September 20, 2007 9:14 AM PDT

China leads Asia in malicious online activity

China leads Asia in malicious online activity, racking up 42 percent of the action in the first half of 2007, up from 39 percent last year.

According to Symantec's biannual Internet security threat report released on Wednesday, China topped the Asia-Pacific region, including Japan, in malicious activity, producing the most malicious code, spam zombies, bots and attacks between January 1 and June 30.

China's bot-infected computers made up 78 percent of those in the region. Taiwan had the next highest number of bots, but only at 7 percent.

China's high level of malicious activity can be attributed to its high rate of counterfeit software.

Noting that the majority of China's Windows users use counterfeit versions, Ooi Szu Khiam, a senior security consultant at Symantec Singapore, said during a press briefing: "If you don't have a genuine version, you can't register for patches, and those who don't patch their systems are open to a growing number of exploits."

Ooi added that users become "sitting ducks" as they leave themselves open to malicious attacks by not applying security patches.

Offering another reason for China's vulnerability, Ooi said: "Resources to build infrastructure is finite, so not enough spending may be directed to securing the networks."

Building a proper security system requires a "multiple and mutually supportive defensive system," Ooi said. A security system needs to be secured at all points, including the ISP, network and device.

The amount of spam originating from China, which makes up 25 percent of APJ-originating spam, puts China at the top of the list, Ooi said, noting that this volume is driven largely by the vast number of botnets and spam zombies.

"All you need to do is install a spam plug-in for your botnet, and the botnet is in action," he said. "Many bots are designed to be used mainly to send spam."

Victoria Ho of ZDNet Australia reported from Sydney.

See more CNET content tagged:
China, bot, Asia, region, malicious code

2 comments

Join the conversation!
Add your comment
Brain Dead Yahoo Mail
The problem is not China, it is the U.S. for having 20th Century email and web security technology.

The brain dead people at Yahoo still have not released a Yahoo Mail feature that allows customer blocking of email from country level domains. Why should I be forced to see spam email from China? Does Yahoo think I really want to see 20 emails a day hawking Rolex watches and "love pills"?
Posted by Stating (869 comments )
Reply Link Flag
China as an Internet Threat - The facts!
I really do find some of the current wave of rhetoric about the threat to the internet from China really worrying, if not downright dangerous for international relations. I suppose it a good topic for poor technical journalism, to gain publication in US & European journals / web. Old adage; "Why let the facts spoil a good story"?

Let me make my position clear, I am not Chinese and I do not live in China, however I do know a thing or two about internet security threats. Here are some facts for the readers who possibly might read the above article and take it as factual:

(a) As of Sept 20 07 the US is the clear leader in known Spam issues, by 5:1 over China (ref Spamhaus.org).

(b) The internet is global and any quantitative analysis must base itself on comparative users. Reasonable estimates now show about 2:1 of Chinese internet user access over US users and anywhere from 5 to 20:1 over other Asian countries. Based on this on any Spam or malware distributor estimation this would place China about tenth on any list on countries, and well down the list in Asia.

(c) In China there are severe legal penalties for such acts, recently Yahoo could distribute malware to 15 million of its users and hardly gets a technical press mention, and no legal sanction.

(d) Why you may ask am I so concerned? On a recent exploit tracking exercise, despite apparent Chinese language sites being the cause. These sites were actually based and funded out of Toronto with bullet proof servers out of San Francisco!

Remember it is just as easy to get a free mail.cn / low cost Chinese based hosting, or mail.ru for that matter, being based in the US. As it is to get a Hotmail or Yahoo hosting account.
Posted by Jart351 (3 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.