Iceland had the fourth lowest infection rate of the period following a long period of improvement. - Microsoft Security Intelligence Report, Volume 14, p. 41.
We, as well as CERT Finland and F-Secure have been spreading the word of Mostly harmless Finland for a while now. It is time to start looking at the results in other countries, who have adopted the Finnish feeder-proxy-cleaner model. Microsoft Security Intelligence Report provides interesting data about the infection rates in different countries. The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide.
Depressing Starting Point
Picture: Malice is among us.
World is full of abuse. Are we beyond hope?
SIR data plotted
It's a Journey, Not a Destination - we can't get rid of all the malice, but seems that we are going to the right direction and with a nice speed.
The graph below represents few countries, who have adopted the feeder-proxy-cleaner model. Please note the significant drop in Iceland, one of the countries who adopted the model around 2011. The graph contains also world-wide average for comparison.
For comparison, lets have a look at some South American countries. Please notice that the scale is a bit different from the previous graph.
What We See
The data is based on public sources. Adding few non-public sources, such as ShadowServer, one would get 10-100x more events for analysis. And the data surprisingly rarely overlaps.
The visualization shows the number of unique IPs in the reports, compared to geoip country code and type of malicious activity. Time window is 7 days.
Picture: Where are your bots, Iceland?
Few Example South American Countries
During the past 7 days, South America has had a wider variety of malicious activity types. Furthermore, issues come in greater numbers.
Picture: Bots like to live in sunny South America.
Once the country has a good process for fire department work, all sorts of other benefits start to emerge. For example the country is better prepared for a more large scale issues. See DNSChanger blog entry for an example.
-- jani 2013-04-18 13:19:57