From a draft paper, All Your iFrames Point to Us, at Google Research (hat tip to Bruce Schneier):

…Our results reveal an alarming contribution of Chinese-based web sites to the web malware problem– overall, 67% of the malware distribution servers and 64% of the web sites that link to them are located in China. These results raise serious question about the security practices employed by web site administrators.

…The results show that a significant number of Chinese-based sites contribute to the drive-by problem. Overall, 67% of the malware distribution sites and 64.6% of the landing sites are hosted in China. These findings provide more evidence of poor security practices by web site administrators (e.g., running out-dated and unpatched versions of the web server software).

The draft whitepaper, by Niels Provos, Panayiotis Mavrommatis, Moheeb Abu Rajab, and Fabian Monrose, examines the automatic infection of computers with malware (viruses, trojans, etc.) via scripts that attack vulnerabilities in web browsers. The scripts cause affected computers to download and install malware, all without the user’s knowledge. They call it a “drive-by download”.

That they found China tops all other countries by a wide margin (the US is next, at around 15%) is not surprising. Their findings are consistent with other studies by security companies and organizations. They are correct to underline the role of poor site security administration as a key driver for malware distribution. For all the abundance of technical talent in China, there’s little emphasis by organizations on managing their assets.

The paper describes typical means of infection (compromised web sites and, interestingly enough, syndicated internet advertising), the structure of malware networks, and the impact on the infected computer. To add to the gloom, they found that of the three unidentified anti-virus products tested for catching malware, even the best only spotted about 70% of the total on average.

Further reading
Bruce Schneier’s blog. His name may be unpronounceable, but he’s one heckuva security smartypants.

'); //-->

ShareThis