 - 5.7% 225 4 6 1,079 237
Openresolvers 722,683 - 0.2% 10994 0 80 724,023 11046
Phishing 2,094 + 8.4% 623 2 4 1,931 618
Proxy 156 + 2.6% 87 0 0 152 93
Routers 83 - 17.8% 42 0 0 101 53
Scanners 18,324 - 2.8% 2830 2 8 18,851 2974
Slammer 74 - 8.6% 47 0 0 81 53
Spam 4,962,462 - 14.2% 12767 0 1348 5,781,092 12968
Spreaders 0 NaN 0 0 0 0 0
Stormworm 889 - 3.7% 226 0 0 923 257
TOTALS 7,033,261 - 13.3% 17200 901 2812 8,116,077 17392
25 JUN CURRENT WEEK'S DATA PREVIOUS WEEK
report UniqueIPs Change ASNs bogon noroute UniqueIPs ASNs
- ------ ------------------------------------------ -----------------
Beagle 2,833 - 0.8% 237 0 0 2,856 235
Bots 7,596,514 +437.2% 21246 8097 3329891 1,414,014 9253
Bruteforce 561 + 33.6% 280 0 0 420 236
Ddosreport 392 - 48.7% 208 1 1 764 322
Fastflux 0 NaN 0 0 0 0 0
Flowbots 954 +266.9% 170 6 6 260 43
Malwareurl 13,358 + 10.2% 2162 1 1 12,127 2011
Nachi 1,008 - 1.0% 224 4 4 1,018 225
Openresolver 3,608,878 +399.4% 20173 0 598 722,683 10994
Phishing 2,040 - 2.6% 568 1 3 2,094 623
Proxy 163 + 4.5% 96 0 0 156 87
Routers 108 + 30.1% 61 0 0 83 42
Scanners 19,897 + 8.6% 2978 2 7 18,324 2830
Slammer 40 - 45.9% 28 0 0 74 47
Spam 5,721,109 + 15.3% 12849 2 1832 4,962,462 12767
Spreaders 0 NaN 0 0 0 0 0
Stormworm 889 - 0.0% 223 0 0 889 226
TOTALS 16,808,271 +139.0% 28251 8110 3332329 7,033,261 17200
02 JUL CURRENT WEEK'S DATA PREVIOUS WEEK
report UniqueIPs Change ASNs bogon noroute UniqueIPs ASNs
- ------ ------------------------------------------ -----------------
Beagle 2,950 + 4.1% 239 0 0 2,833 237
Bots 788,202 - 89.6% 8634 198 274 7,596,514 21246
Bruteforce 982 + 75.0% 362 0 0 561 280
Ddosreport 584 + 49.0% 267 3 3 392 208
Fastflux 0 NaN 0 0 0 0 0
Flowbots 1,198 + 25.6% 174 9 9 954 170
Malwareurl 13,125 - 1.7% 2126 1 1 13,358 2162
Nachi 1,053 + 4.5% 229 3 4 1,008 224
Openresolvers 713,559 - 80.2% 10937 0 49 3,608,878 20173
Phishing 1,959 - 4.0% 608 2 3 2,040 568
Proxy 140 - 14.1% 91 0 0 163 96
Routers 112 + 3.7% 64 0 0 108 61
Scanners 24,760 + 24.4% 3184 3 7 19,897 2978
Slammer 26 - 35.0% 19 0 0 40 28
Spam 5,575,969 - 2.5% 13024 1 3226 5,721,109 12849
Spreaders 0 NaN 0 0 0 0 0
Stormworm 776 - 12.7% 217 0 0 889 223
TOTALS 7,054,273 - 58.0% 17310 217 3572 16,808,271 28251
09 JUL CURRENT WEEK'S DATA PREVIOUS WEEK
report UniqueIPs Change ASNs bogon noroute UniqueIPs ASNs
- ------ ------------------------------------------ -----------------
Beagle 1,542 - 47.7% 191 0 0 2,950 239
Bots 662,938 - 15.9% 7276 0 66 788,202 8634
Bruteforce 404 - 58.9% 243 0 1 982 362
Ddosreport 676 + 15.8% 289 1 1 584 267
Fastflux 0 NaN 0 0 0 0 0
Flowbots 915 - 23.6% 176 3 5 1,198 174
Malwareurl 14,424 + 9.9% 2222 2 3 13,125 2126
Nachi 1,015 - 3.6% 217 3 5 1,053 229
Openresolvers 710,072 - 0.5% 10878 0 64 713,559 10937
Phishing 1,919 - 2.0% 572 1 2 1,959 608
Proxy 175 + 25.0% 107 0 0 140 91
Routers 88 - 21.4% 46 0 0 112 64
