Third of world's bot-infections are UK computers

By Kelly Ellis and Matt Whipp

Posted on 19 Sep 2005 at 17:47

The UK has the highest proportion of bot-infected computers in the world, a new report from Symantec says.

During the first half of 2005, the security experts discovered that 32 per cent of known bot-infected computers worldwide were located in the UK, highlighting a need for both ISPs and end-users to take action.

Britain leads the shameful bot charts with 32 per cent, followed by the US with 19 per cent and China, with 20 per cent of the world's population, hosts just 7 per cent. The survey has even drilled down to a town by town analysis, naming London and Winsfield as the most bot-ridden residences in Britain.

Symantec, which published its findings in the Internet Security Threat Report, has put the disturbing figures down to the rapid growth of broadband across the country and recommends that ISPs should introduce resilient security mechanisms to help keep their customers safe.

Botnets are infected Internet-connected computers under the control of a remote attacker. Hundreds can be networked and used to send on spam, launch directory harvest attacks or used for Denial of Service attacks against extortion victims.

However, it's not a case of more broadband equals more botnets. Symantec's Senior Development Director, Jeremy Ward told us he conducted some further research with figures from the OECD to see if there was a rank correlation between broadband penetration and botnet infections.

'You would expect to see a correlation in rank,' he told us. 'But actually the reverse is true and there is a statistically significant negative relationship.' The more well established broadband is within a territory, the less likely it is to be riddled with bot-infected computers.

The phenomenon in the UK is very much of the moment, said Ward. He suspected that an historical analysis would find the longer a country has had broadband, the more time it has had to sort out security. 'In Scandinavian countries, for example, the ISPs have realised that [virus infections] impact their bottom line, messing up the pipes.'

What we have in the UK right now is a burst of enthusiasm for broadband, yet the security implications that go with it are only just being realised. The UK is not being targeted for its geographical position or its position as an Internet hub. 'These bots are automatic,' said Ward. 'They're looking for the lowest-hanging fruit. The reason why there are more infections in the UK is that there are fewer well-protected computers.'

Symantec says the ideal system would be for ISPs and their customers to work together to combat the infiltration of bots. It recommends that ISPs perform traffic filtering; block the most common services that are targets for the bot network infection and filter potentially malicious email attachments. While users should be taking similar actions at home on home routers and firewalls; update antivirus software regularly and notify their ISP of any malicious activity they encounter.

The company foresees that the war against bots will only become more difficult. Last year 25 per cent of bot-infected computers were situated here. But future botnets may not only become more numerous, over the next year there will be a more coordinated community of bot networked computers carrying out increasingly sophisticated, targeted attacks, it predicts.

Ward also warns that the big headline grabbing virus epidemics are over, and people are becoming increasingly complacent as computer security stays out of the news. He urges people to write to their MPs to urge the Government to tackle the issue. 'Let's have some big campaigns into awareness,' he said. 'The Government needs to put some money into this.'