Germany Is a Significant Source of Malicious URLs

Security researchers from German antivirus vendor Avira have recently analyzed the origin of the URLs used in worldwide phishing and malware distribution campaigns. The results revealed that around 15% of malicious URLs were hosted in Germany.

German citizens are, obviously, one of the preferred targets of identity thieves, and this is clearly reflected by the data leak frenzy, which hit the country late last year. Local journalists went undercover and acquired a CD containing the stolen banking information of 1,2 million citizens from the black market. The shady individuals who sold them the data claimed they had 21 million more similar details, available for a price of $15 million.

Additionally, in a country where over 55% of citizens are online on a daily basis, Internet banking is bound to be popular. But, while such a service has benefits in terms of convenience, it also increases the risks users are exposed to, because, in such a case, it can be easily assumed that if someone's computer is compromised, so is their bank account.

"Our statistics show that 14.43% from the Phishing and 15.04% from the Malware URLs (for which we have geo IP information) are hosted on servers located in Germany," Sorin Mustaca, Avira's manager of international software development, announces. "The numbers of malicious URLs which are advertised in Germany (not necessarily hosted) can’t be computed, since no one is able to count all the emails which contain the URLs," he adds.

According to the Avira study, in this respect, when compared with other countries, Germany takes the second place after the United States (31.90%) and before Brazil (7.59%). France (7.34%) and Spain (4.56%) complete the top five.

This order is also reflected, to some extent, in the top of the registrars through which the abusive URLs were set up. They are The Planet (US), 1&1 (Germany), SoftLayer (US), OVH (France), and HostDime (US).

Other interesting statistics released by Avira, refer to the most attacked companies. Therefore, most of the identified threats targeted customers of Chase Bank (18,866 threats), Paypal users (14,438 threats), Ebay (9,655 threats), American Express (4,859 threats) and Abbey Bank (3,092 threats).

The antivirus vendor not only studied these threats, but also informed the companies involved. "Our Labs collaborate with institutions and organizations which send warning information to the registrars and ISPs hosting the dangerous files," Mr. Mustaca explains.