Monthly Archives: August 2012

John Quarterman on Mapping Spam and Politics (audio)

At a meeting on a completely different subject, I was interviewed about SpamRankings.net. Here's the audio, and here's the blurb they supplied:

John S. Quarterman, long time Internet denizen, wrote one of the seminal books about networking prior to the commercialization of the Internet. He co-founded the first Internet consulting firm in Texas (TIC) in 1986, and co-founded one of the first ISPs in Austin (Zilker Internet Park, since sold to Jump Point). He was a founder of TISPA, the Texas ISP Association. Quarterman was born and raised in Lowndes County, where he married his wife Gretchen. They live on the same land where he grew up, and participate in local community and government.

Quarterman took some time during Georgia River Network's Weekend for Rivers to speak with the Nonprofit Snapshot about spam-mapping and small town politics.

More about Elinor Ostrom's Nobel-prize-winning work on organizing the commons, and how that applies to SpamRankings.net.

The water organization has since been incorporated as the Georgia non-profit WWALS Watershed Coalition:

WWALS is an advocacy organization working for watershed conservation of the Willacoochee, Withlacoochee, Alapaha, and Little River Systems watershed in south Georgia and north Florida through awareness, environmental monitoring, and citizen advocacy.

-jsq

eHealth Ontario tops worldwide medical spammers SpamRankings.net

Joining the festival of the Festi botnet, eHealth Ontario’s AS 21992 SSHA-ONE-ASN made #1 in the July 2012 worldwide medical spam SpamRankings.net from CBL data, the first Canadian organization to do that. The same ASN did make #2 back in November 2011 and #5 in June 2011.

2011
Mar		 Apr May Jun Jul Aug Sep Oct Nov Dec 2012
Jan		 Feb Mar Apr May Jun Jul
9 7 41 5 6 41 6 5 2 7 41 43 42 41 41 6 1

The blue dotted line indicates spam from Festi, which, as you can see, tracks pretty closely with total spam seen from AS 21992.

eHealth Ontario infested by Festi botnet

Is it a Festi epidemic?

-jsq

Festi botnet in July 2012 U.S. Medical SpamRankings.net from CBL

AS 122 U-PGH-NET-AS The curve that took University of Pittsburgh Medical Center‘s AS 122 U-PGH-NET-AS to number one in the July 2012 U.S. SpamRankings.net from CBL data is almost completely explained by Festi botnet, except for one day, plus the small curve at the beginning of the month was apparently caused by Grum botnet.

AS 17311 ECMC-BGP was infested with Festi (blue curve on the right) at the same time as AS 122, and AS 17311 earlier had a Cutwail botnet

Continue reading

Pittsburgh back in the top 10 for spam from U.S. medical organizations

And this time it's #1 in the July 2012 U.S. SpamRankings.net from CBL data:

AS 122 U-PGH-NET-AS in the same ranking over time:

2011
Mar 		Apr May Jun Jul Aug Sep Oct Nov Dec 2012
Jan 		Feb Mar Apr May Jun Jul
34 32 32 8 31 8 4 29 32 33 30 32 29 6 5 9 1

University of Pittsburgh Medical Center's AS 122 U-PGH-NET-AS and Erie County Medical Center's AS 17311 ECMC-BGP not only took #1 and #2, they also spammed longer than other medical ASNs. That jumped them up 8 ranks each in one month.

-jsq

WIN finally got the no medical spam memo in March 2012

There’s a new development since we summarized A Year of SpamRankings.net: Medical Organizations. Chronic spamming medical organization WIN of Belgium finally dropped out of the July 2012 top 10 with its 9208 ASN, as you can see in the chronic ranking compilation:

Date:2011
Mar		 Apr May Jun Jul Aug Sep Oct Nov Dec 2012
Jan		 Feb Mar Apr May Jun Jul
Volume 26,737 33,000 10,851 31,183 33,930 48,342 13,454 5,992 16,838 32,058 10,272 15,273 7,331 693 270 329 21
Rank 1 2 1 2 1 1 1 1 1 1 1 1 1 2 5 3 11

It looks like WIN finally got the memo in March 2012 and has been improving since then.

Congratulations, WIN!

WIN finally went to zero

-jsq

Festi botnet infesting the world, July 2012

Autonomous Systems (ASes) infested with Festi botnet spammed more than any others worldwide, pushing whole new countries such as Saudi Arabia and Turkey into the top of the top 20 countries in the July SpamRankings.net, and pushing India to number 1 worldwide. . Here we look at the top 10 ASes infested by Festi.

Taking off like a rocket was SaidiNet's AS 25019 SAUDINETSTC-AS of Saudi Arabia. Rising almost as fast was National Internet Backbone's AS 9829 BSNL-NIB of India. Also on an upwards path was academic network AS 8386 KOCNET of Turkey.

Linear Top 10 ASNs with Festi botnet

Linear Top 10 ASNs with Festi botnet
Chart by John S. Quarterman for SpamRankings.net.

Maybe already peaked were AS 24560 AIRTELBROADBAND-AS-AP – Bharti Airtel Ltd. AS 9121 TTNET – TTnet AS AS 17813 MTNL-AP – Mahanagar Telephone Nigam Ltd. and AS 18101 RIL-IDC – Reliance Infocom Ltd Internet Data Centre

We will examine Festi more in later blog posts.

-jsq