We have generally seen an increase in the number of badware URLs reported by our data providers lately, but in the past few weeks, we’ve seen unusually big spikes on three autonomous systems (simplifying slightly, an AS is a set of networks operated by a single entity):
AS16276 (OVH) graph
AS9809 (Nova Network, China) graph
AS22489 (Castle Access) graph
We have attempted to notify all three network operators via abuse@domain_name. The report to abuse@nova.net.cn bounced, so if you know another contact address there, please let us know.
Most likely, these spikes in infection numbers are the result of either targeted attacks at these networks or opportunistic attacks that happened to find their way into large numbers of identically configured (or misconfigured) web servers.
