Secure Science Corp used the "snapshot" approach to graph metrics for the Peacomm network over the period of a week, and the undulating metric is fascinating.
Symantec's DeepSight Threat Analyst Team decided to use this "snapshot" approach in order to gather a geographical picture of a 24-hour period of Peacomm spam activity. Based on spam messages that were captured over a 24-hour period by Symantec antispam sensors on August 18 and September 18, 2007, we observed 4,375 unique Peacomm IPs for August 18; 2,131 of these IPs were acting as Peacomm SMTP servers and 2,244 IPs were acting as Peacomm HTTP servers (these are the servers that serve exploits and Peacomm binaries to innocent victims, as well as Peacomm propagation spam). Contrast that with 6,081 unique IPs for September 18, 2007, with 3,408 SMTP IPs and 2,673 HTTP IPs. Given those two sample sets, only 1,610 IPs intersect. So, for just a month’s time-span we observed a respectable fluctuation in Peacomm IP metrics, reinforcing the understanding that the Peacomm network is consistently in a state of fluctuation.
This Peacomm snapshot was mapped based on the geo-location of the involved IP addresses and an interesting image developed. It seemed that English-speaking countries were most affected by the Peacomm activity. Based on conjecture, this could be because the majority of Peacomm spam is delivered in the English language, but this has not been verified and other factors are definitely involved.
More at http://www.symantec.com/enterprise/security_response/weblog/2007/10/a_day_in_the_life_of_peacomm.html
Cameras that make great holiday gifts
Let them start the new year with a step up in photo and video quality from a phone.