Cyber crimewave sweeps Canada

The number of botnets, phishing domains, and malicious networks residing in Canada has soared. Are crackdowns on command-and-control servers in the U.S. to blame?

Canada has become a major hub of the central servers that manage and maintain networks of compromised computers, known as botnets, that are the backbone of many criminal enterprises.

So far this year, the number of botnets -- as measured by command-and-control servers -- jumped by 53 percent in the past eight months, according to the latest data from security firm Websense. In addition, the number of phishing sites hosted on Canadian servers has more than quadrupled, putting the country in second place -- behind the United States -- for preferred parking of phishing domains. The increase in malicious networks and servers has resulted in Canada jumping to the world's No. 6 source of cyber crime, up from No. 13 in 2010.

Cyber criminals may be reacting to poor uptime in many developing nations and recent enforcement actions that have resulted in malicious servers being shut down in the United States, according to Dan Hubbard, chief technology officer for Websense.

"From the attacker's standpoint, it is generally a balance between risk and availability," Hubbard says. "They may have had problems with servers being up and running. Nothing is worse than spending a bunch of time and energy compromising servers and then having them go down and not being able to use them."

For attackers, the reliability of the U.S. Internet infrastructure is a boon. When they establish a command-and-control server on U.S. soil, they do not have to worry about uptime -- until recently.

In March, U.S. Marshals enforced a judgement against the operators of the Rustock botnet, pulling servers from data centers in seven U.S. cities. In April, federal law enforcement took similar action against the Coreflood botnet.

The takedowns may be taking their toll against cyber criminals, says Hubbard. The company has ruled out skewing in the data that might occur if a single large provider in Canada had been compromised.

"We have seen a minor decrease in the U.S.," Hubbard says. "Are the takedowns in the U.S. pushing people north of the border? That is still, to date, the most accurate hypothesis we have."

This article, "Cyber crimewave sweeps Canada," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow on Twitter.

Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform