More malware is hosted on US websites and more spam is relayed from US computers than any other country. As evidence of this, when a US Internet company accused of collaborating with spammers and hackers was disconnected from the net in November, there was a staggering 75% drop in spam.
This is one of the conclusions from Sophos' Security Threat Report 2008, which examines the threat landscape over the last 12 months and predicts emerging cybercrime trends for 2009.
"Not only is the US relaying the most spam but it's also carrying the most malicious webpages. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
Sophos's research reveals that in 2008 organised criminal gangs tripled their attacks against innocent websites, injecting malicious code to infect visiting home users and businesses.
In addition, 2008 has seen concerted campaigns by hackers to pose as legitimate anti-virus vendors, creating new professional-looking websites and applications every day with the intention of scaring users into believing that their computers have been compromised.
On average, Sophos identifies five new scareware websites every day, with the figure peaking at over 20 per day on occasion.
The detailed report, which documents the major Internet attacks of 2008, also reveals a rise in hackers spamming out malicious attachments, designed to compromise PCs in order to steal identities, money and resources. By the end of 2008, Sophos was tracking five times more malicious attacks arriving through files attached to emails than at the start of the year.
In addition, spammers and malware authors have shown an interest in websites like Facebook, breaking into innocent users' accounts to take advantage of trusted social networks and send spam and malware.
"The last year showed that Internet hacking gangs are more organised than before, often working across borders to steal money and data from unsuspecting users. The volume of attacks has increased, with hackers using automated systems to break into vulnerable websites or generate new variants of their malware," Myroff says . "Users also need to heed the reality that completely legitimate websites could be harbouring dangerous malware.
"We are not expecting to see these assaults diminish in 2009. As economies begin to enter recession it will be more important than ever for individuals and businesses to ensure that they are on guard against Internet attack."
Statistics and findings at a glance:
* Biggest malware threats – SQL injection attacks against websites and the rising tide of scareware;
* New web infections – one new infected webpage discovered by Sophos every four and a half seconds (Three times faster than in 2007);
* Malicious e-mail attachments – five times more at end of 2008 than at the beginning;
* US hosts the most malware on the web (37%), usurping China's position in 2007;
* US computers relay the most spam (17,5%); and
* Increasing allegations of state-sponsored cybercrime, as China, North Korea, Russia and Georgia amongst those accused of espionage and assaults via the Internet
In 2007, China was responsible for hosting over 50%of all web-based malware. However, in 2008 this position was stolen by the US.