Scanners 21,169 - 14.5% 3001 3 8 24,760 3184
Slammer 33 + 26.9% 26 0 0 26 19
Spam 6,688,208 + 19.9% 13136 0 1765 5,575,969 13024
Spreaders 0 NaN 0 0 0 0 0
Stormworm 821 + 5.8% 220 0 0 776 217
TOTALS 8,035,362 + 13.9% 17089 12 1917 7,054,273 17310
16 JUL CURRENT WEEK'S DATA PREVIOUS WEEK
report UniqueIPs Change ASNs bogon noroute UniqueIPs ASNs
- ------ ------------------------------------------ -----------------
Beagle 1,619 + 5.0% 224 0 0 1,542 191
Bots 515,114 - 22.3% 6779 0 78 662,938 7276
Bruteforce 403 - 0.2% 223 0 1 404 243
Ddosreport 739 + 9.3% 314 1 1 676 289
Fastflux 0 NaN 0 0 0 0 0
Flowbots 993 + 8.5% 184 8 8 915 176
Malwareurl 14,398 - 0.2% 2245 1 2 14,424 2222
Nachi 982 - 3.3% 226 4 4 1,015 217
Openresolvers 709,816 - 0.0% 10827 0 75 710,072 10878
Phishing 1,878 - 2.1% 603 2 4 1,919 572
Proxy 150 - 14.3% 79 0 0 175 107
Routers 87 - 1.1% 43 0 0 88 46
Scanners 22,216 + 4.9% 2972 1 10 21,169 3001
Slammer 24 - 27.3% 19 0 0 33 26
Spam 3,814,522 - 43.0% 12612 0 1266 6,688,208 13136
Spreaders 0 NaN 0 0 0 0 0
Stormworm 786 - 4.3% 221 0 0 821 220
TOTALS 5,036,188 - 37.3% 16716 16 1446 8,035,362 17089
For information regarding these projects please visit our website at:
<https://www.cymru.com/nsp-sec/ASN-Alert/>
<https://www.cymru.com/nsp-sec/dailyreports/>
Please note that the nsp-security section on our website is
password-protected. Your nsp-sec mailing list username and password
can be used to access these pages. If you have problems logging in
please verify your account information at:
<http://www.nsp-security.org/>
Team Cymru couldn't provide our services without the generous
donations and support from a great community of folks. We always
welcome feedback regarding the daily reports or any of our services.
Technical questions regarding reports, data, false positive reports,
etc, can be sent to support at cymru.com, more general communications to
team-cymru at cymru.com.
Thank you for your continued support!
Regards,
Tim Wilde
- --
Tim Wilde, Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-847-378-3333 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJQBaFjAAoJED1BdOFPDWdbRQ8QALCyVdBDDPiRio5/10p2Tkze
1x0jg4+PtbrKMOR6WWOW4yyXxb4u3ZJRALYAHcHAWobaHAZTSVZ24blfI8D/zN/2
aSQPL+NJm0v8kTEjhX3Ul47Z0d4GujBB/asBVOZddk0ZxWuZS4vXP94Lj8otLJ0m
rt2if+hwLOHjCQcJ2vZAjDjcXyETFDramUfSRrfmImpMDaDPFeoyV+mMaXsTY03d
t0+HWdtQ44zwr8bFo1KGOq9McO2NUVmbQkhOpyR/CZsLO1xqMiLYZaAooQ5vs1bq
QnI8fM0im1838FrbRGXcSm342w7oeGDMBTHHt67/z/p1KhydB52uEH85rBSz3pX9
TLanbBjlX6eDazm3w5k2K++pGtza5E4ALyqj1xZQIQEMEnf/NPolXCXA0HLp17Y2
b29aVOjSbwBbkPA/cvWVcib39d/8gYX5UdSpNPHV32DVNNTWQd43G5wdOvQ98W6e
jkuXpVU3mMBxPwTKODaqvLF5hFJ+njMkiNvH2ZiuwwYbFdpqctNRaqfKfJeroEcq
hGCPWZDCdYexUUzU/T4QPD+DmSWHIgJI9qrabTRmJCrgidk6w6jz80lVf0BvhXhA
d4lnM4KapqdZrYcQpWz9eMlImxxmA8zGfrjXS9kwcN4s+XIv9UrdSUKdhyDj6cNP
k1MAGmCIo6XcEvBzJ6q8
=hs6k
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list