Botnet C&C Server TLDs and Countries

Team Cymru recently used a Flash-based dependency graphing tool and our botnet Command and Control (C&C) data to visualize the different top-level domains and countries used by IRC- and HTTP-based botnet C&Cs. A brief overview of this visualization was published in our Cymru Quarterly newsletter, and you can download a brief analysis with larger versions of the charts (774K PDF).

The green highlighted lines in the charts within the PDF represent connections to a single selected TLD or country, allowing those connections to be more easily traced back to their points on the circumference of the diagrams.

For more information on Team Cymru's Internet security research and insight, check out the rest of our web site, particularly our Malevolence Monitoring and graphs pages.