Congratulations to Belgacom, Mobistar, Uganda-Telecom and BASE Belgium for improving in the September 2012 for Belgium from CBL data! But what’s behind Brutele and Mobistar and Gateway getting worse at the end of the month? And what about Teledis, which is worse over the whole month, but better at the end?
For AS 12392 ASBRUTELE, the problem the whole month is Lethic botnet with a little Festi:
For Mobistar’s AS 12493, the problem at the end of the month is Lethic with more than a little Festi. Plus AS 12493 had a Maazben problem in the middle of the month.
For Gateway’s AS 25395, the problem is much more mixed, with some Festi, Cutwail, Lethic, Zeus, and various others.
For AS 41451 TELEDIS-AS the problem is Festi botnet:
Graphs by John S. Quarterman SpamRankings.net.
So the two ASNs with the most similar behavior (Brutele’s AS 12392 and Mobistar’s AS 12493) were infested with the same botnet: Lethic, and had the same secondary botnet infection: Festi.