Made in China: Virus-Laden Web Pages

There’s something else most consumers don’t want that is made in China, along with lead-tainted toys and poisoned toothpaste: malicious Web pages. Security firm Sophos has posted the findings of its August report on malware and found China far and away had the most compromised Web pages serving up malware. Problem is this stuff is a little harder to recall.

In examining 8 billion Web pages, China (including Hong Kong) came away as the single largest source of Web pages hosting some kind of malicious code, with 44.8 percent of the compromised machines found. The U.S. was second with 20.8 percent and Russia third with 11.3 percent.

That’s actually an improvement for China, according to Ron O’Brien, senior security analyst for Sophos. In July, the infection rate was 53.9 percent. China was quite responsive when Sophos told it about the infection rates and cleaned up as many computers as it could.

O’Brien doesn’t attribute the high infection rate to malicious intent. He estimates that 80 percent of Web sites serving up some form of malware are doing so unknowingly by the owner/administrator.

The problem is China’s rapid growth technically and economically. Web pages, sites and hosts are springing up like mushrooms in the country and security is a secondary concern, much in the way it was in the U.S. in the mid-1990s when our Internet boom began.

“It has to do with the number of PCs that are unprotected, and the Chinese Web sites have demonstrated that they are easier to hack into,” O’Brien told “There is a large number of Web sites by small mom-and-pop organizations that didn’t use the most sophisticated security.”

China doesn’t have anywhere near the market for security like the U.S. does, said Peter Firstbrook, research director for Gartner. “China doesn’t have our level of security. Trend Micro is probably the biggest player there, but in general I don’t think they have a comparable industry. There are no Chinese-specific antivirus vendors or malware vendors,” he said.

The top Web-based threat remains IFrame, the HTML element that allows for embedding another HTML document inside the main document. It remains far and away the most popular means to compromise computers, with 47.8 percent of the vulnerabilities Sophos found. The next-closest form of attack made up only 17.7 percent of the vulnerabilities found.

IFrame attacks are insidious because users often have no idea they’ve been compromised. They work silently and redirect an unsuspecting user to a page that looks like a legitimate company, such as a bank, when it’s set up to steal your personal information.

There is some good news, though: Malicious attachments to spam are dropping like a rock. Sophos found just one in 1,000 e-mails had an infected attachment in August compared with one in 47 just one year ago. O’Brien attributes that to users getting smarter about attachments.

“The educational effort is beginning to pay dividends,” he said. “We can see that reflected in the behavior of criminals trying to get to the end user. We’re not clicking on attachments. We’re learning not to expect greeting cards from friends and relatives unless we’re having a birthday. It’s all a matter of conditioning.”

Firstbrook has also noticed that e-mail is diminishing as a threat. “E-mail as a propagation method is going down,” he said. “You see now in top malware are Trojans and droppers [software to drop Trojans and other malware on your computer] instead of viruses. It’s all about finding places to put the malware where you can redirect people to it.”

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web