These maps are the results of us converting all of the IP addresses of any IP address that we were able to identify that joined or quit an active botnet. When more than one drone was within a certain geographical and pixel distance on the map, the size of the circle representing that point has been increased in size to represent the greater quantity of infected systems

We have also broken down some of the types of drones that we are collecting. There are four different types shown on the map that represent a combination of sources and collection methods. The types that we have are:

  • HTTP - IP's that connected via HTTP to a Command and Control server
  • IRC - IP's that connected via IRC to a Command and Control server
  • Kline - These IP's are ones that matched a known botnet name structure on a public IRC service and were banned based off of that matching.
  • Spam - These represent the email relay that was used to send the Spam message to its final destination.

These maps are updated once a day

We currently only have one map to show the last 24-hours worth of tracked drones.

Drone Distribution

