IT security and data protection firm Sophos has revealed details
of the top ten countries hosting malware on the web, passing on
malware infections to innocent computer users.
Every day Sophos discovers over 50,000 newly infected webpages,
and its findings reveal that the problem of compromised websites is
truly global.
Top ten countries hosting malware on the web, January -
December 2009
"The USA is still the dirty man of the web world - hosting more
dangerous infected websites that any other country," said Graham
Cluley, senior technology consultant at Sophos. "Of course,
just because the malware is planted on the web in these countries
doesn't necessarily mean that the hackers themselves are based in
the same place. Cybercriminals will attempt to infect websites
anywhere in the world - it's perfectly possible for a website in
Tooting to be infected by a hacker in Timbuktu."
The US remains the main hosting ground for malicious webpages.
While China and Russia continue to provide some strong competition
for the top position, China's share has dropped considerably from
second place with 27.7% in 2008 to third behind Russia with just
11.2% in 2009.
China's drop down the chart continues a trend set in 2008, when
China's figure had dropped from 51.4% in 2007. The remainder of
malicious pages are scattered all over the world, with Peru moving
strongly up the list to fourth place with 3.7%.
"The traditional method of web attack was for hackers to create
maliciously crafted sites and lure victims in with promises of
desirable or salacious content - and this technique still continues
to flourish. But it is now rivalled by the huge problem of
criminals injecting viral code into legitimate sites that have not
been properly secured," explained Cluley. "These hacked sites are
particularly dangerous because of the large amount of traffic they
may already receive, and because visitors may feel they can trust
any unusual popups they see."
One of the growing methods through which hackers exploited
legitimate websites during the last 12 month was the placing of
malicious adverts (known as "malvertising"). Websites that fell
victim to malvertising attacks, and thus passed infections on to
their readers, included the
New York Times and
technology website Gizmodo.
Other compromised legitimate websites seen in the last year have
included the sites of Van
Morrison, the UK's leading fish-and-chip chain Harry
Ramsden's, and various foreign embassies. Many of these sites
served up fake anti-virus scans, designed to scare visiting users
into believing that their computer had a security problem and trick
them installing dangerous software or handing over their credit
card details for a 'cure'.
"Webmasters need to take much better care of their sites,
ensuring that they are securely coded and properly patched against
hackers injecting malicious software into their pages," continued
Cluley. "Meanwhile, all computer users should be protected by a
security
solution that scans every webpage visited, and every link
clicked on, to see if it could contain dangerous content. You scan
your email for viruses - you should do the same for websites."
More information can be found in Graham Cluley's blog, and in
Sophos's recently published Security Threat
Report.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.