Zeroing In On the Internet's 'Evil Cities' 90
We've sometimes seen malware sources broken down by country; now a Dutch study attempts to increase the resolution of that information. An anonymous reader writes with some bits gleaned from the recently published study (PDF): "Seoul is the most criminal city on the Internet, followed by Taipei and Beijing. When the population of the top 20 cities is taking into account, Chelyabinsk , in Russia, tops the list, followed by Buenos Aires and Kuala Lampur. These results were found by researchers from the from the University of Twente and Quarantainenet, a security company from the Netherlands. The researchers also found that analyzing attacks' origin at the city level [Original, in Dutch] instead of country level reveals interesting findings. For example, the U.S. ranked #3 in the list of the most criminal countries for the reporting period, while no major U.S. city was found among the most evil ones, while only one European city was listed among the top 20 cities, but 8 EU countries were among the most criminal. It was also observed that the list of criminal cities remains stable over a period time and that when the attack type is taken into account, 50% of the most evil cities remains the same."
Re:So what's the solution? (Score:5, Interesting)
That's what I do. There's a handful of countries whose IP ranges I've blocked at the firewall. I typically block the mail ports, and redirect web traffic to a "Sorry we're not available in your region" page with a contact form. The reality is that I don't foresee myself selling any products or services into Asia, Russia, or South America. I don't speak their language(s), I can't process their money, and I sure as shit can't litigate if a deal goes wrong, so why expose myself to unnecessary risk ? There are other web sites to choose from, probably better suited to those specific markets than mine could be, I think it's a win-win.
No kidding (Score:5, Interesting)
What I think you'll find actually is the cause is more of a cultural thing. I've done no empirical research on this, but I do get a few data point of observations from the large number of Asian grad students we get. I've noticed something that is very common in both Chinese and Korean students:
1) Pirated software is a way of life. The idea of paying for software is just not really an idea they have. They don't see it as wrong in any way, it is just how you do things. Well while the BSA's stuff about viruses is over inflated, it is based in reality. There are plenty of warez sites out there which have infected software. This seems to be particularly true of Chinese sites. Finding one that isn't ridden with viruses is difficult.
2) Virus scanners are just something that isn't considered to be needed on computers. This may be in part because of language barriers. Most of the best virus scanners are Eastern European, and the companies market in English primarily. I have noticed since Qihoo has come to be that more Chinese students have scanners, it in particular. Unfortunately it is a really poor virus scanner (gets a ton of false positives and have poor heuristics and so doesn't deal well with unknown malware) so it doesn't do much good.
3) ISPs that just won't give a shit, at all, about anything. Efforts at contacting Chinese ISPs about problems have never done anything. Most ISPs, if you make them aware of a system causing problems, will take action. Some these days proactively watch their network and shut down problem connections. We've never had any luck with Chinese ISPs. We've even gotten people to translate our message in to Chinese and the response is always "We are not responsible for that IP, please get us the correct IP." They are of course responsible, APNIC confirms it, they just don't care.
I think that is a large reason why areas like this are so very infected. The propensity for not having a scanner and downloading from any random site makes infection much easier, and since ISPs don't seem to care there is little to stem the tide. You combine that with the normal user ignorance of computer security that we see across the world and there you go.