India, Bank of America, and CyberSURF: December 2011 SpamRankings.net

In SpamRankings.net for December 2011, worldwide India spammed the most, while Bank of America topped one U.S. ranking, and CyberSURF peaked in Canada, but Cleveland Clinic cleaned up its act.

More on those and other interesting rankings in later posts.

-jsq

Coal company reputation

Good news from the SEC for a change! They're requiring coal plant operators to report health and safety violations, including fatalities, within a few days of occurence.

FuelFix posted from AP on 23 December 2011, SEC requiring coal firms to report safety problems

Earlier this week, the SEC announced new rules that require mining companies to start reporting any fatalities and all major health and safety violations, mine by mine, in their quarterly and annual financial reports. The filings are mandated in the wide-ranging Dodd-Frank Wall Street Reform and Consumer Protection Act, which Congress passed to try to increase corporate accountability.

The rules take effect 30 days after publication in the Federal Register. They require companies to report within four days any “significant and substantial” violations, citations, flagrant violations and imminent-danger orders issued by the federal Mine Safety and Health Administration.

Coal operators must also include the dollar value of proposed fines, whether the company has been or may be designated a pattern violator by MSHA, and any pending cases with the Federal Mine Safety and Health Review Commission.

What problem does this reporting solve? As the article points out:

Comcast pushed out of first, yet wins November U.S. SpamRankings.net

How can an ISP both lose and win in top 10 rankings? By placing more than once!

Comcast got pushed out of first place by AS 46475 LIMESTONENETWORKS and AS 21788 NOC in the November 2011 Monthly U.S. SpamRankings.net from CBL volume. AS 20214 COMCAST-20214 did spam a third less (1,503,173 spam messages) than last month (2,193,898), but it was the spontaneous spam spewing of the two top place newcomers that pushed it down to third place.

Yet Comcast really won the month. It took 4 of the top 10 (places 3, 6, 7, and 10), which is twice as many as last time, and accounted for 30.29% of top 10 spam spewed, up from 23.9% last time. That percentage beats either of the top two this time.

-jsq

World PM2.5 Map as reputation

NASA posted 22 October 2009, New Map Offers a Global View of Health-Sapping Air Pollution

In many developing countries, the absence of surface-based air pollution sensors makes it difficult, and in some cases impossible, to get even a rough estimate of the abundance of a subcategory of airborne particles that epidemiologists suspect contributes to millions of premature deaths each year. The problematic particles, called fine particulate matter (PM2.5), are 2.5 micrometers or less in diameter, about a tenth the fraction of human hair. These small particles can get past the body’s normal defenses and penetrate deep into the lungs.

Even satellite measurements are difficult (clouds, snow, sand, elevation, etc.). But not impossible:

Global satellite-derived map of PM2.5 averaged over 2001-2006.
Credit: Dalhousie University, Aaron van Donkelaar

However, the view got a bit clearer this summer with the publication of the first long-term global map of PM2.5 in a recent issue of Environmental Health Perspectives. Canadian researchers Aaron van Donkelaar and Randall Martin at Dalhousie University, Halifax, Nova Scotia, Canada, created the map by blending total-column aerosol amount measurements from two NASA satellite instruments with information about the vertical distribution of aerosols from a computer model.

What can be done with this data?

Air reputation in Beijing

Measuring something as basic as air quality and posting it frequently can have reputational effects, demonstrated by the U.S. Embassy in Beijing.

France24 posted today, Beijing air goes from 'hazardous' to off the charts, literally,

Two years ago, Chinese officials asked the US Embassy to stop tweeting about pollution in Beijing on the grounds that the information was “confusing” and could have “social consequences”, according to a confidential US State Department cable made public by WikiLeaks.

Hm, so measurement can affect reputation and have social consequences....

The measurements postings didn't stop, and the pollution got worse:

Cleveland Clinic spewing spam again

Here's why to look at more than one spam data source: according to the PSBL volume data for November 2011, Cleveland Clinic's AS 22093 CCF-NETWORK spewed more than a hundred spam messages a day on multiple days, while CBL volume data showed Cleveland Clinic with only 42 spam messages for the entire month. Apparently PSBL's spamtraps happened to be in the path of this CCF spam.

Now a couple of hundred spam messages a day isn't much by world organization standards, but compared to what we'd all like to see from medical organizations (zero), it's a lot.

Also compared to the other medical institutions in the same rankings from the same data, the pie chart looks like Pac Man and the bar graph looks like a hockey stick.

Maybe Cleveland Clinic didn't get the memo after all.

-jsq

China does not lead Country Rankings from SpamRankings.net

An area where China does not lead the world: Country rankings by SpamRankings.net. China is only #13, but Brazil, Russia, and India (the other three BRICs) are in the top five countries by total spam messages for October 2011. U.S. is #10.

Vietnam came from behind a few months ago to place second for October.

Brazil had slumped as low as #6 in July, but has pulled back up into the leading pack.

After the top five, it's a long-tail distribution indeed.

What is IPWORLDNET and why is it spamming from Canada?

In the October SpamRankings.net for Canada (from CBL data), IPWORLDNET is that big blue molar tooth in the graph on the right. In the interactive chart you can see IPWORLDNET's Autonomous System (AS) 19875 winning the month with two bursts of spam, and then dropping almost to zero.

That's not the only spamming churn activity in Canada for October. The log chart shows MetroBridge Networks Corporation AS 25976 METROBRIDGE-NET jumping up from zero to take ninth place. It looks like one organization may have cleaned up its act while another got infested.

Last month's winner, Canaca-com's AS 33139 CANACA-210, came in second. From there down it's mostly the usual suspects in slightly different orders. Interestingly, longterm winner Bell Canada's AS 577 BACOM only came in fourth. This is unusual for a national telco. Maybe they're watching the rankings?

-jsq

Big Churn in the U.S. in October SpamRankings.net

Big churn in the U.S. for October 2011 in included last month's winner by spam volume vanishing, Comcast retaking the top spot but with only 2 out of the top 10, and colo FDCservers.net AS 30058 joining in at number ten.

All that and Numbers 2 and 3 didn't even place last month. #3 AS 25653 FORTRESSITX jumped up from about a thousand spam messages a day to more than 200,000 and then back down. #2 AS 23376 APPSERVE came up from zero on 11 October to more than 225,000, dropped back briefly to zero on 22 October, and then resumed at around 65,000 a day. Both of those cases look suspiciously like single botnet infestations.

Comcast may be making some effort to reduce outbound spam. In July Comcast held 5 out of the top 10 US rankings; in August it held 4, in September it held 3, and in October only 2.

-jsq

How to leverage botnet takedowns

What is to be done when botnet takedowns don't produce lasting benefits?

At the Telecommunications Policy and Research Conference in Arlington, VA in September, I gave a paper about Rustock Botnet and ASNs. Most of the paper is about effects of a specific takedown (March 2011) and a specific slowdown (December 2010) on specific botnets (Rustock, Lethic, Maazben, etc.) and specific ASNs (Korea Telecom's AS 4766, India's National Internet Backbone's AS 9829, and many others).

The detailed drilldowns also motivate a higher level policy discussion.

Knock one down, two more pop up: Whack-a-mole is fun, but not a solution. Need many more takedowns, oor many more organizations playing. How do we get orgs to do that? ...

There is extensive theoretical literature that indicates