X
Tech

Verizon, Telecom Italia, and Brasil Telecom top the botnet charts in Q2 of 2008

When was the last time you heard something in the lines of "We do our best to protect our customers from the threats posed by..." ?
Written by Dancho Danchev, Contributor

When was the last time you heard something in the lines of "We do our best to protect our customers from the threats posed by..." ? In reality though, the statement should end up like "protect our customers from the threats posed by the rest of our customers". China may be hosting most of the web sites spreading malware in one way or another, but if we're to consider the micro environment, the ISPs found to be hosting the most malware infected hosts on a per country basis during the last 30 days, are always worth pointing out.

Commtouch's recently released "Second Quarter 2008 Email Threats Trend Report" states that according to their sensors network :

"At the end of Q2, Turkey had moved into first place for the highest number of zombies (11% of all zombies worldwide), followed closely behind by Brazil and Russia with 8.4% and 7.4% respectively. Interestingly, the United States has fallen into ninth place, with only 4.3% of all zombies, compared to 5% in Q1 2008."

Wonder which ISPs were hosting the most malware infected hosts in Q2 of 2008?

"1 - ttnet.net.tr - 1,807,935 2 - telecomitalia.it - 1,219,940 3 - tpnet.pl - 1,162,406 4 - 163data.com.cn - 754,466 5 - telesp.net.br - 696,961 6 - asianet.co.th - 647,778 7 - brasiltelecom.net.br - 646,979 8 - verizon.net - 556,040 9 - speedy.net.pe - 564,599 10 - etb.net.co - 561,531"

This sample demonstrates the true international diversity of ISPs who manage botnet infrastructures for malware authors due to their inability to deal with already malware infected users, or the lack of incentives in the form of enforced legislation for them to do so. The numbers should be taken as very conservative mostly because of the fact that they are based on a single vendor's sensor network, and therefore, if more vendors exchange data and remove the duplicates, the numbers are prone to increase. And with botnet masters continuing to abuse an Internet Service Provider's infrastructure in between degrading the quality of the service for all the customers, it's no suprise that 76.5% of email sent globally in June was spam, with Switzerland as the most spammed country in the world. Theoretically, the spam and phishing emails a malware infected user receive, may in fact be coming straight from his own malware infected PC abused for the purpose of sending out scams, even locally hosting them.

The bottom line - should a country be blamed for neglecting its obligation to enforce local ISPs to "save their customers from themselves", or it's in fact the ISPs that should be named and shamed for maintaining botnet infrastructures on their networks as often as possible?

Editorial standards