We’ve seen that botnets Kelihos and Maazben account for most of the spam seen from the entirely-new worldwide top 10 in the October 2012 Kelihos rampage. What about a specific country? The U.S. top 10 are also entirely new (since last month): are all those U.S. ASNs ranked like that because of the Kelihos rampage? Two clues indicate yes: the shapes of the U.S. curves are very similar to those of the worldwide rankings, and the U.S. top 3 are in the worldwide top 10. But what about the rest of the U.S. top 10? Let’s drill down to botnets in U.S. October 2012 SpamRankings.net from CBL data:
We can see 9 out of the U.S. top 10 are there mostly because of Maazben or Kelihos, often alternating for the same ASN, in the same pattern as for the worldwide top 10. So yes, 9 are in the U.S. top 10 because of the Kelihos rampage.
The one exception is U.S. #10, AS 6428 CDM, which we’ve seen snowshoe itself to the top of the world rankings for May 2012, so it’s not surprising that CDM still has snowshoe problems.
This time CDM seems to have recovered pretty quickly, actually.