Monthly Archives: December 2012

A Field Quasi-Experiment @ ICIS 2012

Project participant Qian Tang presented at ICIS 2012 in Orlando, FL, 14 December 2012, a paper about comparisons of eight countries, in pairs, one of each pair ranked on and the other not. Statistical results indicate the rankings changed organizational spamming behavior.

Qian Tang, Leigh Linden, John S. Quarterman, and Andrew Whinston, Reputation as Public Policy for Internet Security: A Field Quasi-Experiment,

Abstract: Cybersecurity is a national priority in this big data era. Because of the lack of incentives and the existence of negative externality, companies often underinvest in addressing security risks and accidents, despite government and industry recommendations. In the present article, we propose a method that utilizes reputation through information disclosure to motivate companies to behave pro-socially, improving their Internet security. Using outbound spam as a proxy for Internet security, we conducted a quasi-experimental field study for eight countries through This outgoing-spam-based study shows that information disclosure on outgoing spam can help reduce outgoing spam, approximately by 16 percent. This finding suggests that information disclosure can be leveraged to encourage companies to reduce security threats. It also provides support for public policies that require mandatory reporting from organizations and offers implications for evaluating and executing such policies.

What is ICIS 2012?

Continue reading

Vital Turkey, November 2012

November 2012 Turkey from CBL data Even while spamming a lot less, AS 44565 VITAL still placed #1 again for spewing spam from Turkey Turkey in the November 2012 from CBL data. Even as Vital got a handle on its Kelihos problem, AS 8386 KOCNET improved twice. Maybe KOCNET is finally getting a grip on its Festi problem. KOCNET’s peak of 0.8 million messages in November is a lot less than its peak of 1.3 million in September, although still far too many.


OVH: Kelihos or darkmailer? November 2012

OVH won again, more than doubling its spam spew of last month! This is in the November 2012 November 2012 Belgium from CBL data from CBL data. Is that 407,726,779 spam messages in a single month a record? Last month it was Kelihos. This month it looks like darkmailer.


Turkey and Kelihos botnet rampage, October 2012

Turkey Turkey, like Belgium, Canada, U.S., and the world, has a Kelihos rampage problem in October 2012 Turkey from CBL data from CBL data for October 2012.

New Turkish #1 spammer AS 44565 VITAL TEKNOLOJI shows all the signs: rapidly increasing spamming and both Maazben and Kelihos botnets.


The other new Turkish top 10 ASNs, AS 42868 NIOBE AS 44922 MEDYABIM-AS, AS 12599 ATLAS-AS AS 49632 DATATELEKOM and AS 12987 OMURGA, all show lesser but still distinctive signs of the Kelihos rampage, namely Maazben botnet plus other unknown botnets. They all also only surged for a week or two, while Vital continued upwards.


Belgium has a Kelihos problem in October 2012

Belgium Belgium has a Kelihos problem in October 2012 Belgium from CBL data October 2012 Belgium from CBL data from CBL data for October 2012. #1 Mobistar’s AS 12493 and #2 Telenet’s AS 6848 were spewing spam from Kelihos, pushing all the other ASNs down the rankings. Kelihos rampage: it’s not just for north America!

Belgium top botnets October 2012

A few other botnets have a bit of Kelihos, but only the top 2 for Belgium are part of the Kelihos rampage. (Newcomer AS 9031 EDPNET has a Cutwail problem.)