According to a report from Akamai, one of the world's largest content distribution networks, Russia and Brazil surpassed the United States and China in terms of attack traffic for the third quarter of 2009. Around 80% of responsible attacks were generated by variants of the infamous Conficker worm and targeted port 445.

Akamai maintains a network of servers worldwide in order to deliver content for some of the biggest IT organizations in the world, such as Microsoft, Apple, Adobe Systems, Amazon or Yahoo!. Using hundreds of sensors deployed across the globe, the Cambridge-based collects data regarding Internet penetration, broadband availability and cyber-attacks.

In its latest quarterly report entitled "The State of the Internet," Akamai announces that Russia was the biggest source of Internet attacks during the third quarter of 2009, accounting for 13% of the global attack traffic. This represents a tenfold increase over the country's 1.2% score in Q2 2009. Brazil also experienced a similarly unusual rise in attack traffic representing 8.6% of the total, compared to 2.3% in the second quarter.

Meanwhile, United States and China registered dramatic decreases in attack traffic and came in third and forth positions, with scores of 6.9% and 6.5%, respectively. To put things in perspective, China accounted for a whooping 33% of attacks in Q2 2009, while United States was second with 15%. The top 10 in Q3 is completed by Italy (5.4%), Taiwan (5.1%), Germany (4.8%), Argentina (3.6%), India (3.4%) and Romania (3.2%).

Akamai blames this change in numbers on the Conficker worm. "Port 445 was overwhelmingly the top port targeted by attacks originating in Russia and Brazil, which may indicate the presence of a large number of systems in both countries actively participating in Conficker-related botnets," the company notes in its report.

In fact, port 445 (Microsoft Directory Services) was targeted by almost 80% of all observed attacks. It was followed by 23 (Telnet) with 4.4%, 139 (NetBIOS) with 3.2%, 135 (Microsoft-RPC) with 2.8% and 22 (SSH) with 2.0%. This was mostly consistent with the numbers observed in the second quarter, with very few position changes.

"Although mainstream and industry media coverage of the Conficker worm and its variants has dropped significantly since peaking in the second quarter, it is clear from this data that the worm (and its variants) is apparently still quite active, searching out new systems to infect," Akamai concludes.

"The State of the Internet" for Q3 2009 report can be viewed here (registration required).