Time-lapse of botnet's spread around the world

Marvel at the spread of a botnet around the world in this 44-second time-lapse covering five days' infection activity, as measured by observing new joins to a botmaster's IRC channel. It's really fascinating how geographical our Internet activity really is -- how a bot's jump to another region (seemingly) precipitates more local infections as (presumably) local users communicate with nearby systems.

Flashy Botnet is Flashy (via O'Reilly Radar)

13

  1. Botnets, spammer’s botnets.
    What kind of boxes are on on botnets?

    Compaq, HP, Dell and Sony, true!
    Gateway, packard Bell, maybe even Asus, too.

    Are boxes, found on botnets.
    All running Windows. FOO!

  2. I’m more interested in the vast dark areas of the map. Botnet also shows how unequal wealth/technology distribution remains.

  3. I’m more interested in the vast dark areas of the map. Botnet also shows how unequal wealth/technology distribution remains.

  4. Why don’t they start with no red and then go until their is lots of red? It just looks like a lot of pulsating pink dots to me.

  5. Drew3000: You’re right, but to be fair, some of those dark areas mostly unpopulated (which makes the botnet spread even more alarming).

  6. The Great Firewall of China doesn’t seem to be providing much protection. I guess this botnet isn’t subversive enough.

  7. I’m with #6, but maybe I don’t understand the map. Are there any new lights at the end that weren’t there on the first day, at 15:00? At seems that the entire spread happened in the first couple hours — the rest is just unexplained pulsing.

  8. Bad informational graphics always leave you wondering what you just saw. Compare Florence Nightingale’s 1858 “coxcomb” graphs, or Minard’s 1869 graphic presentation of Napoleon’s march on Moscow, if you want to see how bad most modern graphics really are. Computers just make composition easier and faster, not better.

    Chris, the most powerful botnets have multiple node types; the controller nodes are often linux and the sheep being herded are windows.

    When you can’t figure out where or what the controllers are, or how they are publishing their commands, you can be pretty sure they are linux.

  9. I could be wrong, but I think the red is the initial infection by the botnet, and the pulsing white is actual participation in / use by the botnet.

Comments are closed.