The beginning of the year is smoothly striving towards the end of the quarter, and we have gathered to present you yet another portion of the annual threat statistics . It is curious how the presence of the Internet in a particular country can affect the rating of its development and at the same time be inversely proportional to the rating of the spread of Internet threats. In any case, as you might have guessed, the number of threats is growing.
Great expectations
')
The number of attacks through the browser for the year increased from 580,371,937 to
946,393,693 . If you think easier, it has almost doubled. And if you work a little more with multidigit numbers, it turns out that when users were surfing the Internet, our products repelled malware attacks on average 2,592,859 times a day.
The number of Internet attacks reflected in 2011 exceeds the figures for 2010 by 1.63 times, which is significantly lower than the growth rates that we have seen over the past three years. So, in 2010, we recorded an eight-fold increase in infection attempts compared to 2009.
The slow growth rate of infection attempts via the web is due to the
increased Internet literacy of the population due to the lack of fundamentally new technologies for the mass infection of computers in 2011. The main weapon of infection through the browser remained the sets of exploits, which make it possible to conduct a drive-by attack completely unnoticed by the user. During the year, two sets of exploits were actively sold on the black market: BlackHole and Incognito, which quickly gained popularity among cybercriminals and entered the top five most frequently used sets. Note that almost all of this business operates around affiliate programs organized by hackers.
There are no prerequisites for a serious change in the situation, so in the near future the growth in the number of web attacks will slow down even more. Then there will be a gradual stabilization of the number of incidents.
Big Brother
Not for nothing, we are promoting our cloud network KSN so much, because it was she who increased the share of Internet threats detected by heuristic methods from 60% to 75% without updating the classical anti-virus databases. Malicious URLs detected by these methods occupy the first line of the malware rating on the Internet. Note that a significant portion of these detections are in sites with exploits.
In second place are malicious scripts injected by hackers into the code of hacked legitimate sites using special programs. Injections of the hidden Iframe tag with a link to a malicious resource are used during drive-by attacks: the user enters a legitimate website, and the browser is imperceptibly redirected to a resource containing a set of exploits.
Big Kush
To carry out the aforementioned 946,393,693 attacks via the Internet, the attackers took advantage
of 4,073,646 domains. Servers that hosted malicious code were discovered in
198 countries around the world. 86.4% of all malicious hosts recorded by us were located in the Internet space of twenty countries.
A place | A country | Number of attacks | % of all attacks |
one | USA | 240 022 553 | 25.4% |
2 | Russia | 138,554,755 | 14.6% |
3 | Netherlands | 92 652 499 | 9.8% |
four | Germany | 82 544 498 | 8.7% |
five | Ukraine | 47,886,774 | 5.1% |
6 | China | 46 482 840 | 4.9% |
7 | Great Britain | 44 676 036 | 4.7% |
eight | British Virgin Islands | 26 336 323 | 2.8% |
9 | Canada | 19,723,107 | 2.1% |
ten | Sweden | 15 472 406 | 1.6% |
eleven | France | 14,706,167 | 1.6% |
12 | Romania | 12,685,394 | 1.3% |
13 | The Republic of Korea | 7,220,494 | 0.8% |
14 | Czech | 6 009 847 | 0.6% |
15 | Latvia | 5,371,299 | 0.6% |
sixteen | Spain | 5,066,469 | 0.5% |
17 | Japan | 3,468,602 | 0.4% |
18 | Turkey | 3 150 767 | 0.3% |
nineteen | Brazil | 2,712,440 | 0.3% |
20 | Belize | 2,660,150 | 0.3% |
The first two positions are occupied by the same countries as a year ago: the USA (25.4%) and Russia (14.6%). But, who would have thought: the active growth in the share of malicious hosting sites, which we fixed in these countries in previous years, stopped. This was facilitated by the long-awaited law enforcement measures to close botnets. However, as can be seen, this did not make the big weather, the percentage of malicious hosting in these countries is still at a very high level.
And a little joy for specific political regimes! Strict regulation of domain registration in China continues to have a positive effect. Two years ago, China was in the lead in terms of the number of malicious hosting sites, with an incredible margin from other countries. The share of this country accounted for more than half of all sources of malware on the Internet (52%). However, in the last reporting period, this figure fell to 13%. In 2011, the share of Chinese malicious hosting decreased by another 8.2%, and the country moved from third to sixth position.
