Malicious programs migrate from Chinese servers

01 Jun 2010
Virus News

Kaspersky Lab, a leading developer of secure content management solutions, announces that it has issued its quarterly malware report titled, Information Security Threats in the First Quarter of 2010.

According to the report the US and Russia have surpassed China’s lead in terms of the numbers of servers located on their territories that host malicious programs.

Over the first three months of this year, more than 119 million malware hosting servers were detected, of which 27.57% were located in the US and 22.59% in Russia, with just 12.84% in China. The situation looked radically different in late 2009, with 32.8% of servers hosting malicious programs located in China, 25.03% in the US, 11.73% in the Netherlands and 7.97% in Russia.


Q1 2010 Q4 2009
1 USA 27.57% 1 China 32.8%
2 Russia 22.59% 2 USA 25.03%
3 China 12.84% 3 The Netherlands 11.73%
4 The Netherlands 8.28% 4 Russia 7.97%

The geographical distribution of servers hosting malicious code

In recent years, China has become a veritable malware factory, churning out huge amounts of malicious code, and naturally, the factory's ‘products’ are also often found on servers located in the Celestial Empire itself — which is ultimately why China has been in the lead in terms of malicious servers for such a long time.

The reason behind the country's recent drop in host server numbers is the introduction by the Chinese authorities of more stringent procedures for registering Internet addresses that use the national ‘.cn’ domain. The CNNIC (the administration agency for the national domain) introduced tighter rules for domain name registration: a written statement is now required in which the requesting party must provide passport information and complete lengthy applications.

This probably does not mean the end of cybercrime, however. Instead, malicious code has essentially migrated from Chinese servers to servers located in other countries, primarily the US and Russia, with an emphasis on the latter. It would seem that the cybercriminals are keen to take advantage of Russia's relatively lax domain registration laws.

We can only hope that the measures introduced on 1 April, 2010 governing the registration of Russia's ‘.ru’ domain, which require the provision of documents to substantiate the requesting parties’ identity, will have the same effect as in China and that malware will migrate from Russian servers.

The full quarterly report, titled Information Security Threats in the First Quarter of 2010, can be found here.