About a month ago the Spamhaus Project added several new lists to its Top-10 Worst pages. These are in addition to our existing Top-10 lists: Worst spammers, spammer hosting nations and spammer hosting Internet Service Providers (ISPs).
Every second of every hour of every day Spamhaus collects a vast quantity of real-time threat intelligence from around the globe. We analyze and use this data to produce the data sets that protect billions of users from spam and other attack threats. To better show where the largest numbers of botnet-related threats of all types are located, we have added the following three lists:
- The World’s Worst Botnet Countries. Countries in this list have the highest number of detected spam-bots as listed in the Spamhaus XBL zone. Most bots are used for spam, phishing, click-fraud, DDoS and other malicious activities
- The World’s Worst Botnet ISPs. Internet Service Providers in this list have the highest number of detected spam-bots as listed in the Spamhaus XBL zone
- The World’s Worst Botnet ASNs. Autonomous System Numbers (ASNs) in this chart have the highest number of detected spam-bots as listed in the Spamhaus XBL
The size of the problem
Many issues may contribute to to a country’s bot density, including technical, policy and socioeconomic factors. Currently, fifty percent of the countries with the worst botnet infestations are in Asia, where good anti-virus software is less available and ISP best practices such as outbound port-25 management (.pdf) or filtering has not yet been widely implemented. Vietnam, India and China lead the way each with over 1,000,000 systems detected running spam-bots. The sheer numbers of botnet-infected personal computers in these countries is staggering. What can be more staggering is when one computes the per-capita infection rates
It always surprises and somewhat saddened us to still see western nations in the worst list. This time we see the USA in at #8 and Italy at #10 with around a quarter of a million IP addresses identified.
Ever growing numbers in Russia
In fourth place is a nation that straddles Asia and Europe: Russia. With almost 600,000 compromised computers running malware.
It holds a unique position in botnet issues. Five to ten years ago, when big botnets first appeared, the predominantly Russian based cybercriminals that operated them attacked other countries but left their own nation’s citizens alone. This changed some time ago; now managing botnets is all about the money to be made from cybercrime. The criminals who run botnets in Russia have seen that, as in other nations, there is nearly no enforcement of laws against cybercrime, so they attack everybody without regard for where they live.
Some Russian citizens (who presumably were not well informed about botnets) even hailed Russian ”GameOver Zeus” botmaster Evgeniy Mikhailovich Bogachev (for whom the US FBI has offered a $3-million reward-for-capture) as a sort of a hero for “liberating” money from Europeans and N.Americans. He was no hero. Our data showed that the ”GameOver Zeus” malware had infected tens of thousands of Russian citizens’ computers, whose hard-earned money was stolen by these same cybercriminals.
Service providers & networks
The majority of ISPs with the worst botnet problems are also in Asia. The reasons why are much the same as outlined above. These companies allow a large number of malware-infected computers belonging to their users to remain infected, remain connected to their network, and attack other networks and computers. As this article is being written, one Vietnamese ISP has over a million infected computers. We hope that these ISPs, seeing their names on this list, might make changes in their policies and practices so that they do not continue to contribute materially to the crimes committed by botnet owners.
The third list covers Autonomous System Numbers, another way of viewing this issue. An ASN is a collection of IP address ranges that are under the control of a single administrative entity or network (usually a large company, ISP, or government).
The arrival of the Internet brought new freedoms to people all over the world. Civilized society has rules which prohibit people and companies from releasing toxic waste into the environment, where it harms other people and damages a common resource that belongs to us all. Society also needs rules which prohibit people and companies from operating malware-infected computers on the Internet, for the same reasons. The Internet is a common resource. Individual people and companies do not have the right to damage a resource that is held in common and can be used by all. Although Spamhaus can provide the data to help protect your network from this damage, until the companies that provide Internet access and the end users themselves start “stepping-up” and taking responsibility for their online actions, the botnet plague will remain with us.