Akamai: Russia responsible for 12% of malicious attack traffic

Russia has bypassed the U.S. as the top source for malicious attack traffic in the fourth quarter of 2010, according to data from Akamai Technologies’ latest State of the Internet report.

The report, which uses data collected from hundreds of millions of connections to Akamai Internet Platform servers, Russia was responsible for 12 percent of attack traffic while the U.S. dropped to fifth place globally with 7.3 percent of the observed attack traffic.

Taiwan (7.6 percent), Brazil (7.5 percent) and China (7.4 percent) rounded out the top five.

The report, which focused on quarter-to-quarter trends, also found that attack traffic concentration among the top 10 targeted ports dropped significantly from the third quarter, with the top 10 ports responsible for just 72% of the observed attacks (down from 87% in the third quarter of 2010).

This difference is mostly accounted for by the continued decline in the percentage of attacks targeted at Port 445 (Microsoft-DS), down from 56% to 47%, and Port 23 (Telnet), down from 17% to 11%, as shown in Figure 2. Although the McAfee Threats Report: Fourth Quarter 20101 notes that Conficker (historically associated with attacks targeting Port 445) was an active threat in the third quarter, and that it resurfaced in the fourth quarter, the steady decline of attacks on Port 445 is an encouraging sign that efforts to mitigate the threat continue to see success.

The report found that most of the top 10 ports were consistent with past quarters, though in the fourth quarter, Port 5900 (VNC Server) ceded its position on the list to Port 9415, which is officially “unassigned” to any specific application (see image).

(Click image for full size)

The increase in traffic on that port may be related to a Koobface variant related to a Chinese language instant messaging (IM) client, Tencent QQ, which had been targeted by malware served by Network Solutions Web sites and parked pages, Akamai said.

The report also found that Port 9415 was among the top five ports for attacks sourced from China, which is in line with the findings regarding Koobface/Tencent QQ.

Once again, in Turkey and Egypt, attacks targeted at Port 23 were responsible for significant- ly larger percentages of observed attacks than the second- most targeted port (445, in both countries). Port 22 (SSH) again led the list of targets of attacks sourced in China, with attacks on that port responsible for more than 2x the next most-targeted port (445).

Click here to download a copy of the full report (.pdf).