China and Russia host over half of the world's malware

Jul 15, 2010 09:25 GMT  ·  By

According to a report from BitDefender, malware which spreads by abusing the Windows AutoRun feature was the most prominent threat on the Internet during the first half of 2010. China and Russia topped the list of countries that host malicious programs.

“While the second half of 2009 was undoubtedly dominated by the Downadup worm, the main threats for H1 2010 are autorun-based e-threats. Ranking first in the malware top for the first half of 2010 is Trojan.AutorunInf.Gen, a generic detection that intercepts highly obfuscated autorun.inf files belonging to a wide assortment of malware families,” BitDefender researchers write in their H1 2010 E-Threats Landscape Report (PDF).

AutoRun is a Windows feature long abused by malware authors to spread their malicious creations. In fact, the risks posed by this functionality outweigh the benefits so much that many security experts and antivirus vendors recommend disabling it altogether. There are even special tools like the Panda USB Vaccine dedicated to making AutoRun exploitation by malware impossible.

According to BitDefender, AutoRun malware accounted for 11.26% of the malicious samples it analyzed. The percentage can be even higher, considering that the infamous Conficker worm, which is also capable of spreading through this Window feature, came in second on the first half of 2010 with 5.66% of all samples.

The increased prevalence of PDF exploits is also reflected in the BitDefender report, with the generic Exploit.PDF-JS.Gen signature being the third most triggered one this year (4.80%). The malware distributed through these PDF attacks is obviously also common, the Exploit.PDF-Payload.Gen coming up in the seventh place. Other well known families of malware like Sality, Clicker, Wimad or FakeAV have also made it to BitDefender's top 10.

As far as malware origin is concerned, China was responsible for hosting 31% of it. Russia is also responsible for harboring many of the world malware distribution operations, with 22% of the world's malware being hosted in this country. Brazil came next with a rate of 8.10%, the researchers noting that banking trojans are particularly prevalent here. The United States, a prominent malware-hosting country in the past, only ranked fifth this year with 5,0% and after UK with 6,00%. Spain (4,16%), Germany (3.80%), Sweden (2.91%), France (2.30%) and Ukraine (3.46%) complete the top 10.

You can follow the editor on Twitter @lconstantin