Asia harbours half of world's zombies

Latest DDoS report finds half of the world's bots are found in Asia.

China is now the most infected country in the world and Asia contains half the world's infected computers, according to security company Prolexic.

The figures come from the company's Denial of Service (DDoS) Weather Report, which reports on the botnet activity around the globe from infected computers.

Countries in Asia account for five of the six most infected territories around the world, with the US in second place. The UK is tenth.

Net use in China is exploding. According to figures for 2006 released by the China Internet Networks Information Centre (CNNIC), the People's Republic now boasts 137 million Internet users, up 23.4 per cent year on year.

There are a number factors exacerbating the China problem, said Keith Laslop, President of Prolexic. One is "because of the high use of pirate software, which Microsoft refuses to protect," he said, which leaves systems open to virus infection.

Others include online criminals in China "being able to exploit weak cybercrime legislation," he said. "If you commit a cybercrime in China, you face execution. If you do the same thing outside of China, the government won't bat an eyelid."

Furthermore, the business landscape in China can be far from friendly. Laslop said that successful startups in China will soon come to the attention of the authorities, who are likely to move their own personnel in to key positions. "It's more prudent to start an illegitimate business in China than a legitimate one."

The other reason botnets are growing is because the DDoS attacks using them are successful. Laslop said that the infrastructure of web-facing systems are too often inadequate to cope with the threat. In particular, he noted that the Linux Apache MySQL PHP (LAMP) open-source systems are vulnerable when not configured properly.

"LAMP is not built defensively," he said. "It makes it a very easy target. You have to be very careful about how you configure it. You have burn some defensibility on to it. What it takes is planning, and right now there's no planning out there."

The nature of attacks is also changing. They no longer rely on the brute force method of throwing masses of traffic at a server, but take a more targeted approach.

"They have moved from consumption type attacks to targeted http or application based attacks, trying to bring the CPU load to 100 per cent, maybe through an advanced search, or via registration pages," he said. "These new attacks appear legitimate. They sidestep firewalls, DDOS mitigation boxes, IDS services and so on."

The report claims such attacks can use https to sidestep built in DDoS and IPS systems, and relatively low bandwidth - sub 50Mb - to succeed.

Paul Sop, CTO of Prolexic, said: "A botnet is like a Swiss-army knife in that it has many tools which the attacker can implement. Attackers have started finding ways around many common DDoS defence systems and are adding those capabilities to their botnets. Their new tactics involve countermeasures of a previously unheard of level of sophistication. The challenge in stopping these attacks requires identifying, to a great level of detail, the usage patterns of normal users versus simulated bot users."

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021
Google’s about to push everyone into two-factor authentication
Security

Google’s about to push everyone into two-factor authentication

6 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021