June 2007 DA Botnet Command and Control
The drone army (DA) research group surveys, conducted during random time intervals over the past 6 months, associated 3724 unique, apparently active hosts, which were, in some manner, associated with a suspect C&C domain. Naturally, any such association contains peculiarities of measurement such as false positives and attempted "Joe-Jobs" against legitimate hosts. None-the-less, the association is of some interest (probably only to crusty academics) in that unique IP counts combined with DA's monthly rankings reveal a more precise, and likely truer, picture of C&C network demographics. The DA monthly rankings, located on <http://isotf.org/ccreport.html> includes duplicate host reports resulting from multiple domains and ports mapping to a single host. This host duplication tends to inflate estimated host counts within a network. Comparing the "Open" count for a network contained in DA report "Top 20 ASNes by Total suspect domains" with the Uniq IP count contained in the included "Top Forty Unique IP" list should give a better indication of the overall effectiveness of the success of the network's C&C removal efforts. Top forty Unique IP counts within Autonomous System: ASN Uniq IPs Responsible Party 30058 113 FDCSERVERS - FDC Servers.net 25761 86 STAMINUS-COMM - Staminus Communications 23522 85 IPNAP-ES - Ecomdevel (CIT-FOONET) 19318 78 NJIIX-AS-1 - NEW JERSEY INTERN 4837 72 CHINA169-Backbone 4766 69 KIXS-AS-KR Korea Telecom 4134 66 CHINANET-BACKBONE No.31 13301 63 UNITEDCOLO-AS Autonomous System of unitedcolo.de 7132 59 SBC Internet Services 24989 47 IXEUROPE-DE-FRANKFURT-ASN IX Europe Germany AS NA** 43 (No applicable network - Mitigation Address space) 3462 39 HINET Data Communication Business Group 12832 39 LYCOS-EUROPE Lycos Europe GmbH 9318 36 HANARO-AS Hanaro Telecom Inc. 3320 33 DTAG Deutsche Telekom AG 14779 33 INKTOMI-LAWSON - Inktomi Corporation 28753 32 NETDIRECT AS NETDIRECT Frankfurt 8560 31 ONEANDONE-AS 1&1 Internet AG 9121 31 TTNET TTnet Autonomous System 35916 27 Multa 577 26 BACOM - Bell Canada 16265 26 OCOM OCOM AS 3786 25 LGDACOM LG DACOM Corporation 8972 23 INTERGENIA-ASN intergenia autonomous system 14780 21 INKTOMI-LAWSON - Inktomi Corporation 20115 21 CHARTER-NET-HKY-NC - Charter Communications 8376 20 GO-JOR Autonomous System 36420 20 ev1.net 174 19 COGENT Cogent/PSI 3269 19 ASN-IBSNAZ TELECOM ITALIA 10316 19 ABACUS-NET-AS - Abacus America Inc. 22927 19 Telefonica de Argentina 31103 19 KEYWEB-AS Keyweb AG 1668 18 AOL-ATDN - AOL Transit Data Network 2119 18 TELENOR-NEXTEL T.net 3561 18 SAVVIS - Savvis 9155 18 QualityNet AS number 9800 18 UNICOM CHINA UNICOM 19262 18 Verizon Internet Services 1659 17 ERX-TANET-ASN1 Tiawan Academic Network (TANet) Best regards Randy Vaughn gadi evron Randy_Vaughn (at) baylor.edu ge (at) linuxbox.org
participants (1)
-
c2report@isotf.org