China Home to at Least HALF of Malicious Web Sites

It looks like China is becoming a hotbed for malware and malicious websites (those sites that push malware infections via browser exploits).

They often used to be found in Korea and Taiwan and parts of Eastern Europe. According to the latest data more than half of the sites are now located in China.

More than half of the Web sites foisting malicious software on visitors are located at networks in China, according to data released today., a joint project between researchers at Harvard, Oxford and Google, found that 52 percent of the more than 200,000 infected sites the group analyzed in late May were hosted at Chinese networks. In contrast, U.S.-based networks accounted for 21 percent of the bad sites, Stopbadware found.

The sites examined in the study were all reported as malicious by Google, which interestingly enough ranked as the 6th largest source of malicious Web sites in this report, with 4,261 malware sites. Most of those appear to be the result of scammers and virus writers devising ways to automate the creation of sites at Google-owned

It’s somewhat ironic that it’s Google that labels malware sites…but a Google owned property is in the top 10 for malicious web sites!

With coming in as the 6th largest source of malware…I really think it’s something Google needs to take a serious look at.

The numbers from just one month prior paint a much harsher picture for Google. Stopbadware never published these figures, but a source involved in the group’s effort shared data with Security Fix showing Google and Blogger as the 4th largest source of malicious sites, with more than 10,000 such domains. See the comparison charts by clicking on the graphic to the left.

Max Weinstein, project manager for Stopbadware, said the group plans to begin releasing stats on a monthly basis. Weinstein said he believes the spike in malicious domains at Google properties was due to the company’s recent aggressiveness in scanning its own sites for malware.

“When that first happened, Google’s numbers shot way up,” Weinstein said.

Hmm interesting indeed, we’ll have to watch and see what Google is going to do about this, they really need to control it. Especially with many of the new botnet infectors leveraging on sites.

Source: Washington Post

Posted in: Exploits/Vulnerabilities, Malware, Web Hacking

, , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

17 Responses to China Home to at Least HALF of Malicious Web Sites

  1. Navin June 30, 2008 at 9:19 am #

    Is anyone really surprised by this revelation?? I’m not!! China is home to the top spammers, hackers and Bot servers in the world!!

  2. Sleepy June 30, 2008 at 5:06 pm #

    It’s the reason I’m learning Chinese in my spare time via Rosetta Stone. Like Nav says; no surprise.

  3. razta June 30, 2008 at 6:00 pm #

    How can you be sure they are actually Chinese people who write the viruses and spread the malware? Couldnt it be western people spreading it via vulnerable chinese servers? As a developing country maybe information security is still something they need to perfect. Im not saying this is the case however could be a posibility, im well aware that there are very clued up chinese hackers, however is there that many of them considering the nature of the Chinese goverment and their harsh punishments?

  4. Sleepy June 30, 2008 at 6:27 pm #

    I’m speaking without any reference here, but as I understand it the Chinese government encourages/sponsors hacking outside of their internet. I am American however so I can’t say that “what I heard” isn’t also propaganda, but it’s pretty well known/accepted here that China does these things. The only thing I can say for sure is that China does have a huge problem with media pirating and seems to do nothing or not much about it. OVGUIDE.COM will link you to thousands of streaming movies….most of which are hosted on Chinese sites. I would love to see some more references to proof of these claims though too, because razta does make some good points and I only have “what they tell me” to go on.

  5. grav June 30, 2008 at 6:48 pm #

    China’s situation is quite ironic, a communist country means that privileges are supposedly taken away, but in China, it is almost more “free” than here.

    It really makes you think about the role of the government as BIG BROTHER when you hear stories about how life is in other countries. For all we know, Chinese people could be hearing stories about how democracy = fascism. Propaganda is everywhere. Could this be propaganda showing the alleged condition of China for the ’08 Olympics? I think so. If the US can criticize China for having dusty cities, China could be criticizing the US for having the biggest Carbon footprint or for the world’s highest percent of fattest people. Every country has its flaws. Like Navin said, with a country whose population is almost 1/3 of the world’s stuff is going to happen.

  6. zupakomputer June 30, 2008 at 7:22 pm #

    China owns the dollar – they have so many dollars (probably in bonds) they can sell enough of them to change the whole US economy.

    But yeah – that’s certainly the first thing that occurred to me when reading the likes of 1984 and Animal Farm; what other conclusions can be come to over phrases such as ‘the most successful totalitarian state is the one where the citizens think they are free, and that it’s other countries that are not free’.

    “Keep repeating, “we are free!”;

    ‘you are free, to do as we tell you, free to do as we tell you, free to do as we tell you’

    – that’s from Bill Hicks in Revelations…

  7. razta June 30, 2008 at 10:16 pm #

    A bit off topic, however something ive been wanting to discuss. IF war does break out between the western allies and Iran, their internet structure will be a definate target. How will the US/UK attack their internet structure? How will Iran defend it? It wouldnt surprise me if the attack on their internet infrastucture hasnt already started, maybe just pentesting for now. In my opinion the military infrastructure such as radar, AA misiles, airports will be the first targets and then it will move onto electricity, bidges, oil supply , telecoms and the internet. I suppose if their is no elctricity there will be no internet, however im sure that Irans main backbone servers will be equipt with high tech generators. Most contries invaded by modern super powes havent had an internet structure, it will be interesting to see how you attack a high tech country and how that country defends its infrastructure.

