Spamhaus, a non-profit organization that tracks illegal activity in domain zones, has published its Spamhaus Botnet Threat Update for the first quarter of this year. It is dedicated to the activity of botnet controllers. The report says that Spamhaus identified 1,660 botnet Command & Control servers in the first three months of this year. This figure is a 24% increase on the fourth quarter of 2020, when the number of identified botnet C&Cs was 1,337. January was especially fruitful, with 757 botnet C&Cs detected at once.
Naturally, the gTLD .COM topped the rankings for botnet abuse, with 1,549 domain names associated with botnet activity. .COM's leading position should not come as a surprise, as the domain zone is by far the most popular. In addition, it should be noted that .COM showed a 27% decrease in the number of domains used for C&C botnets compared to the previous quarter.
The same cannot be said about the new .TOP domain, which ranked second. On the contrary, the number of domain names used for botnet C&Cs grew by 90% in comparison with the previous quarter and reached 622. Third place belongs to .XYZ with 345 domain names. In terms of the geographic distribution of botnet C&Cs, the largest number was found in the United States.
“Our statistics on the interaction of competent organizations with registrars show that over the past year the number of reports concerning botnets has dropped significantly. Thus, in Q1 2020, botnets accounted for 5.8%, or 44 domains, of the total number of reports (756). And in Q1 2021, botnets made up only 0.2% of the total number of reports (1,955), or only three domains,” said Yevgeny Pankov, head of special projects at the Coordination Center for TLD .RU/ .РФ.