Connect with us

Hi, what are you looking for?



U.S. Top Malware-Hosting Country: IBM X-Force

The U.S. hosts more than two-fifths of all malicious links and more than a quarter of all the botnet command and control servers in the world, according to a new report from IBM’s X-Force team.

The U.S. hosts more than two-fifths of all malicious links and more than a quarter of all the botnet command and control servers in the world, according to a new report from IBM’s X-Force team.

The second highest concentration of malicious links is in China, which hosts about 11 percent – double the amount from last year. Rounding out the top three was Germany, which fell from second to third and is now hosting 8.3 percent compared to 9.8 percent 14 months ago.

In addition to being tops on the list of countries hosting malware, the U.S. also hosts more command and control (C&C) servers than any other country, though the percentage has declined, according to the report. While X-Force found the U.S. hosts a quarter of the world’s C&Cs, 14 months ago the country hosted four percent more than it does now. The second highest percentage of C&C servers are hosted in the Russian Federation (9 percent), while the Republic of Korea, China, Germany and the United Kingdom host between 7.2 and 6 percent of the C&C servers.

Those rankings changed however when the researchers took into account the fact certain countries have a larger number of technology users and service providers. When the figures are normalized based on the ratio of IP addresses as a percentage of total IP-addressable systems in country, the U.S. dropped out of the top 20 countries hosting malware and fell all the way to number 25. Instead, Hong Kong, Lithuania and Bulgaria were in the top spots. In the case of the command and control servers, the U.S. ranked as the 28th most-affected location when it comes to malware.    

“When comparing the data from 2013 to that from 2014, almost all the countries have reduced their total number of C&C server contaminations except Lithuania, which is not only in the top spot for 2014, but stayed in that position by increasing its contaminated system ratio by about one per one million systems,” according to the report. “Slovakia stayed flat year over year, while Indonesia increased. Interestingly, Ukraine decreased its contamination ratio by the largest margin, by almost five systems per one million.”

“Typically, attackers use remote code execution to install malware, which may have any number of malicious actions, such as keylogging, screen-grabbing and remote access for the attackers,” blogged Leslie Horacek, IBM X-Force Threat Response Manager. “Those actions all result in stolen data, which the malware reports to its C&C servers. Although the United States hosts the largest number of contaminated IP addresses for both malware and botnet C&C servers, when normalized for addressable IP space, Eastern European countries show the highest infection rates.”

Advertisement. Scroll to continue reading.
Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.