⬆️ ⬇️

Big Bang Stats

The beginning of the year is smoothly striving towards the end of the quarter, and we have gathered to present you yet another portion of the annual threat statistics . It is curious how the presence of the Internet in a particular country can affect the rating of its development and at the same time be inversely proportional to the rating of the spread of Internet threats. In any case, as you might have guessed, the number of threats is growing.



image



Great expectations

')

The number of attacks through the browser for the year increased from 580,371,937 to 946,393,693 . If you think easier, it has almost doubled. And if you work a little more with multidigit numbers, it turns out that when users were surfing the Internet, our products repelled malware attacks on average 2,592,859 times a day.



The number of Internet attacks reflected in 2011 exceeds the figures for 2010 by 1.63 times, which is significantly lower than the growth rates that we have seen over the past three years. So, in 2010, we recorded an eight-fold increase in infection attempts compared to 2009.



The slow growth rate of infection attempts via the web is due to the increased Internet literacy of the population due to the lack of fundamentally new technologies for the mass infection of computers in 2011. The main weapon of infection through the browser remained the sets of exploits, which make it possible to conduct a drive-by attack completely unnoticed by the user. During the year, two sets of exploits were actively sold on the black market: BlackHole and Incognito, which quickly gained popularity among cybercriminals and entered the top five most frequently used sets. Note that almost all of this business operates around affiliate programs organized by hackers.



There are no prerequisites for a serious change in the situation, so in the near future the growth in the number of web attacks will slow down even more. Then there will be a gradual stabilization of the number of incidents.



Big Brother



Not for nothing, we are promoting our cloud network KSN so much, because it was she who increased the share of Internet threats detected by heuristic methods from 60% to 75% without updating the classical anti-virus databases. Malicious URLs detected by these methods occupy the first line of the malware rating on the Internet. Note that a significant portion of these detections are in sites with exploits.



In second place are malicious scripts injected by hackers into the code of hacked legitimate sites using special programs. Injections of the hidden Iframe tag with a link to a malicious resource are used during drive-by attacks: the user enters a legitimate website, and the browser is imperceptibly redirected to a resource containing a set of exploits.



Big Kush



To carry out the aforementioned 946,393,693 attacks via the Internet, the attackers took advantage of 4,073,646 domains. Servers that hosted malicious code were discovered in 198 countries around the world. 86.4% of all malicious hosts recorded by us were located in the Internet space of twenty countries.



A placeA countryNumber of attacks% of all attacks
oneUSA240 022 55325.4%
2Russia138,554,75514.6%
3Netherlands92 652 4999.8%
fourGermany82 544 4988.7%
fiveUkraine47,886,7745.1%
6China46 482 8404.9%
7Great Britain44 676 0364.7%
eightBritish Virgin Islands26 336 3232.8%
9Canada19,723,1072.1%
tenSweden15 472 4061.6%
elevenFrance14,706,1671.6%
12Romania12,685,3941.3%
13The Republic of Korea7,220,4940.8%
14Czech6 009 8470.6%
15Latvia5,371,2990.6%
sixteenSpain5,066,4690.5%
17Japan3,468,6020.4%
18Turkey3 150 7670.3%
nineteenBrazil2,712,4400.3%
20Belize2,660,1500.3%


The first two positions are occupied by the same countries as a year ago: the USA (25.4%) and Russia (14.6%). But, who would have thought: the active growth in the share of malicious hosting sites, which we fixed in these countries in previous years, stopped. This was facilitated by the long-awaited law enforcement measures to close botnets. However, as can be seen, this did not make the big weather, the percentage of malicious hosting in these countries is still at a very high level.



And a little joy for specific political regimes! Strict regulation of domain registration in China continues to have a positive effect. Two years ago, China was in the lead in terms of the number of malicious hosting sites, with an incredible margin from other countries. The share of this country accounted for more than half of all sources of malware on the Internet (52%). However, in the last reporting period, this figure fell to 13%. In 2011, the share of Chinese malicious hosting decreased by another 8.2%, and the country moved from third to sixth position.



