According to a recent report titled "Security Threat Report 2007" released by Sophos, an IT security firm, the U.S. and China host the most sites containing malware and relay the most spam.
When it comes to Web sites containing malware, the U.S. (34.2%) and China (31.0%) account for almost two-thirds of the total worldwide figure. Russia was third with a 9.5% share.
Despite efforts to counter these harmful sites, Carole Theriault, senior security consultant for Sophos, says that "web hosting companies in the U.S. and elsewhere need to step up their policing of published content, and ensure that malicious code is quickly removed, before innocent users get hit."
The report also notes that malware authors are continuing to shift their focus from larger attacks to smaller ones that hone in on computer users. Microsoft Windows remains the target-of-choice.
The picture doesn’t get any prettier when it comes to spam. The U.S. is responsible for relaying 22.0% of the world’s spam. China (including Hong Kong) accounts for 15.9% of the world’s spam, while South Korea comes in third with a 7.4% claim.
Sophos notes that as much as 90% of all spam is relayed from zombie computers that are taken over by Trojan horses, worms, and viruses that are controlled by their authors. "This means that they do not need to be based in the same country as the computers being used to send the spam," the report notes.
The report indicates that Sophos is expecting a shift away from e-mail security attacks and more towards malicious Web content. Also, during 2006, the firm noticed a decline in the use of traditional spyware and a rise in the use of Trojans.
In December 2006, Trojan downloaders accounted for 51.24% of all infected e-mails, while spyware made up 41.87%.
Sohpos indicates that 30% of all malware is written in China, and that 17% of this amount is aimed at stealing passwords from online gamers.
Brazil is responsible for the authoring of 14.2% of all the world’s malware, and the majority of this code is written to steal online bank information.
Sources:
http://www.sophos.com/pressoffice/news/articles/2007/01/secrep2007.html
http://www.emarketer.com/Article.aspx?1004496