United States leads the way in malware and firewall attacks, says Network Box

28 September 2010 – The US has overtaken India and Russia to become the biggest producer of viruses once more, according to analysis of internet threats by managed security company, Network Box. The US is now responsible for 12.05 per cent of the world’s viruses, up from 4.03 per cent from August, when the US trailed both India and Russia. India takes second place with 7.17 per cent, after its virus production declined by an impressive 6.56 per cent. Russia, which was in third place, has dropped to fifth after a fall of 5.53 per cent, to be replaced by Korea, which saw an increase in production of only 0.27 per cent (reaching 6.29 per cent of virus production).



Viruses produced in the UK have dropped again (by 0.29 per cent). The UK has now dropped from fourth largest producer in July, to tenth in September.



The US and India still dominate when it comes to spam production, being responsible for 10.79 and 6.88 per cent of the worlds spam respectively. Russia has replaced Brazil as the third largest spam producer, after an increase of 2.53 per cent from last month, to 6.04 per cent of the worlds spam.



The majority of firewall attacks still originate from the US (18.65 per cent) in fact there was a slight increase of 0.32 per cent in September. Simon Heron, internet security analyst for Network Box, says: ‘As usual, it is ports 80, 137 and 8080 that take the majority of the probes but it is interesting to see probes against TCP 1521 entering the top 10. This port is frequently used by Oracle as a "listener" and also by nCube licence manager. I would suspect it is worth probing in case Oracle is on there and the listener has not been properly secured.’



Heron continues: ‘The rapidity with which a country can climb, and fall, the threat charts serves as a reminder of the fluidity of the cybercrime industry. Also it is always interesting looking at the ports being probed as these vary dependent on the latest vulnerability or perhaps a knowledge that default settings on some applications do not protect correctly or are not correctly secured.’



For more information on security issues, see www.network-box.co.uk, or visit Simon Heron’s blog at: http://blog.network-box.co.uk/





Top Sources of Viruses

Country Daily Average %

United States 12.055

India 7.17778

Korea 6.29308

Brazil 6.00757

Russia 5.523

Australia 4.85767

Vietnam 4.37955

Ukraine 2.68576

China 2.68089

United Kingdom 2.20062



Top Sources of Spam

Country Daily Average %

United States 10.79224

India 6.88932

Russia 6.04657

China 5.1727

Brazil 5.09237

United Kingdom 4.28063

Ukraine 3.33066

Vietnam 3.13332

Korea 2.34497

Australia 2.1474



Top Sources of Firewall Blocks

Country Daily Average %

United States 18.65075

Korea 13.12423

Australia 12.5444

China 10.66144

Malaysia 10.24928

Hong Kong 6.55218

United Kingdom 2.24347

ap 2.00501

Argentina 1.74559

Canada 1.15522



Top Firewall blocks by Port

Protocol / Port Daily Average %

TCP:80 16.41811

UDP:137 9.82517

TCP:8080 6.0455

UDP:123 5.94138

UDP:53 3.27504

TCP:443 3.17302

UDP:138 2.45289

UDP:161 2.25305

TCP:25 2.06095

TCP:1521 1.56607



Top Viruses

Threat Name Daily Average %

nbh-bbadhdr 8.08063

policy_prohibits_'exe'_nested_at 5.89429

nbh-bgtrack 5.5628

trojan.win32.oficla.ma 5.09375

nbh-bscript 5.07931

trojan.win32.oficla.ju 4.45524

trojan-downloader.js.iframe.bez 4.33392

trojan-dropper.win32.agent.cxma 4.14594

trojan.win32.oficla.iu 3.87156

spam.porn.url_porn_adult-sexuallyexplicit 2.97824



Top Trojans

Threat Name Daily Average %

trojan-downloader.js.iframe.bez 0.05183

trojan-clicker.html.iframe.abn 0.03219

trojan-downloader.win32.fraudload.hbf 0.0258

trojan.win32.oficla.ma 0.02348

trojan.win32.oficla.ju 0.02134

trojan.win32.oficla.zl 0.01835

trojan.win32.fraudpack.bkfd 0.01455

trojan-downloader.win32.fraudload.xfwn 0.01408

trojan-dropper.win32.agent.cxma 0.01304

trojan.win32.oficla.lh 0.01284



Top Intrusions

Threat Name Daily Average %

NETBIOS 39.61717

BOGON 11.2673

PINGFLOOD 1.61879

HTTP-S-WEBDAV 0.8672

ICMP 0.04747

HTTP-S-WEBDEX 0.03479

SOBIG-F 0.01899

HTTP-S-NIMDA 0.01085

HTTP-S-UNIXATTACK 0.00876

HTTP-S-WEBATTACK 0.00741



- ends -

About Network Box:

Network Box Limited (NBL) is an international managed security services company, specialising in unified threat management (UTM). It continuously defends the networks of its customers using PUSH technology to instantaneously update protection, from 12 Security Operations Centres spread around the globe. NBL’s customers in Asia, Australia, North America and Europe include companies such as BMW, Nintendo and Toyota, as well as banks, utilities companies and government organisations.



For more information, see www.network-box.co.uk / www.network-box.com.



Further press information from:

Kate Hartley / Richard Houghton

Carrot Communications

Tel: +44 (0)771 406 5233 / + 44 (0)7803 178 037

Email: networkbox@carrotcomms.co.uk