I pulled together some statistics on my collection of botnet statistics for the period of time between Rustock being shut down and Wednesday, April 6. I wanted to see the distribution of botnets per country – now that Rustock is down, which country has the most botnet infections (as measured by unique IP addresses that send us spam)?
The answer isn’t really that surprising and it is a trend that I have observed for many months. Here are the top five countries for botnet-infected IPs that I was able to identify:
To put this in perspective, the United States is the number one country that sends us spam. It sends ten times more spam than the number two country (Russia). However, the total amount of mail from the US that is marked as spam is only 7%. [Disclaimer: we block a lot of spam at the network edge using IP blocklists. I am not including that data in my calculations]. The US is number six for bot’ted countries on my list and unlike the other countries, the top four botnets of asprox, darkmailer, sendsafe and lethic are all within striking distance of each other. Historically, the US had a lot of Rustock infections. Therefore, with the Rustock shutdown a month ago it is no surprise that we are seeing less spam from there.
One study that would be interesting to do is to compare the type of malware infections in these countries and see if there is any relation to the spambot infections in them. Maybe that’s something I’ll do in my spare time.
Would be nice to identify the zombie OS's -- is XP really bad? Is Win7 better? Are Macs or Linux boxes significantly involved in generating spam? Would national policy of some sort, such as re-installing or banning all of one kind of OS, tend to fix the problem?
What more government control? :) XP isn't bad if you know what you are doing. I'd had XP on my main machine since it came out. I have good surfing habits. When I purposely click on a spam link I use NoScript on Firefox. I use Webroot Spysweeper with AV, SuperAntiSpyware, and WinPatrol in real time to catch anything that may accidentally come in.