Home / News I have a News Tip

New Report Found Over Half of Malware-Infected Websites Based on Chinese Network Blocks

The majority of the Internets malware-infected websites are located on Chinese networks, finds a new report released today by StopBadware.org, the university-based research initiative aimed at protecting users from dangerous software. The report also identifies the 10 network blocks that contain the largest number of badware sites. Six of the 10 are located in China.

Sites that infect visiting PCs represent some of the worst of digital pollution, said Jonathan Zittrain, StopBadware.org co-director and Professor of Law at Harvard Law School. Malware is a global problem that requires cooperation across industries and across national borders.

As China strives to hone its image in preparation for the Beijing Olympics, 52 percent of the more than 200,000 infected sites StopBadware.org analyzed in late May were hosted by Chinese networks. U.S.-based networks accounted for 21 percent of bad sites. The data were provided by Google's Safe Browsing team and are searchable by URL in the StopBadware.org Badware Website Clearinghouse.

The analysis also revealed the Internet's 10 most infected network blocks:

Number ofNetwork block name & descriptionCountryInfected Sites
CHINANET-BACKBONE No.31, Jin-rong Street China48,834
CHINA169-BACKBONE CNCGROUP China169 BackboneChina17,713
CHINANET-SH-AP China Telecom (Group)China9,445
CNCNET-CN China Netcom Corp.China6,058
GOOGLE - Google Inc.U.S.4,261
DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd.China3,604
SOFTLAYER - SoftLayer Technologies Inc.U.S.3,507
THEPLANET-AS - ThePlanet.com Internet Services, Inc. U.S.3,166
CHINANET-IDC-BJ-AP IDC, China Telecommunications CorporationChina2,357

The owners of these network blocks play a variety of roles in the Internet ecosystem. Some directly control the infected servers on their networks, while others lease equipment and/or bandwidth to customers who control their own servers. Google, which is a sponsor of StopBadware.org, hosts free blogs on its network through its popular Blogger service. Malicious users sometimes exploit these free blogs as a means to link to or distribute malware. Google disables the blogs as soon as they detect the bad content, but the dead blogs remain in the list of infected sites until Googles automated malware detection system has an opportunity to rescan them.

Maxim Weinstein, manager of StopBadware.org, says the country and network data are a helpful step in understanding the distribution of malware, but we should be careful about assigning blame.

Our goal in releasing this report is not to point fingers or to imply that network owners or governments are at fault for the malware on their networks, but rather to start a conversation. When different links in the Internet chain talk to each other and share information, it leads to solutions that in turn lead to a safer Internet for all of us.

He points, for example, to his teams success last year, when a similar StopBadware.org report revealed U.S.-based web hosting company iPowerWeb as home to over ten thousand infected sites, making it the most infected network at the time.

When we published that report, says Weinstein, it prompted iPowerWeb to ask for help. With support from StopBadware.org and data from Google, the company was able to clean up all those sites and secure its servers against future attacks. Weinstein notes that, based on the latest data, iPowerWeb is hosting so few infected sites that it is not even in the top 250 most infected networks.

On Friday, StopBadware.org researchers will present related research at the Workshop on the Economics of Information Security, hosted by the Tuck School of Business at Dartmouth College.

To read a full PDF copy of the StopBadware.org report, click here.

Read full story: External Source

Related topics: Cybersecurity, Malware, Spam, Web


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias


Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Radix Announces Global Web Design Contest, F3.space

.TECH Gets Its Big Hollywood Break

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Major Media Websites Lose Audience Due to Slow Load Times on Mobile

Leading Internet Associations Strengthen Cooperation

DeviceAtlas' Deep Device Intelligence Now Addresses Native App Environment

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Miss.Africa Announces 2016, Round II Seed Funding Tech Initiative for Women in Africa