Easyhost's
AS 49512 tripled its spam, sending 97% of the total top 10 spam
in the
January 2013
for
Belgium.
Easyhost did start dropping in the last week.
Nucleus BVBA's
AS 39318 came up from nowhere to #2 with more than a million spam messages,
mostly in the last week.
And
Stone Internet Services'
AS 39234 dropped like a rock, from 9,149 spam messages last month for #8,
to only 2,944 this month and #20.
-jsq
For two months in a row, DorukNet’s AS 8685 has spammed the most
in the
January 2013
for
Turkey from CBL data.
Before that, it was #6 in November 2012 and also #6 April 2011.
In April 2011 the problem was apparently Lethic with a max of 87,852 on 1 April 2011. DorukNet seemed to have a bit of maazben, cutwail, etc. at that time, but very little compared to Lethic.
In November 2012 the problem was apparently Kelihos with a max of 299,873 on 7 November 2012.
This recent DorukNet peak that looks like Mt. Ararat was up to 13,569,282 on 18 January 2013, apparently from darkmailer2. DorukNet is actually improving since that peak, but meanwhile it managed to increase its December spam total of 54,803,032 to 324,544,788 in January 2013.
Continue reading
Most worsened: AS 10297 COLUMBUSNAP
,
from #91 to
#6 worldwide in January 2013.
Most
improved: AS 48347 MTW-AS 
, from #8 to less than 250. Surprise entrant:
AS
8685 DORUKNET .
Still #1 for fourth month: AS 16276 OVH 
.
-jsq
It’s apparently Darkmailer2 month in Canada.
One company got a grip on it, and two got much worse,
in the
December 2012
for
Canada.
AS 7788 MAGMA-COMM,
bought in 2004
by
PRIMUS Telecommunications Group,
peaked in the second week and then got a grip on its darkmailer2 spamming.
AS 11342 PATHWAY
really gave
AS 32613 IWEB-AS a run for its money;
both seem to have a darkmailer2 problem.
Pathway went from 2,871 spam messages seen by CBL in November 2012
to 21,593,775 in December 2012:
that’s 7,521 times.
However, iWeb once again won the spam-spewing month in Canada!
Congratulations to the four dropouts, especially AS 16532 ASB2B2C, which Continue reading
#1 AS 8685
DORUKNET,
#3 AS 42910 SADECEHOSTING-COM,
and #5 AS 34984 TELLCOM-AS
all ran up in the last two weeks,
and all three show darkmailer2.
December 2012
for
Turkey.
DORUKNET sent a third of all top 10 spam from Turkey to rank number 1,
but
SADECEHOSTING-COM wins most worsened, for
jumping up 21 ranks from 24 to 3, by sending
more than 300 times as much spam as the previous month.
#8 AS 39582 GRID and
#9 AS 43391 NETDIREKT-TR
both jumped up 25 ranks, but each managed “only” less than 100 times
as much spam as last month.
AS 44922 MEDYABIM-AS
gets most improved for actually going to zero,
even though it had already spammed enough to keep it at #4.
#6 AS 34619 tried to zero, but got to spamming again.
AS 8386 KOCNET looks like it’s finally getting a grip,
improving from #2 to #7,
sending about a third as many spam messages as the previous month.
Special congratulations to
AS 44565 VITAL
for a huge improvement! Congratulations to Niobe,
Dogan, and Kibris for improving. And boo to
TurkNet
for actually spamming more even though it got pushed down out of the top 10.
-jsq
Good (Konkuk), improving (Cornell), and bad (eHealth)
in the
December 2012
country medical
.
First the good news:
Konkuk University Hospital went from 297 spam messages
last month to zero in
December 2012, removing
Korea from
the
country medical rankings.
Children’s Hospital & Health System
and
THE GOOD SAMARITAN HOSPITAL OF LEBANON PENNSYLVANIA
also went to zero, and
Yale-New Haven Health Services Corporation
and
Sutter Health
dropped enough to fall out of the
world top 10 medical ASNs
emitting spam in
.
Now the apparently bad news that turned good. Continue reading
Project participant
Qian Tang presented at ICIS 2012 in Orlando, FL, 14 December 2012,
a paper about comparisons of eight countries, in pairs,
one of each pair ranked on
and the other not.
Statistical results indicate the rankings changed organizational
spamming behavior.
Qian Tang, Leigh Linden, John S. Quarterman, and Andrew Whinston,
Reputation as Public Policy for Internet Security:
A Field Quasi-Experiment,
Abstract: Cybersecurity is a national priority in this big data era. Because of the lack of incentives and the existence of negative externality, companies often underinvest in addressing security risks and accidents, despite government and industry recommendations. In the present article, we propose a method that utilizes reputation through information disclosure to motivate companies to behave pro-socially, improving their Internet security. Using outbound spam as a proxy for Internet security, we conducted a quasi-experimental field study for eight countries through SpamRankings.net. This outgoing-spam-based study shows that information disclosure on outgoing spam can help reduce outgoing spam, approximately by 16 percent. This finding suggests that information disclosure can be leveraged to encourage companies to reduce security threats. It also provides support for public policies that require mandatory reporting from organizations and offers implications for evaluating and executing such policies.
What is ICIS 2012?
Continue reading
Even while spamming a lot less,
AS 44565 VITAL still placed #1 again for spewing spam from Turkey
in the
November 2012
from CBL data.
Even as Vital got a handle on
its Kelihos problem,
AS 8386 KOCNET improved twice.
Maybe KOCNET is finally getting a grip on
its Festi problem.
KOCNET’s peak of 0.8 million messages in November is a lot less than
its peak of 1.3 million in September, although still far too many.
-jsq
OVH won again, more than doubling its spam spew of last month!
This is in the
November 2012
from CBL data.
Is that 407,726,779 spam messages in a single month a record?
Last month it was Kelihos.
This month it looks like darkmailer.
-jsq
Turkey, like
Belgium,
Canada,
U.S.,
and
the world,
has a Kelihos rampage problem in
from CBL data
for October 2012.
New Turkish #1 spammer AS 44565 VITAL TEKNOLOJI shows all the signs: rapidly increasing spamming and both Maazben and Kelihos botnets.
The other new Turkish top 10 ASNs, AS 42868 NIOBE AS 44922 MEDYABIM-AS, AS 12599 ATLAS-AS AS 49632 DATATELEKOM and AS 12987 OMURGA, all show lesser but still distinctive signs of the Kelihos rampage, namely Maazben botnet plus other unknown botnets. They all also only surged for a week or two, while Vital continued upwards.
-jsq