Russia tops list of malware sources.

Analysis carried out on recent malware attacks detected by the Digital Threat sensor network have revealed, unsurprisingly, that the largest number come from Russia. Perhaps surprisingly though, China did not figure in the top ten. Instead, Western Europe and former eastern bloc countries followed Russia as the most prolific sources of attacks.

Over 3,500 individual attacks were detected by the sensor net and analysed. Over 500 were sourced in Russia. Former soviet states like the Ukraine and eastern bloc countries like Romania source a disproportionate number of attacks when compared with their population, or number of Internet users.

Given that malware is not (usually) targeted at a particular geographical area, perhaps the proportionately high number of attacks from FSU and eastern bloc countries indicates that they have a less sophisticated countermeasure infrastructure – the lack of large scale Intrusion Prevention Systems (IPS) operated by Internet Service Providers (ISPs) may be leaving their citizens open to attack (and free to attack others).

Not only would it appear that the number of attacks is not proportional to the number of computers in a country, it would also appear that it not propotional to the number of infected computers in a country. A recent report by Microsoft states that the USA has the most infected machines in the world – four times as many as second place Brazil. The numbers are staggering, in the first six months of 2010, Microsoft removed 6.5 million bot infections worldwide, 3.5 million of which were infected with the botnet ‘kit client’ Rimecud. If the skew in the figures isn’t related to the number of infected computers, it must be related to the ability of those computers to further infect others, yet more evidence in favour of the ‘less countermeasures’ argument.

Leave a comment if you have a theory that can explain the attack distribution in the chart above.