The Channel logo

News

By | John Leyden 30th May 2008 14:00

Old Windows exploits dominate hack attack traffic

China eyeballs US through the looking glass

China and US are the leading sources of hacking attacks, which are overwhelmingly targeted against Windows systems.

According to a new study by content distribution firm Akamai the two countries accounted for 30 per cent of attack traffic during the first quarter of 2008. Around 17 per cent of denial of service and exploit traffic came from China, with the US close behind at 14 per cent. Ten countries accounted for three in four instances of attack traffic. Argentina, Brazil, India, Japan, South Korea, Taiwan and Turkey were all fingered by Akamai as leading sources of attack.

Many of the network ports targeted by the greatest volume of attack traffic were associated with worms, viruses and Trojans that spread across the internet several years ago. Akamai reckons this finding suggests many people are still failing to patch systems to defend against well-known risks.

"While that’s not to say that there are not any current pieces of malware that attack these ports, it may point to a large pool of Microsoft Windows-based systems that are insufficiently maintained, and remain unpatched years after these attacks 'peaked' and were initially mitigated with updated software," it said.

The most common attacks picked up by Akamai were associated with well-known Windows exploits. Around one-third of the attacks (30 per cent) targeted port 135, which is used for remote procedure calls in Windows. The port was used by the infamous Blaster worm to spread onto unpatched PCs back in 2003. Port 139, generally used for Windows network shares, and port 22 (used by SSH), were also frequently attacked. Attacks associated with port 22 would commonly involve attempts to work out remote access passwords by brute force and accounted for 12 per cent of attack traffic.

Akamai's first State of the Internet (pdf - registration required), published on Thursday, shows that countries long linked with high volumes of spam traffic (such as the US and China) are also associated with high volumes of exploit related traffic.

The survey also sheds light of the worldwide digital divide. South Korea has the highest levels of "high broadband" (ie greater than 5 Mbps) connectivity whereas Rwanda and the Solomon Islands struggle along in the slow-lane of the internet superhighway with the vast majority of internet connections (95 per cent) tapping out at less than 256kbps. ®

comment icon Read 19 comments on this article alert Send corrections

Opinion

Love

Chris Mellor

Tandberg and Sphere3D deals offer hope after 18 bad ones
Fraud image
Openstack log

Features

No, silly... he was the fall guy for years of Finnish folly
Fraud image
Frodo and the Ring
Microsoft's strategy is to make Store apps popular. Good luck with that