Security Firm Reveals Over Half of All Malicious Websites are Hosted in U.S.

This year has already turned out to exceed our expectations for malware infiltrations, which have taken on a new face in the spread of new threats like ransomware and exploit kits. In a quest to combat malware, many security firms and researchers are sifting through originating sources of malware. Among the many sources, malicious websites are a primary culprit that German security firm G DATA revealed that over half of them are hosted in the US.

In a recent report on the second half of last year (2015), G DATA's security products detected over two million new malware variations for a total of 5.1 million threats during all of 2015. Comparing that number to 2014 it is about one million less detected in 2014. The makeup of those numbers comes out of the fact that most malicious websites are hosted in the United States, where more than half of the world's data centers are located.

Most malware to come out of malicious sites hosted in the US are distributed through spam email. The trend found in the type of malware shows them rooting out of what is called "evil" websites, consisting of mostly gambling sites, blogs, technology and telecommunication sites.

We have stated on many occasions how ransomware threats have become one of the most prevalent threats of our time. While that may ring true, the culprit that aids in the spread of ransomware and other aggressive malware threats remains to be Trojans. Among Trojan horse threats, banking Trojans have been found by researchers like those at G DATA to inject malicious code to steal personal data. In many situations examined by security researchers when it comes to banking Trojans, is their unfettered ability to steal login credentials, which will arm hackers and cybercrooks with enough information to steal money from online banking accounts.

While most malicious websites that spread malware throughout the world are hosted in the US, many targets of the threats are outside of the US, such as the Santander Group in Spain being the most targeted bank by banking Trojans in 2015. UK banks, such as Lloyds, Barclays, and RBS were also some of the larger targets for banking Trojans in 2015 from many detected malicious websites.

The data from G DATA in their 20-page report for malware analysis during 2015 divulges on the effects of banking Trojans, which they claim were the most aggressive threats in 2015. Among the most aggressive Trojans, Dridex is listed by G DATA as being a dominating threat and most dangerous. The Dridex threat expanded its operations and sought many banking institutions located around the world, including those mentioned previously located in Spain and the UK.

G DATA's chart below in Figure 1, also found within their recently-released 20-page 2015 malware analysis report, reveals the top 10 categories of evil websites during the through the second half of 2015.

Figure 1. G DATA Top 10 Categories of 'evil' websites chart