U.S. is a hotbed of botnet activity, says McAfee

U.S. is a hotbed of botnet activity, says McAfee

Summary: Two unlikely suspects emerge from a list of global botnet control servers: the U.S., and for some reason a small British-owned island in the Caribbean.

TOPICS: Security

If your computer has, say in the past few months, fallen victim to a botnet, you might be surprised to find out which country its control servers are in.

Why? According to security firm and anti-virus maker McAfee, the U.S. tops the list of countries hosting active 'command' servers, and the second is a former British colony island and popular tourist destination in the middle of the Caribbean, the British Virgin Islands.

And there you were thinking it was somewhere in the Middle East, Russia, or China. Tsk, tsk.

Map of the global distribution of active botnet control servers. (Credit: McAfee)

According to the company, McAfee has millions of endpoints and network security appliances sending data back to the company's Global Threat Intelligence unit, combined with good old fashioned pen-to-paper research, to determine exactly what the state of the dark side of the Internet looks like.

Here's the list:

  1. United States: 631 active command servers
  2. British Virgin Islands: 237 active command servers
  3. Netherlands: 154 active command servers
  4. Russia: 125 active command servers
  5. Germany: 95 active command servers
  6. Korea: 81 active command servers
  7. Switzerland: 77 active command servers
  8. Australia: 63 active command servers
  9. China: 48 active command servers
  10. Canada: 38 active command servers

You can see from the image that the countries labeled in yellow are the main hosts of active botnet control servers. There's a focus on two particular areas: Western Europe and the United States. 

While there's a relatively equal spread of botnets across Asia, Northern Europe and parts of the Middle East, it's the most developed nations that are most vulnerable—understandably, considering botnets recruit ordinary end-user PCs and Macs that turn into 'zombie' machines in order to carry out distributed denial-of-service (DDoS) attacks and serve up other nasties. 

Late last year, the U.S. Department of Justice and the FBI, with help from other international law enforcement agencies, smashed a cybercrime ring that ensnared more than 11 million machines worldwide. Facebook's security teams assisted the Justice Dept. after the social networking giant found variants of the Yahos malware, which affected users of the social network.

It was thought to have been one of the largest botnets in history, pegging in at more than $850 million in total worldwide losses.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Last I checked...

    ...the British Virgin Islands were a current British colony and content to remain so.
    John L. Ries
    • Well, not exactly...

      I doubt any place want to be called a "colony" these days. BVI is a non-sovereign overseas territory of the UK, which is internally self-governing. See http://www.bvitourism.com/bvi-facts for their spin, and all kinds of tourist info! Too bad about those C&C Servers!
      • It's a colony

        The term is now perjorative, but except for the responsible ministry, the BVI are governed in much the same way that places like Virginia or New York were 250 or so years ago (crown governor sharing power with an appointed council and a directly elected assembly). Indeed, there's been very little change in the way self-governing British colonies have been organized since about 1850.
        John L. Ries