More evidence of U.S. as malware capital

Contrary to beliefs that overseas crime networks and unemployed computer programmers in Eastern Europe remain the leading sources of virus code on the Internet, new research supports the growing perception that the United States is producing greater volumes of malware code than any other region of the planet.

According to security hardware maker Finjan's latest Web Security Trends Report -- which analyzes data collected by the San Jose-based firm over the first three months of 2007 -- more than 80 percent of the Web sites it found to be distributing malicious code were hosted on servers located in the U.S.

Although Finjan officials concede that much of the malware distributed by those sites may indeed be written and controlled by hackers operating outside of the U.S., the results indicate that efforts by legislators and law enforcement officials to crack down on illegal computing activity in the nation may not yet be succeeding.

According to the Q1 Finjan report, published on March 26, the United Kingdom ranked second in the list of countries hosting infected sites, accounting for roughly 10 percent, followed by Canada, Germany, and Italy. Noticeably absent from the top of the rankings are Russia and China, which have been widely perceived in recent years as leading sources of malware worldwide.

Finjan'sresults jibe with rival Symantec's latest Internet Security Threat Report -- released earlier this month -- which also maintains that attacks are increasingly emanating from sources in the United States. Symantec's research, which focused on all types of threats, not just Web-based attacks, reported that the U.S. is the source of about 31 percent of all malware and phishing schemes.

The reason why so many threats are coming from sites hosted in the U.S. and other relatively wealthy nations -- most of which have stricter laws in place to combat such efforts than their developing neighbors -- is simple, said Yuval Ben-Itzhak, chief technology officer at Finjan.

No matter what region the code writers live in, he said, attackers are flocking to markets where the most money is changing hands to carry out their crimeware schemes, and increasingly doing so by hijacking legitimate URLs to pass out their work.

"If you look back at many reports over the last few years, the perception has been that the malware is coming from Russia and other areas where laws are fewer and harder to enforce, but when we analyzed the live end-user content, we realized that a vast majority of malware was coming from servers in the U.S. where there are advanced laws and practices," Ben-Itzhak said.

The upside of the issue is that security researchers can take action when they find malware URLs that are based in the U.S. by reporting them to authorities and applying pressure to the companies hosting the sites to take them offline.

For the most part, the malware delivery pages are supported by cheap hosting companies that don't appear to closely monitor their behavior, Ben-Itzhak said. But an even more alarming trend is the high number of attacks being passed along to end-users via seemingly legitimate sites.

In many of those cases, the attacks are being served up as advertisements that site operators may not even recognize as malware sources, making the situation even harder to fight.