Research on Malware Distribution
Among their conclusions are that the majority of malware distribution sites are hosted in China, and that 1.3% of Google searches return at least one link to a malicious site. The lead author, Niels Provos, wrote, ‘It has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware. During the course of our research, we have investigated not only the prevalence of drive-by downloads but also how users are being exposed to malware and how it is being distributed.'”
Draft paper, and some data.
beads • February 26, 2008 12:19 PM
The easy answer is to simply null route much if not all traffic where you have no potential customers or clients. Mainly countries or ISPs who do not recognize their own abuse policies, etc.
If countries and ISPs are simply allowed to play the role of bad actors they should be shunned from the ‘Net in general. Don’t play nice? Don’t need to receive that traffic. Simple as that. I do not accept traffic from China and a number of “secured” European and South American countries and ISPs. Its got to be a two way street.