A 10-month study on distribution methods for malicious software has found miscreant authors have changed their tactics to guarantee more widespread infection. In a report entitled All Your iFrames Report To Us, Google engineers said malicious code was now designed to target vulnerabilities in specific web browsers, with infected sites automatically downloading necessary code to the computer in a tactic called "drive-by downloads". Google said it found more than three million unique internet addresses contained on nearly 200,000 websites that were specifically designed to automatically infect computers with worms, viruses and other malicious code.
The report said China was playing a leading hand in serving up the latest malicious code. It said more than 67 per cent of the malware distribution servers were located in China, along with 64 per cent of all websites that linked directly to the malware servers.
The authors said website administrators were to blame for lax security, pointing to poor practices such as running outdated or unpatched versions of web-server software.
The study also named countries hosting the distribution sites. The US was home to 15 per cent, Russia 4 per cent, Malaysia 2.2 per cent and Korea 2 per cent.
The hosting countries being used as landing sites, pointing to malware distribution servers located elsewhere, were similar: the US was responsible for 15.6 per cent, Russia 5.6 per cent and Korea and Germany 2 per cent.
The Australia, New Zealand and Japan head of content filtering provider Websense, Tim Lee, said Brazilian coders had recently begun writing attack codes radically different from the virus codes of five years ago.
"I think individual countries or regions singled out is a bit unfair but it is fair to say that the global bad guys are well organised and distributed teams of people who are likely to sit anywhere," Mr Lee said.
© Fairfax Business Media
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.