In a recent post, called The Curious Case of Qatar, I discuss how Qatar has the highest regional infection rate that we have ever reported. Prior to this the Republic of Korea had the highest malware infection rate in the world; back in July of this year I wrote about how the threat landscape in Korea was one of the most active in the world.
More current data shows the malware infection rate in Korea has improved markedly. In the second quarter of 2011 the malware infection rate in Korea was observed to be at its lowest point in more than a year. The number of computers cleaned per 1,000 scanned (CCM) by the Microsoft Windows Malicious Software Removal Tool (MSRT) was 20 in the second quarter of 2011 versus 40.3 in fourth quarter of 2010. While 20 is still more than double the worldwide infection rate (9.77) during the same period, it is a positive precipitous decrease.
Figure: The infection rate, measured in Computers Cleaned per Mille (CCM), trend for Korea over the four quarters spanning the third quarter of 2010 to the second quarter of 2011, compared to the worldwide rate
The big difference in Korea between these periods is the reduction in the detection of miscellaneous Trojans.
Figure on left: Malware and potentially unwanted software categories in Korea in the 4th quarter of 2010, by percentage of computers affected as published in SIRv10; Figure on right: Malware and potentially unwanted software categories in Korea in the 2nd quarter of 2011, by percentage of computers affected as published in SIRv11
Specifically, the threat called Win32/Onescan, which was the top detection in Korea in the fourth quarter of 2010, isn’t in the top 10 most detected threats in Korea in the second quarter of 2011. The reduction in the prevalence of this one family of malware changes the mix of threats found in Korea. There could be a number of reasons for the reduction in detections of this threat.
Figure on left: The top 10 malware and potentially unwanted software families in Korea in the 4th quarter of 2010 as published in SIRv10; Figure on right: The top 10 malware and potentially unwanted software families in Korea in the 2nd quarter of 2011 as published in SIRv11
This is a very positive change for computer users in Korea. But more work is still needed to further reduce the prevalence of worms and exploits in the region. In addition, phishing sites hosted in Korea, malware hosting sites in Korea, as well as sites hosting drive-by downloads in Korea are all many, many times above the worldwide average. The percentage of world spambot IP addresses located in Korea was the second highest in the world in the second quarter of 2011.
Figure: Phishing, Malware Hosting, and Drive-by Download Hosting Site Trends for Korea as published in SIRv11
Clearly there has been some great progress in Korea and I can’t wait to see what the trend looks like in the future.
Director, Product Management