63% of Malware Emerges from U.S. Sites, Report Says

A Cyveillance report chronicles a continued rise in malware distribution and phishing attacks.

U.S.-based Web sites hosting malware are responsible for the majority of malware distributed on the Internet, according to a report by security company Cyveillance. (PDF)

The companys "Online Financial Fraud and Identity Theft Report" found that Web surfers visiting sites based in the United States are more at risk from malware attacks and online identity theft than visitors to sites based in other countries, with more than 63 percent of malware distributed to visitors via tainted U.S.-based Web sites.

In addition, 25 percent of malware-hosting sites, where the actual binary malware files are hosted and served up, are based in the United States. China leads the way with 34 percent of malware-hosting sites, the report found.

"We believe that this is simply a case of following the money," said Todd Bransford, vice president of marketing at Cyveillance, based in Arlington, Va. "The criminals want access to the computers of U.S. citizens so they can eventually tap into their financial resources. Therefore, they distribute malware on sites visited by U.S consumers."


Click here to read more about evolving malware trends.

Malware drop sites collect sensitive and personally identifiable information; 50 percent of sush sites are hosted in the United States, the report found. The percentage surprised Bransford, who explained that researchers expected to see a higher percentage of these sites in Eastern Europe and Asia.

"Obviously, a drop site hosted in the United States can be accessed from anywhere in the world, so the high percentage of U.S.-based drop sites may be more a factor of the simplicity and level of automation afforded by U.S. service providers to criminals … with a stolen credit card number," he said.

The report includes data collected and analyzed between April 1 and June 30, 2007, based on information collected from more than 200 million unique domain name servers and 150 million unique Web sites. Some 2 million URLs were found to be distributing malware.

"Conservatively, it is fair to estimate that malware attacks via the Web doubled in Q2 compared to Q1," Bransford said. "Given that more than 60 percent of these sites were hosted in the United States, it seems fair to assume that the malware threat to U.S. citizens on the Web is up 100 percent."

The Cyveillance report also recorded a 20 percent increase in the aggregate quantity of brands targeted, indicating that phishers continue to change targets. Since 2005, over 1,400 companies have been attacked, the report concluded.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.