More than half the sites spreading malicious code are hosted on Chinese networks, an anti-malware group said Wednesday.
Of the over 213,000 malware-hosting sites analyzed last month by Stopbadware.org -- a joint effort of researchers at Harvard, Oxford and several corporations, including Google and Sun Microsystems -- 52 per cent were hosted by servers running Chinese IP addresses. Of the top 10 networks serving malicious code, six are Chinese.
The US hosts 21 per cent of the malware sites, giving it the dubious honor of second place.
Stopbadware.org, which uses data collected by Google's crawlers, wouldn't speculate on what proportion of the sites, Chinese or otherwise, were deliberately hosting malicious code and what fraction were actually legitimate sites that have been hacked. But the dramatic year-to-year growth in the number of sites serving up malware is likely due to a boom in site hacking.
"It's hard to tell how much of the increase is due to Google expanding its efforts [in scanning for malicious sites] but by other reports and researchers, it's reasonable to say that the growing number is in large part due to the growth in [SQL injection] attacks," said Maxim Weinstein, the manager of Stopbadware.org.
With Google fingering only 45,000 to 50,000 sites last year, May's number is up more than 300 per cent. "There's just a much larger number of infected sites out there," said Weinstein.
The number of hacked sites, most compromised through SQL injection attacks, has soared in 2008, with some estimates of the total number of hijacked legitimate pages reaching as high as three million. The problem has become so acute, said Microsoft yesterday, that it and Hewlett-Packard joined forces to launch free tools that site developers and administrators can use to search for vulnerable code and block incoming attacks.
And while Stopbadware.org had some success last year in getting some US-based networks to clean out malware-hosting sites, Weinstein didn't sound as confident that the group could make the same progress with Chinese operators.
"It's a bigger challenge, to be sure," he acknowledged. "We don't understand the landscape nearly as well. We have attempted to contact all the Chinese networks, but we haven't always been successful. It's tougher when you start crossing national and cultural lines."
But Stopbadware.org's is still trying to contact network owners and convince them to shut down deliberate hosts and help legitimate sites eradicate malware that's made it onto their servers, Weinstein said. "We want to get these conversations going," he said. "We've shown that when the parties are willing to talk, the approach works. We hope to see the same sort of approach working in China."