Botnets behind the late-month upswings in Belgium in the September 2012

Congratulations to Belgacom, Mobistar, Uganda Uganda-Telecom and BASE Belgium for improving in the September 2012 for Belgium Belgium from CBL data! But what’s behind Brutele and Mobistar and Gateway getting worse at the end of the month? And what about Teledis, which is worse over the whole month, but better at the end?

For AS 12392 ASBRUTELE, the problem the whole month is Lethic botnet with a little Festi:

Brutele: AS 12392

For Mobistar’s AS 12493, the problem at the end of the month is Lethic with more than a little Festi. Plus AS 12493 had a Maazben problem in the middle of the month.

Mobistar: AS 12493

For Gateway’s AS 25395, the problem is much more mixed, with some Festi, Cutwail, Lethic, Zeus, and various others.

Gateway: AS 25395

For AS 41451 TELEDIS-AS the problem is Festi botnet:

Teledis: AS 41451

Graphs by John S. Quarterman

So the two ASNs with the most similar behavior (Brutele’s AS 12392 and Mobistar’s AS 12493) were infested with the same botnet: Lethic, and had the same secondary botnet infection: Festi.