Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:54 PM
Connect Directly

China Nudges Out U.S. For Most Bot-Infected Machines

More than half of all SQL injection attacks in Q4 2009 came out of China, new McAfee report says

The U.S. may still rank No. 1 in spam production, but China is now home to the most bot-infected machines that spew spam, as well as the source of most SQL injection attacks.

China made up 12.1 percent of all spamming bots or zombies as of last year's fourth quarter, while the U.S. dropped from 13.1 percent in the third quarter to 9.5, according to a new McAfee report. That puts the U.S. in the No. 2 position for bots.

Interestingly, there has been a slow, downward trend worldwide in the number of newly infected bot machines spewing spam since June 2009, according to McAfee: That number went from 5 million in June and July to around 3.4 million in November, and then to about 3.9 million in December.

Overall, spam volume has dropped during the winter months: After a record-breaking 175 billion spam messages per day in the third quarter, there was a 24 percent drop in the fourth quarter, to about 133 billion spam messages a day, McAfee says. McAfee says that trend won't last, however, because overall, spam volume is up 35 percent over the fourth quarter of 2008.

"In Q4, we saw spam activity drop, but identified some interesting trends developing in terms of the geographic distribution of cyberthreats and the types of threats executed," says Mike Gallagher, senior vice president and chief technology officer at McAfee Labs.

China hosted the most SQL injection attacks in the world in the fourth quarter, with 54.4 percent of them, followed by the U.S., 24.3 percent; Japan, 2.5 percent; the U.K., 1.9 percent; Ukraine, 1.8 percent; Brazil, 1.4 percent; Netherlands, 1 percent; Iran, 1 percent; Argentina, 0.9 percent; and Spain, 0.9 percent.

McAfee Labs detected an ongoing attack on Web servers during September and December that were targeted for their vulnerable or poorly configured Web applications. Those attacks came mostly out of China.

Meanwhile, other bot-infested countries are Brazil (8.5 percent); Russia (7 percent); Germany (6 percent); Republic of Korea (5 percent); Italy (3.5 percent); U.K. (3.2 percent); Taiwan (3 percent); and Spain (2.6 percent).

China was not among the top 10 spamming countries, however: After the U.S. (15.6 percent) and Brazil (11.2 percent) came India (5.6 percent); Venezuela (4.4 percent); Republic of Korea (3.8 percent); Ukraine (3.7 percent); Poland (3.6 percent); Romania (3.3 percent); Germany (2.9 percent); and Russia (2.4 percent).

David Marcus, director of security research for McAfee Labs, says it's unclear whether China will again be at the top of the bot list for SQL injection attacks in the first quarter of this year, mainly because these are "dynamic threats."

McAfee's report can be downloaded here (PDF).

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.