China on the rise as overall spam and virus levels decline

30/9/09

The level of spam and viruses has dropped for the second month running, as the US and Brazil continue to be the primary sources, according to managed security firm, Network Box.

Network Box’s analysis of internet threats in September 2009 shows that although the overall level of spam and viruses has dropped slightly, viruses originating from Brazil have risen by two per cent, and China has replaced Korea as the third largest source of spam, its levels rising by just one per cent in September.

Brazil is back on top as the world’s number one source of viruses, with 16.4 per cent of viruses coming from the country, beating the US by 4.6 per cent and Korea by a massive 10.4 per cent.

Although Brazil also tops the spam charts, levels of spam originating from Brazil has dropped by 1.6 per cent in September. Levels of spam from the US have also dropped by 1.10 per cent.

Phishing attacks remain consistently high at 33.2% of all viruses.

Simon Heron, Internet Security Analyst for Network Box says: "The concern here is the proportion of phishing attacks. It suggests that this is proving to be a successful tactic and it can be seen that the exploits are becoming increasingly sophisticated. So IT departments should take this opportunity as people are back from holiday to repeat their warnings about phishing, make themselves aware of the threat and ensure their defences are fully updated."

Top Ten Viruses

Threat Name	Daily Average %
spam.phish.url	33.25114
trojan-spy.html.fraud.gen	16.26929
nbh-bgtrack	15.81482
trojan-downloader.win32.murlo.cba	7.61366
nbh-bscript	4.70333
packed.win32.krap.w	4.53623
nbh-bbadhdr	1.86078
trojan-downloader.win32.fraudload.fpw	1.13226
spam.hoax.hoax_raturine_4	1.05498
backdoor.win32.ultimatedefender.yw	0.71879

Top Ten Trojans

Threat Name	Daily Average %
trojan-spy.html.fraud.gen	0.43957
trojan-downloader.win32.murlo.cba	0.26377
trojan-downloader.win32.fraudload.fpw	0.02928
trojan-downloader.win32.fraudload.wspk	0.01489
clm.email.trojan-114	0.00571
clm.trojan.agent-121560	0.00378
trojan.win32.tdss.aqvf	0.00373
clm.email.trojan-100	0.00196
trojan-spy.html.bankfraud.bh	0.00112
trojan-downloader.win32.injecter.ga	0.00037

Top Ten Intrusions Excluding NBIDPS

Threat Name	Daily Average %
NETBIOS	33.96656
BOGON	6.89622
PINGFLOOD	0.53805
HTTP-S-WEBDAV	0.10019
ICMP	0.08865
HTTP-S-WEBDEX	0.01814
HTTP-S-UNIXATTACK	0.01180
SOBIG-F	0.01022
HTTP-S-NIMDA	0.00371
HTTP-S-IISATTACK	0.00123

Top Ten Intrusions Including NBIDPS

Threat Name	Daily Average %
NETBIOS	33.96656
BOGON	6.89622
PINGFLOOD	0.53805
HTTP-S-WEBDAV	0.10019
ICMP	0.08865
HTTP-S-WEBDEX	0.01814
HTTP-S-UNIXATTACK	0.01180
SOBIG-F	0.01022
HTTP-S-NIMDA	0.00371
HTTP-S-IISATTACK	0.00123

Top Ten Firewall blocks by Port

Protocol / Port	Daily Average %
TCP:80	17.17509
UDP:137	9.39573
UDP:53	7.60938
UDP:123	5.62248
TCP:8080	3.39387
TCP:25	3.04390
UDP:161	2.81312
UDP:138	2.71266
TCP:443	1.92703
TCP:8192	1.89637

Top Ten Sources of Viruses

Country	Daily Average %
br	16.48873
us	11.79432
kr	6.00959
in	4.96209
pl	3.81939
ru	3.75895
cn	3.32574
ar	3.17975
co	2.77500
gb	2.25185

Top Ten Sources of Spam

Country	Daily Average %
br	10.08964
us	7.50163
cn	6.86051
vn	6.59347
kr	6.16060
in	5.47431
pl	3.51102
ru	3.17654
co	2.32225
ro	2.25897

Top Ten Sources of Intrusions

Country	Daily Average %
kr	15.02243
hk	12.84834
us	11.66075
cn	7.33018
br	6.51321
vn	5.16672
au	3.82360
my	3.31863
in	3.29885
pl	1.52050

Top Ten Sources of Firewall Blocks

Country	Daily Average %
us	18.67174
my	17.41071
kr	14.80222
cn	13.58142
au	8.13766
hk	4.28596
gb	2.65187
ca	1.35240
ar	1.14069
jp	1.08453

For more information on security issues, see www.network-box.co.uk, or visit Simon Heron’s blog at: http://blog.network-box.co.uk/, or follow Simon on Twitter: http://www.twitter.com/networkbox.

Back

View a printer friendly version of this page