Malcode and DDoS Locations: May 2008
We’ve been very busy here in the offices, especially after a week or so away in Asia. Here’s some quick stats for May, 2008. It’s interesting to see who is hosting the malware and the attack botnets.
First up, a set of major malcode distribution points for May, 2008, by country, ASN, and even by IP address. No great surprises here.
Next, who are hosting the DDoS attack botnets (these are the controlling servers, NOT the attacking bots). This is the number of attacks commanded by hour by server country or ASN.
Finally, because we’re tracking DDoS commands, we can see who are receiving the DDoS attacks. Not that we see a lot of intra-country attacks (e.g. US to US).
UPDATE Did some additional data analysis of the top malcode locations to screen out a few false positives. Note that the top ASNs and IPs change.