Even while spamming a lot less,
AS 44565 VITAL still placed #1 again for spewing spam from Turkey
in the
November 2012
from CBL data.
Even as Vital got a handle on
its Kelihos problem,
AS 8386 KOCNET improved twice.
Maybe KOCNET is finally getting a grip on
its Festi problem.
KOCNET’s peak of 0.8 million messages in November is a lot less than
its peak of 1.3 million in September, although still far too many.
-jsq
Turkey, like
Belgium,
Canada,
U.S.,
and
the world,
has a Kelihos rampage problem in
from CBL data
for October 2012.
New Turkish #1 spammer AS 44565 VITAL TEKNOLOJI shows all the signs: rapidly increasing spamming and both Maazben and Kelihos botnets.
The other new Turkish top 10 ASNs, AS 42868 NIOBE AS 44922 MEDYABIM-AS, AS 12599 ATLAS-AS AS 49632 DATATELEKOM and AS 12987 OMURGA, all show lesser but still distinctive signs of the Kelihos rampage, namely Maazben botnet plus other unknown botnets. They all also only surged for a week or two, while Vital continued upwards.
-jsq
More than two-thirds top-10 Turkish spam came from KOCNET
in
September 2012
for
Turkey from CBL data.
KOCNET’s 68.5% is about the same as its
68.7% for August
and
more than
TTNET’s 65.2% for July
but still not quite up to
TTNET’s record of 78.3% in June.
However, in June TTNET only spammed 6,362,167 messages (as seen in the CBL data),
while KOCNET spammed 28,937,997 in September,
which beats TTNET’s maximum messages a month in
July 2011.
-jsq
Festi botnet spam made KOCNET beat TTNET to #1 in
Turkey for the first time
ever
in August 2012
SpamRankings.net, in rankings from both
CBL
and
PSBL data.
While
TTNET managed to stop most spam from Festi botnet,
Festi spam from KOCNET massively ramped up.
Graph by John S. Quarterman for SpamRankings.net.
Both ISPs hit a Festi low on 21 July, which raises the speculation that
that low had nothing to do with infosec efforts by the ISPs,
and more to do with something going on inside Festi.
After that low, TTNET briefly started back up with Festi,
but then dropped down.
KOCNET just kept going up.
Up so far that KOCNET made
#3 in the world in rankings from CBL data
and
#4 in the world in rankings from PSBL data,
pushing Turkey itself up to
#4 (CBL)
and
#5 (PSBL).
TTNET had already pushed Turkey last month to #4 (CBL) and #6 (PSBL). It was Festi then, and it’s Festi now, but the lead Turkish ISP has changed: last month it was TTNET, this month it’s KOCNET. It’s a problem when a botnet parasite can just move on to a new host like that. Do TTNET and KOCNET even know this is happening?
-jsq