ACMA goes public with ISP malware statistics

Although ISPs and network operators have had access to the rough figures of malware infections for some time, the Australian Communications and Media Authority has now begun publishing the statistics for the public.

The Australian Communications and Media Authority has begun publishing statistics of Australian malware infections that internet service providers (ISPs) and network operators regularly report to the Australian Internet Security Initiative (AISA).

The information has been previously used as part of Australia's voluntary iCode — a scheme to notify users to the fact that they are unknowingly infected by malware — but now the statistics are available for anyone to see.

On average, 16,500 reports are generated per day, and the ACMA's website now gives users a fair idea on how this figure is trending over a 90-day period, and which types of malware are the most prevalent.

For instance, the ACMA notes that the Zeus variants of malware are the more prevalent infection type that it sees reported.

The data does, however, come with a number of caveats. In particular, a single malware report might be for a particular IP address, but this does not provide any insight into the scale of infection, especially if multiple infected devices share the same public-facing IP address.

Similarly, the sources of data may change, and the types of malware that are being monitored may vary as new threats emerge and others decrease in risk. This means that a dramatic spike or drop in malware reports could simply mean that a reportee stopped providing that information. For example, AISA's statistics on the Flashback malware show zero reported infections since April 28, although it is unlikely that the threat has been completely eliminated.