University of Pittsburgh Medical Center‘s
AS122 U-PGH-NET-AS
is #1 again in the
July 2013 worldwide medical
from CBL volume data.
It’s also been #1 in June 2013, when it also spiked over 1,000, Continue reading
Tag Archives: Medical
Medical churn in December 2012 SpamRankings.net
Good (Konkuk), improving (Cornell), and bad (eHealth)
in the
December 2012
country medical
.
First the good news:
Konkuk University Hospital went from 297 spam messages
last month to zero in
December 2012, removing
Korea from
the
country medical rankings.
Children’s Hospital & Health System
and
THE GOOD SAMARITAN HOSPITAL OF LEBANON PENNSYLVANIA
also went to zero, and
Yale-New Haven Health Services Corporation
and
Sutter Health
dropped enough to fall out of the
world top 10 medical ASNs
emitting spam in
.
Now the apparently bad news that turned good. Continue reading
Festi botnet in July 2012 U.S. Medical SpamRankings.net from CBL
The curve that took University of Pittsburgh Medical Center‘s AS 122 U-PGH-NET-AS
to number one
in the July 2012 U.S. SpamRankings.net from CBL data is almost completely explained by Festi botnet, except for one day, plus the small curve at the beginning of the month was apparently caused by Grum botnet.
AS 17311 ECMC-BGP was infested with Festi (blue curve on the right) at the same time as AS 122, and AS 17311 earlier had a Cutwail botnet
Pittsburgh back in the top 10 for spam from U.S. medical organizations
And this time it's #1
in the
July 2012 U.S. SpamRankings.net from CBL data:
AS 122 U-PGH-NET-AS in the same ranking over time:
| 2011
Mar |
Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2012
Jan |
Feb | Mar | Apr | May | Jun | Jul |
| 34 | 32 | 32 | 8 | 31 | 8 | 4 | 29 | 32 | 33 | 30 | 32 | 29 | 6 | 5 | 9 | 1 |
University of Pittsburgh Medical Center's AS 122 U-PGH-NET-AS and
Erie County Medical Center's AS 17311 ECMC-BGP not only took #1 and #2,
they also spammed longer than other medical ASNs.
That jumped them up 8 ranks each in one month.
-jsq
WIN finally got the no medical spam memo in March 2012
There’s a new development since we summarized A Year of SpamRankings.net: Medical Organizations. Chronic spamming medical organization WIN of Belgium finally dropped out of the July 2012 top 10 with its 9208 ASN, as you can see in the chronic ranking compilation:
| Date: | 2011 Mar |
Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2012 Jan |
Feb | Mar | Apr | May | Jun | Jul |
| Volume | 26,737 | 33,000 | 10,851 | 31,183 | 33,930 | 48,342 | 13,454 | 5,992 | 16,838 | 32,058 | 10,272 | 15,273 | 7,331 | 693 | 270 | 329 | 21 |
| Rank | 1 | 2 | 1 | 2 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 2 | 5 | 3 | 11 |
It looks like WIN finally got the memo in March 2012 and has been improving since then.
Congratulations, WIN!
-jsq
Microsoft back on top in June SpamRankings.net
| 1 | (2) | AS 8075 MICROSOFT-CORP—MSN-AS-BLOCK |
| 2 | (1) | AS 36692 OPENDNS |
| 3 | (-) | AS 26769 BANDCON |
| 4 | (-) | AS 22414 CRAIGS-NET-1 |
| 5 | (-) | AS 22822 LLNW |
| 6 | (-) | AS 10912 INTERNAP-BLK |
Beating even OPENDNS, Microsoft took #1 in U.S. PSBL June 2012 rankings.
Microsoft was last on top in the same rankings for April 2012. I thought Microsoft was a leader in Internet security?
In other news, Bell Canada’s AS 577 BACOM actually dropping off the Canadian June 2012 rankings from CBL data. Shaw took #1 and Iweb dropped to #2.
We have a new medical winner! It’s
Hartford Hospital’s AS 11047 HHCC-ASN1. Gaining altitude at the end of the month was Joan and Sanford I. Weill
Medical College and Graduate School of Medical Sciences of Cornell University with AS 20252 JSIWMC.
More on those and other developments in later blog posts.
