The majority of the Internet’s malware-infected websites are located
on Chinese networks, finds a new report released today by
StopBadware.org, the university-based research initiative aimed at
protecting users from dangerous software. The report also identifies
the 10 network blocks that contain the largest number of badware sites.
Six of the 10 are located in China.
“Sites that infect visiting PCs represent some of the worst of
digital pollution,” said Jonathan Zittrain, StopBadware.org co-director
and Professor of Law at Harvard Law School. “Malware is a global
problem that requires cooperation across industries and across national
As China strives to hone its image in preparation for the Beijing
Olympics, fifty-two percent of the more than 200,000 infected sites
StopBadware.org analyzed in late May were hosted by Chinese networks.
U.S.-based networks accounted for 21 percent of bad sites. The data
were provided by Google's Safe Browsing team and are searchable by URL
in the StopBadware.org Badware Website Clearinghouse.
The owners of these network blocks play a variety of roles in the
Internet ecosystem. Some directly control the infected servers on their
networks, while others lease equipment and/or bandwidth to customers
who control their own servers. Google, which is a sponsor of
StopBadware.org, hosts free blogs on its network through its popular
Blogger service. Malicious users sometimes exploit these free blogs as
a means to link to or distribute malware. Google disables the blogs as
soon as they detect the bad content, but the dead blogs remain in the
list of infected sites until Google’s automated malware detection
system has an opportunity to rescan them.
Using data from Google’s Safe Browsing initiative, StopBadware.org analyzed over 200,000 websites found to engage in badware behavior. The analysis found that over half of the sites were based on Chinese network blocks, with a small number of blocks accounting for most of the infected sites in that country. The U.S. accounted for 21% of infected sites, and these were spread across a wide range of networks. Compared to last year, the total number of sites was much higher, likely due both to increased scanning efforts by Google and to increased use of websites as a vector of malware infection. Several U.S.-based network blocks that were heavily infected last year, including that of web hosting company iPowerWeb, whose network block topped last year’s list, no longer host large numbers of infected sites.