'Botnets' on the rise in Asia, Symantec says

Hijacked systems and spam remain a concern for the region, according to a new report from the security firm.

update SINGAPORE--More computers in the Asia-Pacific region are being hijacked and used remotely by hackers to send viruses, according to a new study released by security vendor Symantec.

The number of "bot-infected" systems in China alone, grew over 140 percent in the first six months of 2005 over the same period last year, said Adrian Tham, Symantec's systems engineer manager for Southeast Asia, in an interview with ZDNet Asia.

But despite the increasing number of bot-infected computers in Asia, they contributed less than 20 percent of the total number of infected systems worldwide, he said.

Edward Lim, Symantec's general manager for Singapore, noted that there has been an increase in "botnets" across the globe. According to the company's eighth biannual Internet Security Threat Report, the number of "bots" during the first six months of this year increased to 10,352 a day, from fewer than 5,000 in the second half of 2004. The data was derived from readings of over 24,000 sensors located worldwide.

This is a significant dip, however, compared to the first half of 2004 where over 30,000 bots were detected per day.

Three Asian cities--Seoul, Beijing and Taipei--were ranked among the top 10 cities worldwide with the most number of hijacked systems. Seoul contributed 24 percent of the number of infected computers in the Asia-Pacific region, while Beijing and Taipei contributed 17 percent and 14 percent, respectively.

At least two countries, Korea and Japan, have seen an uptrend of broadband penetration, something which Tham said attributed to the increase in the number of compromised systems.

Denial-of-service (DoS) attacks, a primary function of "bot"-infected networks, grew by over 680 percent during the first half of the year. The average number of attacks increased to 927 attacks per day, compared to an average of 119 attacks per day during the months of June to December 2004.

Leading attack
According to Symantec's report, the top attack in the Asia-Pacific region during the first six months of the year was a DoS attack known as, the Generic TCP SYN Flood. This contrasted with the global scenario, where the Slammer worm has occupied the top attack spot for the past four reporting periods.

In addition, information taken from sensors located across the region showed that many countries in the Asia-Pacific were the host of security attacks in this region.

While the United States was the leading host of attacks against infected systems in the Asia-Pacific, accounting for 42 percent of total attacks, Australia, China, Taiwan, Singapore, Hong Kong, Philippines and South Korea also made it to the top 10 list.

Tham noted that the company expects the number of "botnets" to increase over the next year, and warned that the attacks would likely become more sophisticated.

Spam was also another area of concern for the Asia-Pacific region. From January to June this year, 23 percent of spam originated from Asia, excluding Japan. The region's spam output was second only to North and South America, from which 61 percent of spam originated.

However, while the Americas showed a decline in spam, Asia's spam grew steadily over the six-month period with an average growth of 28.9 percent. The Pacific and Japan also recorded positive six-month growth in the origin of spam, at 37.7 percent and 37.4 percent respectively.

Tham pointed out that given the use of "botnets", spam e-mail targeting computers in region may not necessarily have originated from spammers based in the same location.