Festi botnet in July 2012 U.S. Medical SpamRankings.net from CBL

AS 122 U-PGH-NET-AS The curve that took University of Pittsburgh Medical Center‘s AS 122 U-PGH-NET-AS to number one in the July 2012 U.S. SpamRankings.net from CBL data is almost completely explained by Festi botnet, except for one day, plus the small curve at the beginning of the month was apparently caused by Grum botnet.

AS 17311 ECMC-BGP was infested with Festi (blue curve on the right) at the same time as AS 122, and AS 17311 earlier had a Cutwail botnet

problem (lower green curve on the left). Cleveland Clinic’s AS 22093 CCF-NETWORK had a Festi problem (blue curve on the left) and then some unknown botnet infestation (red curve in the middle). Englewood Hospital’s AS 17344 ENGLEWD-AS had a Cutwail problem (upper green curve) the same time as Erie County’s AS 17311 ECMC-BGP did.

Top 4 ASNs

Is there an increasing botnet problem at big hospitals?

-jsq