Leapfrogging the US as the largest Internet market in the world apparently wasn't enough of an achievement. In a move that's sure to freshly inflame Sinophobes comes a report that China has overtaken the US in that all-important measure of online development and ingenuity: bot production.
Here's one lead the US can only be too happy to cede to China... or any other country.
"China emerged as the worldwide leader in both zombie production and the execution of SQL-injection attacks, while Internet-based attacks played a bigger role and will continue to do so as cybercriminals target the most popular social destinations in 2010," said Mike Gallagher, senior VP and CTO at McAfee Labs, in a statement.
Other interesting snapshots from McAfee Inc. (NYSE: MFE)'s "Q4 Threats Report":
But China's newly attained (or perhaps better stated, newly documented) prominence in malware and cyber-offense is the real news. In the fourth quarter of 2009, China produced 12 percent of the world's botnet zombies -- those surreptitiously infected desktops that send spam, host malware, or provide storage space for illicit content. The US was second on the list at 9.5 percent (down from 13.1 percent the previous quarter); Brazil, Russia, and Germany rounded out the top five.
- Daily spam volume in the fourth quarter of 2009 averaged 135.5 billion messages. Yes, per day. The good news? That was a 24 percent drop over the third quarter of 2009.
- Spammers' and phishers' favorite headline topics to exploit in 2009 included the Air France plane crash, Michael Jackson's death, the 2010 FIFA World Cup, and the H1N1 vaccine.
- The US is still tops in terms of spam production, followed by Brazil and India. Ukraine and Germany joined the list of top 10 spam producers for the first time. (Welcome! And congratulations.)
- Politically motivated cyber-offensives are on the rise around the world, as demonstrated by the Iranian Army's attack on Twitter. "The report confirms that the United States is not the sole target, nor is China the sole origin for these types of attacks with recent political attacks targeting the Polish government, the Copenhagen Climate Conference and Latvia’s Independence Day," McAfee said.
- Cybercriminals zeroed in on social-networking sites, with Koobface activity increasing considerably during the latter part of 2009. Koobface is now hosted by servers in 46 countries; the US, Germany, and Denmark are the top three hosting locations.
China's other notable breakthrough came as leader of origination points for SQL-injection attacks -- 54.4 percent of all recorded attacks.
All these data points will no doubt embolden China's critics, who claim the country and its leaders either encourage such malfeasance or ignore it at their peril and flirt with state-sponsored cyber-warfare. Given Google's recent conflation of Chinese intrusions and censorship, plus Secretary of State Hillary Clinton's very important policy speech on Internet freedom, the Chinese may indeed be feeling some heat -- the government made a very big deal about shutting down a hacker's academy this week, taking great pains to emphasize the state had no role or interest in the organization.
So before we really give the Chinese the wire brush, McAfee reports that North America is still the worldwide leader in hosting malicious content, then Europe/Middle East/Asia, followed by Asia/Pacific.
Ironically, the great Internet firewall that surrounds China and filters out content that's problematic fosters the problem of malware hosting and bot production, according to a number of security experts.
"This is China's payback for allowing rampant pirating of software, especially Microsoft Windows," said Richard Stiennon, chief research analyst for IT-Harvest, in an email. "Several years ago Microsoft implemented protection measures that would only allow legitimate license holders to install patches, such as today's mega-update. Because there are so many bootleg copies of Windows running on consumer PCs in China they have become the primary home for infected PCs."
And you don't even have to be Chinese to take advantage of all the in-country malware resources, according to Ra Security founder Gideon Lenkey. "Just because the attacks originate from China doesn't mean the people behind the attacks are Chinese or even physically in China," Lenkey wrote in an email. "China's Internet is very closed off from the rest of the Internet so it's a great position to attack from."
Unlike the Senate's recent flaccid, no-cost condemnation of the Chinese for hacking Google servers, it's numbers like these that are more likely to encourage the Chinese to clean up their national act. Will this mean new policy changes to its national firewall? An amnesty program for Windows pirates? Or more likely, highly publicized trials (and penalties) for bad-Net hosts in China? Stay tuned -- however it is that the world's largest Internet market responds will have global repercussions.
— Terry Sweeney, Editor in Chief, Internet Evolution
This blog is part of Internet Evolution's Security Clan, which examines the future of Internet security and the changing nature of risks and vulnerabilities. To join the Security Clan, register here.