It took some digging, but security software vendor Symantec now says that the majority of targeted malware distributed this month originated in China even though most of the e-mail servers used to facilitate the scams were physically located in the U.S.
The report (PDF format) is just the latest damning evidence placing China at the epicenter of the worldwide surge in cyber attacks that have targeted U.S.-based companies and government agencies in the past three years.
Symantec's (NASDAQ: SYMC) MessageLabs found that while 36.6 percent of the malicious e-mails sent in March originated from U.S.-based e-mail servers, the vast majority (28.2 percent) came from senders in China. Romania checked in second at 21.1 percent and the United States followed at 13.8 percent.
"When considering the true location of the sender rather than the location of the e-mail server, fewer attacks are actually sent from North America than it would at first seem," Paul Wood, a MessageLabs senior analyst, said in the report. "A large proportion of targeted attacks are sent from legitimate Webmail accounts which are located in the U.S. and therefore, the IP address of the sending mail server is not a useful indicator of the true origin of the attack."
The report also found that hackers and phishers have become even more adept at tailoring unsolicited e-mails for specific executives and industries, a fact not lost on executives at a trio of major U.S. oil companies who were duped into installing malware that swiped sensitive corporate data during an 18-month period beginning in 2008.
Executives with the title of director, senior official, vice president, manager, or executive director were on the receiving end of more malware-laced e-mails, according to Symantec. Moreover, executives working on foreign trade and defense issues related to Asian countries were inundated with spam scams.
The most common file types attached to malicious e-mails in March were of the .XLS and .DOC variety, however, Symantec researchers said the most dangerous attachments were encrypted .RAR files, a proprietary compressed archive format.
While .RAR files were only found in roughly 1 in 312 malicious e-mail attachments -- compared to 15.4 percent apiece for .XLS and .DOC files -- they're hard to identify and compromise networks at an alarming rate of 96.8 percent.
"By comparison, unencrypted .RAR files are rarely exploited and occur in 1.1 percent of e-mails," Wood said. "Although they are more common than encrypted .RAR files, they are far less likely to be seen attached to malicious e-mail.
Symantec officials said executable file types, including the notorious .EXE variety, accounted for 6.7 percent of files attached to e-mail in March and were found to be compromised 15 percent of the time.
"Although there are a great number of malicious e-mails that use the most common file extensions, .XLS, .DOC, .ZIP and .PDF, as attachments, they are more often included as attachments to e-mails that are safe," the report said.
In March, the ratio of spam to total e-mail traffic from new and previously unknown malicious sources was 90.7 percent, up 1.5 percent points from February. However, only about 16.8 percent of e-mail-borne malware contained links to malicious Web sites, a 13.9 percent decline from February.
Executives across every industry are now paying closer attention malware threats, particularly from China, following the high-profile campaign in January that compromised dozens of corporate networks operated by Google (NASDAQ: GOOG), Adobe Systems (NASDAQ: ADBE), and at least two dozen other U.S. companies.
Symantec's March report found that the engineering industry was the most spammed target at 94.7 percent of total e-mails, followed by education (91.9 percent), chemical and pharmaceutical firms (91.1 percent), and IT services (91.8 percent).