Network News

X My Profile
View More Activity

Report: China Home to Half of All Malicious Web Sites

More than half of the Web sites foisting malicious software on visitors are located at networks in China, according to data released today., a joint project between researchers at Harvard, Oxford and Google, found that 52 percent of the more than 200,000 infected sites the group analyzed in late May were hosted at Chinese networks. In contrast, U.S.-based networks accounted for 21 percent of the bad sites, Stopbadware found.

The sites examined in the study were all reported as malicious by Google, which interestingly enough ranked as the 6th largest source of malicious Web sites in this report, with 4,261 malware sites. Most of those appear to be the result of scammers and virus writers devising ways to automate the creation of sites at Google-owned

This report was released more than a year after Stopbadware's inaugural malicious sites study, which examined the network distribution of about 50,000 nasty domains. However, earlier this year, Stopbadware released interim statistics. A Stopbadware blog post from March also named Google as the 6th largest source of malicious sites, with roughly 3,772 hostile sites.

The numbers from just one month prior paint a much harsher picture for Google. Stopbadware never published these figures, but a source involved in the group's effort shared data with Security Fix showing Google and Blogger as the 4th largest source of malicious sites, with more than 10,000 such domains. See the comparison charts by clicking on the graphic to the left.

Max Weinstein, project manager for Stopbadware, said the group plans to begin releasing stats on a monthly basis. Weinstein said he believes the spike in malicious domains at Google properties was due to the company's recent aggressiveness in scanning its own sites for malware.

"When that first happened, Google's numbers shot way up," Weinstein said.

Some good news from the report: Last May's study found that U.S. Web host iPowerWeb was home to the largest concentration of malicious Web sites. A subsequent investigation by Security Fix suggested that approximately 33 percent of the company's 700,000+ Web sites were hacked to serve up some kind of malicious software. iPower now appears to have cleaned up its act, as it's not even listed in the top 250 most infected networks in this report.

By Brian Krebs  |  June 24, 2008; 4:40 PM ET
Categories:  Fraud , From the Bunker , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: New Trojan Leverages Unpatched Mac Flaw
Next: Security Update for Adobe Reader, Acrobat


The ongoing computer battles between China and Japan are not new.

Of the sites noted in the caption,. how many have been associated with Chinese government or triad covert activities ?

Posted by: brucerealtor | June 24, 2008 10:44 PM | Report abuse

Even if 'the public' does not have an answer to the above question, one would hope that NSA, et. al. do.

Posted by: brucerealtor | June 24, 2008 10:46 PM | Report abuse

Seems like an obvious solution here... China's traffic all goes through a very limited bottleneck so they can implement the "great firewall", right?

So that suggests that from the rest-of-the-world's side of the bottleneck it should be pretty easy to put a block on the problematic sites that would be difficult or impossible for the perpetrators to work around.

Posted by: Dirty Davey | June 25, 2008 10:22 AM | Report abuse

To the extent that the improvement in iPower's behavior can be correlated with highlighting their hsting of malware in Security Fix's posting, Brian, you can be proud! Thanks!

Posted by: Pete from Arlington | June 25, 2008 11:16 AM | Report abuse

Triad? Really? They're involved?

Posted by: Rick | June 25, 2008 1:40 PM | Report abuse

No surprises here Brian, who would expect any less from our most devoted enemy Communist China.

Posted by: usaircop | June 25, 2008 3:10 PM | Report abuse

Re: Dirty Davey's comments

Is there a range of IP addresses that we can use in our routers to block Chinese websites? What about Russia?

Posted by: ChokeTheDragon | June 25, 2008 10:13 PM | Report abuse

I like the idea of a two-way bottleneck. I personally have waged a war with perfspot about there uncontroled advertzers. that problem seems to be that my email address can but obtained easily, and spam sent to me, but the 'deals' are 'not available in my area'. but then why can't my 'yahoo mail' that sorts my 'in box' and 'spam' just send the spam back to the sender and put tons of spam back to the source. and then there is the 'free' downloads of anti-virus that scan my computer but will not delete the problems until i buy their product. it seems that i grew up in a nicer time being born in 1944 and looking for jobs that where plantifull in the 1950-60's people were not on prupose trying to get money from others then. i learned to stand on my own two feet and work, now people want to set-down and con others.

Posted by: leroy f slater | June 26, 2008 8:21 PM | Report abuse

"Block 'em all", like "Nuke 'em all" is probably not the best solution. This is a social rather than technical problem and those are the most difficult of all to cure.
One possibility would be to incorporate anti-malware laws into the U.S. Business Codes. Because all wishing to do business in the U.S. must follow our laws,this would give us considerable leverage in efforts to get forign governments (and all business entities) to clean up their act.

Posted by: Klaatu | June 27, 2008 12:59 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company