Report: Malware capital of the world is Shaoxing, China

Report: Malware capital of the world is Shaoxing, China

Summary: Computer security firm Symantec announced on Monday that Shaoxing, China was malware capital of the world last month.

SHARE:

Computer security firm Symantec announced on Monday that Shaoxing, China was malware capital of the world last month.

That's just one of the takeaways in the company's March 2010 MessageLabs Intelligence Report, an analysis of the origins of targeted attacks and malicious emails used to gain access to sensitive corporate data.

According to the company's research, nearly 30 percent of targeted malware attacks came from China -- with 21.3 percent from Shaoxing alone. Runner-up to the crown was Taipei, at 16.5 percent, with London taking the bronze at 14.8 percent.

On a national scale, China trumped all, followed by Romania, with 21.1 percent of attempted attacks, and the United States, with 13.8 percent.

There is lots of great data in this report. For example, the majority of targeted malware sent this month originated in the U.S. based on mail server location, at 36.6 percent. When arranged by sender location, however, the previously stated figures hold true.

"When considering the true location of the sender rather than the location of the email server, fewer attacks are actually sent from North America than it would at first seem," said Paul Wood, MessageLabs Intelligence Senior Analyst, in prepared remarks. "A large proportion of targeted attacks are sent from legitimate webmail accounts which are located in the U.S. and therefore, the IP address of the sending mail server is not a useful indicator of the true origin of the attack.

"Analysis of the sender's IP address, rather than the IP address of the email server reveals the true source of these targeted attacks."

More takeaways from the report:

  • The most common file types attached to all malicious emails were .XLS and .DOC.
  • The most dangerous file type was encrypted .RAR files.
  • .XLS and .DOC each accounted for 15.4 percent of file attachments.
  • The top four most common file types (.XLS, .DOC, .ZIP and .PDF) accounted for 50 percent of attached files.
  • Despite being just 0.32 percent of attached files, .RAR files were compromised 96.8 percent of the time.
  • .EXE files were compromised just 15 percent of the time.

The report also took a more global tack:

  • At 95.7 percent, Hungary was the most spammed country in March 2010.
  • At 1 in 90.9 emails, Taiwan was the most targeted country for email-borne malware in March.
  • At 1 in 254.8 e-mails, Britain was the most active country for phishing attacks in March.

Symantec found that the Rustock botnet sent considerably more spam using Transport Layer Security, or TLS, at 77 percent during March.

Spam using TLS accounted for approximately 20 percent of all spam in March, according to the report.

More highlights for March 2010:

  • Spam: In March 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 90.7 percent, an increase of 1.5 percentage points, month-over-month.
  • Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 358.3 emails, a decrease of 0.05 percentage points MoM.
  • Phishing: Phishing activity was 1 in 513.7 emails, a decrease of 0.02 percentage points MoM. But phishing increased, relatively speaking, compared to other email-borne threats.
  • Web security: 14.9 percent of all web-based malware intercepted was new in March, an increase of 1.6 percentage points MoM.

And finally, some industry trends for March 2010:

  • Engineering was the most spammed industry sector, followed by education, pharmaceuticals, IT services, retail, government and finance.
  • The public sector was the most targeted for malware.

You can find the full report here (.pdf).

Topics: Security, Collaboration, Malware

Andrew Nusca

About Andrew Nusca

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. During his tenure, he was the editor of SmartPlanet, ZDNet's sister site about innovation.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion
  • To go along with China's....

    To go along with China's (sold in the USA) toxic wallboard, toxic toothpaste, killer dogfood ingredients, counterfit drugs...and much, much, more.
    Tom12Tom
    • But the the circle on the west coast seems

      very close to being centered over Symantec.

      Hmmmm...... :)
      John Zern
    • yay China!!!

      Without the Killer products from China how else can we consume ourselves to death at the local Wal-mart?
      chcallahan@...
  • RE: Report: Malware capital of the world is Shaoxing, China

    Interesting report given that China uses their digital curtain to prevent freedom of speech and jumps all over Google for not playing along. Why can't they apply the same digital curtain to keep their garbage in?
    makethatpage
    • good point

      That's a good point. I suspect their great firewall is not as good as we're lead to believe (which is a good thing).

      gary
      gdstark13
      • re: good point

        their great firewall is fine I'm sure, it's just on the wrong side of the border. ;-)
        rtk
  • People from Zhejiang province

    are widely reputed to possess great entrepreneurial talents....

    Henri
    mhenriday
  • RE: Report: Malware capital of the world is Shaoxing, China

    Is it not simply within the scope of internet power to shut these "Terrorists" down? They obviously threaten and pose threats to everyone's security. These are groups whom for their own purposes - ideological or political reasons; seek to thwart stability. Shut them down...
    Monday_Galileo
  • Non-sequiteur

    "In March 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 90.7 percent..."

    Ratios and percentages are not interchangeable terms, Andrew. A journalist covering statistical topics should know that.
    Lester Young
    • Good to see Romania and Hungary hanging in there though

      They often get left behind in the greater mix of things, if not ratio-wise then by percentages. :p
      klumper
  • News flash: Bad stuff comes from China!

    Tell that to people who's vehicles crashed because of
    shoddy Chinese tires,
    http://www.businessweek.com/magazine/content/07_30/
    b4043005.htm , or better yet to those whose pets died
    because of industrial chemicals in pet food,
    http://www.nytimes.com/2008/02/07/business/worldbusi
    ness/07pet.html?_r=1 . Luckily the poisonous toothpaste,
    http://www.nytimes.com/2007/05/19/world/americas/19
    panama.html , didn't make it to the US, and they kept their
    nutrient-free infant formula,
    http://www.nytimes.com/2008/09/16/world/asia/16milk.
    html , to themselves!
    matthew_maurice
    • bogus info?

      your info appears bogus. not a single one of your links works.
      zdnet@...
  • RE: Report: Malware capital of the world is Shaoxing, China

    Makethatpage wrote:
    < Interesting report given that China uses their digital curtain to
    prevent freedom of speech and jumps all over Google for not playing
    along. Why can't they apply the same digital curtain to keep their
    garbage in? >

    The answer is simple. Wherever at this age, in spite of quantum leaps
    in digital surveillance, a massive amount of crime, terrorism, etc. still
    exists, its source is the government, whether directly or via proxy.

    (Not *all* of the government, of course, just a certain part. Usually a
    close-knit group in its intel/armed services, near to the top political
    leader/s.)
    mrdelurk@...
  • I would have thought the real Malware capital

    was Seattle Washington.

    Just like in the old saying "All roads lead to Rome", as once they figuratively did, so too do all Malware vectors lead to Seattle Washington.

    The Chinese are merely taking advantage of a situation, as too are Symantic and the rest of the "Anti" Malware "Industry".
    tracy anne
    • What a coincedence

      Here we're talking malware, and your post appears.

      It seems ZDNet isn't immune from it either! :)
      John Zern
      • Mine

        Is probably the only post that points to the real problem with Malware, and in doing so actually hints at the real long term solution.
        tracy anne
        • Yours

          is the only post that makes false assumptions in laying blame.

          Nuke redmond, malware will continue to exist.
          rtk
          • i never said it would go away

            I merely pointed to the reason it is so successful, and hinted at a solution.
            tracy anne
    • "Malware" capital

      Tracy,

      You are sooooo close. I thought the malware capital of the world is located in Redmond, Washington.
      fatman65535
  • malware capital...

    er, i thought that was someplace called Adobe?!
    jiagebusen