Interesting fact that can be explained in different ways: Holland and Germany occupy the 3rd and 4th positions in the rating, respectively. In fact, this is explained by the fact that the providers of these countries offer cheap and high-quality hosting, which is interesting not only for honest clients, but also for intruders.
big washing
In addition to the drive-by downloads in the arsenal of the attackers, there are several other methods of luring users to malicious sites: black search engine optimization, spam on social networks and posting links with tempting comments on popular sites.
We found out which sites in 2011 most often hosted malicious links - in accordance with the number of attempts to click on these links of KSN users. We grouped the twenty sites from which the most transition attempts were recorded, by categories.
Categories TOP 20 sites from which users most often clicked on malicious links.
% of conversions, 2011
In the first place were various entertainment sites containing video content, such as Youtube.
The second place was taken by search engines - users periodically follow malicious links directly on the pages of the largest search engines Google and Yandex.
With a lag of 1%, social networks ranked third. The most cautious you need to be when communicating on Facebook and Vkontakte - it is on these social networks that attackers are especially actively spreading malicious content.
On the fourth and fifth places are located sites with content "for adults" and various advertising networks (most often banner).
As we see from this rating, not only the Parisian ordinary people from the legendary film are chained in the evenings to the television workers, from where they are all zombied. The emergence of the Internet has not changed the preferences of the population, and when it comes to bread and circuses, the world community is not very selective.
A big difference
One of the most interesting questions that can be answered using statistics is in which countries users most often encounter cyber threats. In fact, this particular statistic is an indicator of the aggressiveness of the environment in which the computer operates.
To assess the risk of infection to computers in different countries of the world when surfing the web, for each country, we calculated how often during 2011 users encountered an anti-virus program. Below are the top 20 countries in terms of the risk of infection on the Internet.
A place | A country | % unique users |
one | Russia | 55.9% |
2 | Oman | 54.8% |
3 | USA | 50.1% |
four | Armenia | 49.6% |
five | Belorussia | 48.7% |
6 | Azerbaijan | 47.5% |
7 | Kazakhstan | 47% |
eight | Iraq | 45.4% |
9 | Ukraine | 45.1% |
ten | Guinea bissau | 45.1% |
eleven | Malaysia | 44.4% |
12 | Sri Lanka | 44.2% |
13 | Saudi Arabia | 43.9% |
14 | India | 43.8% |
15 | Sudan | 43.5% |
sixteen | Great Britain | 43.2% |
17 | Tajikistan | 43.1% |
18 | Qatar | 42.4% |
nineteen | Kuwait | 42.3% |
20 | Canada | 42.1% |
According to the same indicator, all countries of the world can be divided into several groups.
1.
High-risk group
This group with the result of 41-60% included 22 countries. In addition to the countries from the TOP 20, Australia (41.5%) and China (41.4%) also hit it.
2.
The risk group
This group with indicators of 21-40% included 118 countries, including Italy (38.9%), the United Arab Emirates (38.2%), France (37%), Sweden (32%), the Netherlands (37.1% ) and Germany (26.6%).
3.
The group of the safest countries in surfing the Internet (0-20%)
In 2011, 9 countries were in this group: Ethiopia (20.5%), Haiti (20.2%), Denmark (19.9%), Niger (19.9%), Togo (19.6%), Burundi (18.6%), Zimbabwe (18.6%), Benin (18.0%), Myanmar (17.8%).
Pay attention to the warm company in the last group of countries - its composition has been updated almost completely. Now the countries in which the Internet has developed in the slightest degree, and Germany, Japan, Luxembourg, Austria and Norway, whose figures in 2010 ranged from 19% to 20%, became at risk. With the exception of Denmark, the group of safe countries consists almost entirely of newcomers to the ranking.
But the most important trick is that the countries that joined the group of safe when surfing the web, according to the level of local threats were in groups with high and maximum levels of infection. The guys have not yet learned how to use the Internet, but they are spreading infection on flash drives! As a result, in these countries, our threats practically don’t get web threats, but a huge number of users encounter viruses and worms that live on removable media and infect files.
Big Bang: Conclusion
This is the kind of explosive statistics that you prepared for 2011, all we had to do was collect and publish it. As for the development of threats in 2011 and forecasts for 2012 - read the report
here . The most interesting is, as always, the predictions: after all, our Sasha Gostev rarely deceived by instinct. Enjoy reading!