-jsq
Cleveland Clinic wins one way, then another, in SpamRankings.net
| 1 | (4) | AS 22093 CCF-NETWORK |  US |
| 2 | (-) | AS 27609 USC-UNIVERSITY-HOSPITAL | US |
| 3 | (1) | AS 25611 NSLIJHS | US |
| 4 | (-) | AS 19335 APRIA-HEALTHCARE | US |
| 5 | (2) | AS 9208 WIN |  BE |
| 6 | (7) | AS 122 U-PGH-NET-AS | US |
Yet AS 22093 CCF-NETWORK dropped like a rock on 7 May 2012, going to zero
the next day, and staying there.
So Cleveland Clinic also was most improved for May 2012 medical organizations.
Congratulations, Cleveland Clinic!
This feat of IT security cleanliness shouldn’t have been hard for CCF, since AS 22093 CCF-NETWORK seems to have had a Lethic problem, which CBL saw on no more than 3 hosts. Sure, there could have been more hosts infected than that, and CBL just might not have seen them all. But 3 is far smaller than what CBL sees for a typical botnet infection, so the number of infected hosts probably was quite small. Which means it should have been easy for CCF to find them all and fix them.
Hm, maybe being #4 last month gave CCF some incentive?
-jsq
Is January’s medical spam caused by botnets?
Remember those
three spamming medical organizations PSBL saw and the spike from CSHS
that SpamRankings.net found in CBL data?
Digging into the underlying data, and graphing them all on the same chart,
we see this:
But it was CBL that saw that big spam spike for AS 22328 CSHS. And CBL did assign a botnet to that: Lethic. For all but two days of CSHS spam shown, CBL assigned Lethic to the total amount of spam from CSHS for that day. That may be because all that CSHS spam is coming from a single computer.
Of course, CBL’s botnet assignments are not perfect, but infosec professionals tell me CBL is about as good as it gets for that, so there’s a good chance this botnet assignment is correct.
The good news is that all of the trio of three-digit spamming medicos decreased their spam and even went to zero during the period shown.
And CSHS spam peaked at the end of January and started back down in February.
Pretty soon there may be once again little or no spam from medical organizations to rank.
-jsq
CSHS is back in January 2012 SpamRankings.net
In SpamRankings.net, January PSBL data reveals
three three-digit U.S. medical
spamming organizations, plus CSHS, and CBL data confirms
a big spam spike from CSHS.
three three-digit U.S. medical
spamming organizations, plus CSHS, and CBL data confirms
a big spam spike from CSHS.
The three with more than 100 spam messages for the month were
-
Novant Health Inc.‘s
AS 18495 NOVANT-AS1 with 396,
- Sutter Health‘s AS 46648 SUTTERHEALTH with 376,
- Texas Children’s Hospital‘s AS 11015 TCH-AS with 353,
Cedars-Sinai Health Systems‘
AS 22328 CSHS
came in
only seventh in PSBL data, with only 10 spam messages.
But in CBL data,
CSHS came in first, with 2,873 messages.
That’s not a lot, compared to, for example, Comcast,
which CBL saw spamming more than two million messages during the same month.
But what patients would prefer to see from medical organizations is
zero spam messages, since spam is a sneeze for infosec disease,
and who wants to think their hospital’s information security
or radiology computers might be infected?
Chances are CSHS will notice and clean it up pretty quick. Those other three medical orgs may have some sort of more chronic problem….
-jsq
Cleveland Clinic spewing spam again
Here’s why to look at more than one spam data source:
according to the PSBL volume data for November 2011,
Cleveland Clinic’s AS 22093 CCF-NETWORK spewed more than a hundred
spam messages a day on multiple days, while
CBL volume data showed Cleveland Clinic with only 42 spam messages for the entire month.
Apparently PSBL’s spamtraps happened to be in the path of this CCF spam.
Now a couple of hundred spam messages a day isn’t much by world organization standards, but compared to what we’d all like to see from medical organizations (zero), it’s a lot.
Also compared to the other medical institutions in the same rankings
from the same data,
the pie chart
looks like Pac Man and
the bar graph
looks like a hockey stick.
Maybe Cleveland Clinic didn’t get the memo after all.
-jsq