Werner Heisenberg famously called into question the precepts of reality with his over-quoted paradox that the observation of something real (an electron) changes its apparent reality (its momentum). It’s a principle that can be applied to so many areas of endeavour, including to the more mundane but odd phenomenon of Internet malware statistics.
Where do threats really come from? Who is behind them? Are there patterns to all this activity? Does knowing what appears to be going on actually help us minimise their negative effects? At times it’s as if the more we look, the further away we move from a definitive answer to any question we care to ask. Or perhaps, in Heisenbergian terms, the act of finding out gives us a specific answer, and it matters not whether we can trust it because no other answer is possible at the moment of asking.
According to Symantec’s Internet Threat Report, which covered the six months up to the end of 2006, the world’s biggest source of malware is still by some margin the US, an interesting finding because many assume that China now leads the world in this department. Indeed, the US is number one in every category of malware, bar one, the number of bot-infected PCs.
The US was found to be hosting the largest percentage of spam zombies, at 10 percent, forty-four percent of spam, forty-six percent of known phishing sites, and slightly over half the world’s “underground economy” servers used to sell stolen data among criminals. Granted, the US has large numbers of PC users, and a large programming community, but that percentage is now only 19 percent so the malware dominance is still noteworthy.
But hold on. When the figures were adjusted for malicious activity relative to the number of Internet users in a country, Israel, Taiwan and Poland, turned out to be the malware hotspots. And you could argue that China’s appearance near the top of every malware league table is more significant as it is a country of high growth but low development, and other reports consider it to be the biggest problem location.
Another possibility is that the US only looks like the malware hotspot because it is the easiest country to measure. Or that it depends on when and from where you measure it, or who is doing the measuring, with what assumptions and using what tools. Or perhaps malware is now so complex and fast-evolving that looking at it from any global perspective is now extremely difficult or misleading.
Perhaps we should forget where malware comes from because what matters is where and how it hurts us. Unfortunately, security companies don’t track where the victims are, and neither do national police forces. The best they can tell is that 65 percent of malware is in English, and in Symantec’s case that most of the credit cards put on sale by criminals come from the US. This is possible in part because of the country’s wealth, but also because it has built up systems of compensation to alleviate some of the pain of e-crime. You wonder whether the average Chinese phishing victim is compensated by his or her bank in the manner of most US victims.