Made in China: Virus-Laden Web Pages
Because China lags behind the West in security smarts, the bad guys find Chinese sites easier to compromise.
There's something else most consumers don't want that is made in China, along with lead-tainted toys and poisoned toothpaste: malicious Web pages. Security firm Sophos has posted the findings of its August report on malware and found China far and away had the most compromised Web pages serving up malware. Problem is this stuff is a little harder to recall.
In examining 8 billion Web pages, China (including Hong Kong) came away as the single largest source of Web pages hosting some kind of malicious code, with 44.8 percent of the compromised machines found. The U.S. was second with 20.8 percent and Russia third with 11.3 percent.
That's actually an improvement for China, according to Ron O'Brien, senior security analyst for Sophos. In July, the infection rate was 53.9 percent. China was quite responsive when Sophos told it about the infection rates and cleaned up as many computers as it could.
The problem is China's rapid growth technically and economically. Web pages, sites and hosts are springing up like mushrooms in the country and security is a secondary concern, much in the way it was in the U.S. in the mid-1990s when our Internet boom began.
"It has to do with the number of PCs that are unprotected, and the Chinese Web sites have demonstrated that they are easier to hack into," O'Brien told internetnews.com. "There is a large number of Web sites by small mom-and-pop organizations that didn't use the most sophisticated security."
China doesn't have anywhere near the market for security like the U.S. does, said Peter Firstbrook, research director for Gartner. "China doesn't have our level of security. Trend Micro is probably the biggest player there, but in general I don't think they have a comparable industry. There are no Chinese-specific antivirus vendors or malware vendors," he said.
The top Web-based threat remains IFrame, the HTML element that allows for embedding another HTML document inside the main document. It remains far and away the most popular means to compromise computers, with 47.8 percent of the vulnerabilities Sophos found. The next-closest form of attack made up only 17.7 percent of the vulnerabilities found.
IFrame attacks are insidious because users often have no idea they've been compromised. They work silently and redirect an unsuspecting user to a page that looks like a legitimate company, such as a bank, when it's set up to steal your personal information.