The U.S. hosts more than two-fifths of all malicious links and more than a quarter of all the botnet command and control servers in the world, according to a new report from IBM’s X-Force team.
The second highest concentration of malicious links is in China, which hosts about 11 percent – double the amount from last year. Rounding out the top three was Germany, which fell from second to third and is now hosting 8.3 percent compared to 9.8 percent 14 months ago.
In addition to being tops on the list of countries hosting malware, the U.S. also hosts more command and control (C&C) servers than any other country, though the percentage has declined, according to the report. While X-Force found the U.S. hosts a quarter of the world’s C&Cs, 14 months ago the country hosted four percent more than it does now. The second highest percentage of C&C servers are hosted in the Russian Federation (9 percent), while the Republic of Korea, China, Germany and the United Kingdom host between 7.2 and 6 percent of the C&C servers.
Those rankings changed however when the researchers took into account the fact certain countries have a larger number of technology users and service providers. When the figures are normalized based on the ratio of IP addresses as a percentage of total IP-addressable systems in country, the U.S. dropped out of the top 20 countries hosting malware and fell all the way to number 25. Instead, Hong Kong, Lithuania and Bulgaria were in the top spots. In the case of the command and control servers, the U.S. ranked as the 28th most-affected location when it comes to malware.
“When comparing the data from 2013 to that from 2014, almost all the countries have reduced their total number of C&C server contaminations except Lithuania, which is not only in the top spot for 2014, but stayed in that position by increasing its contaminated system ratio by about one per one million systems,” according to the report. “Slovakia stayed flat year over year, while Indonesia increased. Interestingly, Ukraine decreased its contamination ratio by the largest margin, by almost five systems per one million.”
“Typically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access for the attackers,” blogged Leslie Horacek, IBM X-Force Threat Response Manager. “Those actions all result in stolen data, which the malware reports to its C&C servers. Although the United States hosts the largest number of contaminated IP addresses for both malware and botnet C&C servers, when normalized for addressable IP space, Eastern European countries show the highest infection rates.”