Published on March 26, security hardware maker Finjan"s latest Web Security Trends Report, which analyzes data collected by the San Jose-based firm over the first three months of 2007, concluded that more than 80% of the Web sites it found to be distributing malicious code were hosted on servers located in the United States. The United Kingdom ranked second in the list of countries hosting infected sites, accounting for roughly 10%, followed by Canada, Germany and Italy. Noticeably absent from the top of the rankings are Russia and China, which have been widely perceived in recent years as leading sources of malware worldwide. Although Finjan officials concede that hosting location is often irrelevant to the location of those who write the malware, the results indicate that efforts by legislators and law enforcement officials to crack down on illegal computing activity in the nation aren"t very effective. Symantec"s latest Internet Security Threat Report, released earlier this month, focused on all types of threats and reported that the U.S. is the source of about 31% of all malware and phishing schemes.
The reason why so many threats are coming from sites hosted in the U.S. and other relatively wealthy nations is simple: attackers are flocking to markets where their crimeware schemes are paid for most. The upside of the issue is that security researchers can take action when they find malware URLs that are based in the U.S. by reporting them to authorities and applying pressure to the companies hosting the sites (which often don"t monitor their clients" behaviour). A particularly alarming trend is the high number of attacks being passed along to end-users via advertisements on seemingly legitimate sites. "It"s very clear that a lot of malware is coming from advertisements, and it"s difficult to track where the code is originating because of the layers of ad systems, aggregators and agents that work together to create and distribute this content," said Yuval Ben-Itzhak, chief technology officer at Finjan.