Congratulations Iceland!

image.png

Iceland had the fourth lowest infection rate of the period following a long period of improvement. - Microsoft Security Intelligence Report, Volume 14, p. 41.

We, as well as CERT Finland and F-Secure have been spreading the word of Mostly harmless Finland for a while now. It is time to start looking at the results in other countries, who have adopted the Finnish feeder-proxy-cleaner model. Microsoft Security Intelligence Report provides interesting data about the infection rates in different countries. The Microsoft Security Intelligence Report (SIR) analyzes the threat landscape of exploits, vulnerabilities, and malware using data from Internet services and over 600 million computers worldwide.









Depressing Starting Point

attachment:map.png

Picture: Malice is among us.

World is full of abuse. Are we beyond hope?

SIR data plotted

It's a Journey, Not a Destination - we can't get rid of all the malice, but seems that we are going to the right direction and with a nice speed.

The graph below represents few countries, who have adopted the feeder-proxy-cleaner model. Please note the significant drop in Iceland, one of the countries who adopted the model around 2011. The graph contains also world-wide average for comparison.

https://docs.google.com/spreadsheet/oimg?key=0ArXej4mIkh6NdFB0bTdJNE1CcjBmM0tyWTdvRDhsZUE&oid=2&zx=6jfj1gl0m2tj

For comparison, lets have a look at some South American countries. Please notice that the scale is a bit different from the previous graph.

https://docs.google.com/spreadsheet/oimg?key=0ArXej4mIkh6NdFB0bTdJNE1CcjBmM0tyWTdvRDhsZUE&oid=3&zx=u2pbum15e09

What We See

The data is based on public sources. Adding few non-public sources, such as ShadowServer, one would get 10-100x more events for analysis. And the data surprisingly rarely overlaps.

The visualization shows the number of unique IPs in the reports, compared to geoip country code and type of malicious activity. Time window is 7 days.

categorilla.png
Picture: Where are your bots, Iceland?

Few Example South American Countries

During the past 7 days, South America has had a wider variety of malicious activity types. Furthermore, issues come in greater numbers.

samerica.png

Picture: Bots like to live in sunny South America.

Once the country has a good process for fire department work, all sorts of other benefits start to emerge. For example the country is better prepared for a more large scale issues. See DNSChanger blog entry for an example.

-- jani 2013-04-18 13:19:57


return to the blog ...