Interesting fact that can be explained in different ways: Holland and Germany occupy the 3rd and 4th positions in the rating, respectively. In fact, this is explained by the fact that the providers of these countries offer cheap and high-quality hosting, which is interesting not only for honest clients, but also for intruders.



big washing



In addition to the drive-by downloads in the arsenal of the attackers, there are several other methods of luring users to malicious sites: black search engine optimization, spam on social networks and posting links with tempting comments on popular sites.



We found out which sites in 2011 most often hosted malicious links - in accordance with the number of attempts to click on these links of KSN users. We grouped the twenty sites from which the most transition attempts were recorded, by categories.



image

Categories TOP 20 sites from which users most often clicked on malicious links.

% of conversions, 2011



In the first place were various entertainment sites containing video content, such as Youtube.



The second place was taken by search engines - users periodically follow malicious links directly on the pages of the largest search engines Google and Yandex.



With a lag of 1%, social networks ranked third. The most cautious you need to be when communicating on Facebook and Vkontakte - it is on these social networks that attackers are especially actively spreading malicious content.



On the fourth and fifth places are located sites with content "for adults" and various advertising networks (most often banner).



As we see from this rating, not only the Parisian ordinary people from the legendary film are chained in the evenings to the television workers, from where they are all zombied. The emergence of the Internet has not changed the preferences of the population, and when it comes to bread and circuses, the world community is not very selective.



A big difference



One of the most interesting questions that can be answered using statistics is in which countries users most often encounter cyber threats. In fact, this particular statistic is an indicator of the aggressiveness of the environment in which the computer operates.



To assess the risk of infection to computers in different countries of the world when surfing the web, for each country, we calculated how often during 2011 users encountered an anti-virus program. Below are the top 20 countries in terms of the risk of infection on the Internet.



A placeA country% unique users
oneRussia55.9%
2Oman54.8%
3USA50.1%
fourArmenia49.6%
fiveBelorussia48.7%
6Azerbaijan47.5%
7Kazakhstan47%
eightIraq45.4%
9Ukraine45.1%
tenGuinea bissau45.1%
elevenMalaysia44.4%
12Sri Lanka44.2%
13Saudi Arabia43.9%
14India43.8%
15Sudan43.5%
sixteenGreat Britain43.2%
17Tajikistan43.1%
18Qatar42.4%
nineteenKuwait42.3%
20Canada42.1%


According to the same indicator, all countries of the world can be divided into several groups.



1. High-risk group

This group with the result of 41-60% included 22 countries. In addition to the countries from the TOP 20, Australia (41.5%) and China (41.4%) also hit it.

2. The risk group

This group with indicators of 21-40% included 118 countries, including Italy (38.9%), the United Arab Emirates (38.2%), France (37%), Sweden (32%), the Netherlands (37.1% ) and Germany (26.6%).

3. The group of the safest countries in surfing the Internet (0-20%)

In 2011, 9 countries were in this group: Ethiopia (20.5%), Haiti (20.2%), Denmark (19.9%), Niger (19.9%), Togo (19.6%), Burundi (18.6%), Zimbabwe (18.6%), Benin (18.0%), Myanmar (17.8%).



Pay attention to the warm company in the last group of countries - its composition has been updated almost completely. Now the countries in which the Internet has developed in the slightest degree, and Germany, Japan, Luxembourg, Austria and Norway, whose figures in 2010 ranged from 19% to 20%, became at risk. With the exception of Denmark, the group of safe countries consists almost entirely of newcomers to the ranking.



But the most important trick is that the countries that joined the group of safe when surfing the web, according to the level of local threats were in groups with high and maximum levels of infection. The guys have not yet learned how to use the Internet, but they are spreading infection on flash drives! As a result, in these countries, our threats practically don’t get web threats, but a huge number of users encounter viruses and worms that live on removable media and infect files.



Big Bang: Conclusion



This is the kind of explosive statistics that you prepared for 2011, all we had to do was collect and publish it. As for the development of threats in 2011 and forecasts for 2012 - read the report here . The most interesting is, as always, the predictions: after all, our Sasha Gostev rarely deceived by instinct. Enjoy reading!

Source: https://habr.com/ru/post/138918/



All Articles