US tops for hosting virus websites and sending spam

25 Jan 2007

It will surprise nobody to discover that the US was the leading source of malicious code and spam during 2006. The IT security firm Sophos made the scarcely shocking revelation in its annual Security Threat Report 2007.

According to the report, more than a third of all websites containing viruses that were identified last year were hosted in the US. The same country – which is home to the so-called ‘spam king’ Scott Richter – was also responsible for relaying more unwanted junk email than any other nation.

Sophos found the top 10 countries hosting web-based malware during 2006 were: the US (34.2pc), China (31.0pc), the Russian Federation (9.5pc), the Netherlands (4.7pc), Ukraine (3.2pc), France (1.8pc), Taiwan (1.7pc), Germany (1.5pc), Hong Kong (1.0pc) and Korea (0.9pc).

Some of the same offenders were present and correct on the spam senders list compiled by Sophos, with the US again leading the pack – albeit not to the same extent – with 22pc. Next was China, including Hong Kong, at 15.9pc. South Korea, which did not score so highly for malware, was in third place with 7.4pc.

Sophos has calculated that as much as 90pc of all spam is now relayed from zombie computers, which are third-party machines that are often controlled by hackers without the user’s knowledge. By controlling a network of zombies – also known as a botnet – spammers don’t need to be based in the same country as the computers they are using to relay spam.

The report adds some of the recent trends that security experts have indicated, namely that malware writers are continuing to prefer more focused strikes against computer users instead of large-scale attacks.

Microsoft’s Windows operating system continues to be the primary target for hackers, Sophos said. Internet criminals are increasingly creating Trojan horse programs for downloading by unsuspecting users rather than mass-mailing worms in order to gain control of large amounts of computers.

Looking ahead to trends for 2007, Sophos predicted that email will continue to be an important attack vector for criminals who create or use malicious code. However, as more businesses use gateway security to protect their email systems, attackers are looking at other tactics. As a result, there is a growing number of websites which host malware and infect the user when they visit.

Sophos Labs said it is currently uncovering an average of 5,000 new web addresses per day which host malicious code.

By Gordon Smith