Wednesday, March 28, 2007

U.S. Malware Capital?

This article form Network World claims that San Jose found the most malware was hosted in the US "contrary to the belief that it was coming from other countries" not in so many words.

They almost downplay the issue that most of this malware is probably weaseled onto servers via hacking or on servers paid for by people of origin outside the U.S. Yes, there are probably a lot of US hackers - we did invent the computer after all.

It is important to keep all factors in mind while analyzing this topic. It has also been reported that many hacker and terrorist organizations buy computer networking from the US because it is more cost effective (or was) than in other countries. That may be changing with China and India in the game, I'm not sure.

Hacked servers are also a huge source of this malware and I would be interested to know the % of this 80% of malware that is on hacked servers and how much of the malware actually got onto the US computers via a hack from someone originating from another country. A person I spoke to from the FBI says about 15% of the world's computers are thought to be "command and control bots," meaning they are either set up intentionally or hacked to run code for someone who is using a command server to control a bunch of other machines to carry out their dirty work.

The author did mention the money changing hands here - and why the US is a target, but also consider that the UK is second on the list. The US, the UK. Hmmm.

Also to take into consideration would be the size of the US and the amount of computers in the US relative to other countries. I'm not sure but I'd guess there are a relatively larger number of computers here than in some other countries at this time.

But perhaps the author just meant that this is where most of the malware is running - that the U.S. is the target and our security is totally lacking, rather than highlighting the US as a source of creating and distributing malware. If you consider the malware is running on machines that can affect people all over the world it is a problem - but the cause of that problem still may be mainly coming from outside the US. Security lacking? A wake up call? With that I would have to agree.

Personally I find plenty of hacker looking traffic from all over the world. I haven't done the numbers to compare by country but there are a load of hackers in Ontario, Alaska, throughout Europe, and a ton coming out of Asia - especially China and Taiwan. There is some that comes out of Brazil and occasionally Mexico - I was bombed by France the other day (see a recent post).

The interesting thing is that probably one of the biggest hacks on credit cards at Card Service International (I believe that is correct) in Arizona a couple years ago was attributed to the Russian Mafia by the news in Australia when I was down there. People in the US said they didn't hear that - I am not sure what was reported in the US.

But I get very little hacker like traffic from Russia. Does that mean there are no hackers in Russia? No, it means they are pretty damn smart. They do their dirty work from hacked servers in other parts of the world so they are not discovered. A recent piece of malware running on tons of US servers included a built in virus checker - Kapersky - Russian by origin though they since tried to appear as they are headquartered in the US. I also think there may be some Russian hackers up in Alaska using some network -

So the point the author is making about most of the hacks not coming from Russia or China like everyone thinks - is twisting the facts.