The number crunchers at security specialists Sophos have published the figures revealing which bits of malware have been spreading the fastest during August. While the fact that infected spam attachments have dropped from one in 322 for the first six months of the year to one in every 1000 for August is interesting, it isn't as interesting as pointing a big hairy finger at those countries which host the most malware infected web pages.
The weapon of choice for spreaders of malware continues to be spam that links to infected websites, as we have seen of late with the ever changing tactics of the Storm Trojan gang. The total number of infected websites has continued to grow, although Sophos does reveal that the rate has slowed from an average of 6000 new infected site every day in July to 'just' 5000 a day in August. That's probably worth repeating, more than 150,000 newly infected websites during August alone. No wonder the criminal gangs continue to build bigger and more valuable zombie botnets, as click happy users visit these sites and pick up a Trojan along with a pointless animated postcard from someone they don't know or a picture of some C-list celebrity with no clothes on. As we all should know by now, but huge swathes of the Internet using population seem blissfully unaware of, these Trojans can steal personal data to be used in ID theft fraud as well as control computer resources to create botnets that are used to distribute more infected spam and launch denial of service attacks. Botnets can be rented out on an hourly basis, earning savvy criminal gangs a considerable amount of ill gotten gains, or the attacks they facilitate can be made available on a per contract basis.
"Cybercriminals are successfully using email and the web in co-ordination to infect innocent internet surfers," said Carole Theriault, senior security consultant at Sophos. "Home users and businesses alike need to take more steps to protect themselves from online threats, or risk being hit time and time again. It should be clear for everyone to see that businesses, web hosts and ISPs are failing to properly defend their websites. Fraudsters are continuing to find rich pickings on the internet, duping users into handing over their personal information."
You would think that the powers that be around the world would have a vested interest in trying to put a stop to the rot, and seeing as the rot starts with those infected websites this is where law enforcement and government agencies alike should be concentrating their concern. Which is exactly why the Sophos statistics are so interesting, as they name and shame the countries which have simply not managed, or don't care enough to try, to get to grips with the problem.
So here it is, the top ten list of countries hosting malware-infected web pages in August 2007:
- China (inc. Hong Kong) 44.8%
- United States 20.8%
- Russia 11.3%
- Ukraine 7.7%
- Poland 2.4%
- Germany 1.6%
- Netherlands 1.1%
- Italy 0.9%
- Canada 0.8%
- United Kingdom 0.8%
"While more than three quarters of infected webpages are hosted in just three countries, that doesn't mean you only get hit if you visit websites based in those areas," explained Theriault. "Hackers are hijacking websites around the world to make them point to malware on sites based in China, the USA, and Russia. Cybercriminals don't discriminate when it comes to targeting the web - they're just out for all they can get."