Malcode and DDoS Locations: May 2008
by Jose NazarioWe’ve been very busy here in the offices, especially after a week or so away in Asia. Here’s some quick stats for May, 2008. It’s interesting to see who is hosting the malware and the attack botnets.
First up, a set of major malcode distribution points for May, 2008, by country, ASN, and even by IP address. No great surprises here.
Next, who are hosting the DDoS attack botnets (these are the controlling servers, NOT the attacking bots). This is the number of attacks commanded by hour by server country or ASN.
Finally, because we’re tracking DDoS commands, we can see who are receiving the DDoS attacks. Not that we see a lot of intra-country attacks (e.g. US to US).
UPDATE Did some additional data analysis of the top malcode locations to screen out a few false positives. Note that the top ASNs and IPs change.
I’m sure there is interesting data underneath this, but this has to be a shining example of why pie charts should not be used for data communication. [1]
From the first graph we guess roughly guess that China and the US are the same…but by how much? Exactly? Slightly more for China? Or slightly less? And how much of the total, 66% How am I supposed to visually convert the area of a circle into a percentage (or better yet, the raw numbers ). The smaller data points, like NL, UA, IT, etc., are invisible - are they responsible for 3%, 1%, or .0005% of the traffic? There’s no way to tell!
I’m a professional in the computer security field. I can handle numbers. Why not provide tables with the numbers? Use a bar chart if you must, but pie charts just aren’t helpful.
[1] Exception: http://craphound.com/images/pacmancharthumor.jpg