USA tops China as source of malicious servers
Posted on | June 3, 2010 | add a comment
America has replaced China as the top source of corrupted servers being surreptitiously used by cybercriminals to dish out malicious programs, according to first-quarter findings from Kaspersky Lab.
This development underscores how easily anyone with an Internet connection and credit card can quickly and anonymously register a new domain using services such as Go Daddy. Meanwhile, China has shown just how swift and effective policing measures can be.
The bottom line: the bad guys remain several steps ahead, in terms of effective tactics and refined automation.
“The scripts and methods used to compromise legitimate servers have been getting better and better,” says Kaspersky senior researcher Roel Schouwenberg. “Combine that with more effective Blackhat SEO tactics and social engineering campaigns in Facebook and other social networks and there are just more opportunities for cybercriminals.”
Kaspersky Lab reports that 28% of 1.9 million servers it found distributing malware in the first three months of this year were located in the U.S. That compares to China as the source of 33% of 85.9 million malicious servers Kaspersky tracked down in the final quarter of 2009.
Russia is currently the no. 2 source, accounting for 22.6% of malicious servers, with China now no. 3, with 12.8%. So in a matter of months, China has more than halved the source of malicious servers operating within its jurisdiction. This is vividly shown by the shrinking green pie slice:
Chinese authorities recently have begun implementing more stringent procedures for registering Internet addresses, says Schouwenberg. A written statement is now required and the requesting party must provide passport information and complete a lengthy application to a national agency, the CNNIC.
In the U.S. and Russia, it’s still quick and anonymous to register new domains via services such as Go Daddy.
“It would be interesting to see what will happen if regulations like the ones in China were to catch on in other countries,” says Schouwenberg. “It shows that the entities in the U.S. are not doing a good job protecting their servers from compromise and that the U.S. is still are a good place to host malicious content.”
Other Kaspersky first-quarter findings of note:
- Over 327 million attempts were made to infect users’ computers around the world, an increase of 26.8% over the previous quarter.
- The total number of exploits targeting vulnerabilities in browsers and plug-ins, as well as PDF viewers increased by 21.3%, with nearly half of them targeting vulnerabilities in Adobe programs.
- Two families of malware targeting Adobe products — Exploit.Win32.Pdfka and Exploit.Win32.Pidief — account for 47.5% of all detected exploits. These exploits are PDF documents containing JavaScript scenarios that, without the user’s knowledge or consent, download and launch other pieces of malware direct from the Internet.
“The amount of cyber criminals is ever growing,” says Schouwenberg. “Until we have effective laws which are enforced – by arrests – the number will continue to grow and cyber crime is profitable so there’s no reason to assume otherwise.”
By Byron Acohido