  8. Navin July 1, 2008 at 9:19 am #

    @ zupakomputer

    U sure tht’s the Chinese?? I thought only Saudi Arabia had tht sort of control over US economy!! Atleast tht’s what I came to undrstand after the US went after Afghanistan even though most of the terrorists involved in 9/11 were from Saudi arabia……what say??

    @ razta, tht’s something I pray doesn’t happen first of all coz i strongly feel the US will attack Iran only to take over the oil reserves

    Bush in 02 : Iraq surely has weapons of mass destruction…ATTACK!!
    Bush in 03 : Iraq has, I think, weapons of mass destruction
    Bush in 04 : Iraq has, it seems, weapons of mass destruction
    Bush in 05 : Iraq has, i’ve been told, weapons of mass destruction
    Bush in 06 : Iraq has, maybe, weapons of mass destruction
    Bush in 06 : Iraq has No weapons of mass destruction, we have their oil…hehe

    But seriously, I just feel tht if the US did attack, then it’d directly send in a few SR-71’s and F-22 Raptors and take out the Irani communication systems first…widout communications between the head of defence and the air launch facilities Iran would be crippled

    then hopefully hacker’s frm Iran would team up and crack through the 9 layered (or so I’ve been told) firewall of the US defence and replace the entire site with an image of Bush in a bathing suit!!

    What say??

  9. Daniel July 3, 2008 at 5:45 am #

    if this is news to anyone, then they obviously haven’t been WHOISing phishing sites. When a friend got phished a couple months ago i went poking and found that that site, as well as all the sites linked to in phishing emails in my own inbox, were hosted in china.

  10. SpikyHead July 3, 2008 at 6:48 am #

    Everytime we investigate hacking attempts 90% of the time its chinese IP address.
    Everytime we check the origin of phishing email… its chinese origin…
    Everytime we check origin of spam emails…mostly its chinese origin too..

    So no wonders if more than 50% of such sites are owned by chinese OR hosted on chinese web servers… see their is a bit of diff in both..

  11. Navin July 3, 2008 at 8:32 am #

    @ daniel its amusing tht Ur friend got phished even though he knew the site he was on was fake!! Generally people don’t bother to see the site address (the address bar) when they click on these links…tht’s the reason why most of dem end up giving out dere passwords to phishers

    tht’s the reason tht web browsers now highlight safe sites in yellow (secured sites) so tht people atleast take notice of their address bar

    whats sad is tht the people who are caught in raids on phishing sites are mostly skiddies who …in many cases….. host their sites on free webhosts…so the phishing site address reads something like yahoomaillogin(dot)freehostia(dot)com (just an example…believe me there are thousands with similar names)….and people do fall for this…sheesh!!

  12. grav July 3, 2008 at 8:10 pm #

    @ Navin & Daniel

    Another thing that is really funny and plays to human nature is that email that reads ” You have won the international lottery”

    It asks you for you Social Security Number. You know its fake…
    BUT…. don’t you always feel: “WHAT IF IT’S REAL!!!”

    These scams are the same as social engineering. They play to the basic human desires and exploit them just as an experienced hacker would exploit a vunerable system. Once again, this proves the human element is one of the weakest… : (

  13. grav July 3, 2008 at 8:15 pm #


    Talking about phishing
    Is anybody else worried about how anyone can enter any username
    for all you know, I’m a different person than the one in the post above. Is there any way to prevent this?

    Could we possibly have a username and password system? I know its a major overhaul to the site, but just something I was wondering…

    Just to test the above, I entered a different email…

  14. Darknet July 4, 2008 at 2:56 am #

    There is a username/password system.

    But it’s pretty easy for me to tell if someone is not who they usually are, that’s why the spammers pretending to be on of the top commenter’s get deleted.

    If you want an account let me know via the contact form, I’d rather control registration than open it.

  15. Navin July 5, 2008 at 11:50 am #

    cmon man….i frankly don’t think anyone could pretend to be a top commentator and spam!! coz over the months each one of us has developed a style of writing

    for eg. if grav started praising some company’s product for no apparent reason, I’d kinda figure out tht it wasn’t really him…and I think wordpress has a built in spam filter

    I myself have bumped into it on a couple of occasions when my comments have been too short for eg. try commenting “cheers”…it will be seen as spam!!

  16. grav July 5, 2008 at 6:24 pm #

    You’re right!
    I just tried and WordPress said my comment was too short.

  17. Sandeep Nain July 7, 2008 at 1:34 am #

    well there are always work arounds i think…
    these applications are becoming smarter day by day but spammers are usually smarter