Botnets on the rise in Asia, Symantec says

Hijacking of systems by hackers grew by more than 140 percent in China alone, according to security firm's report.

Vivian Yeo Special to CNET News

Sept. 23, 2005 12:09 p.m. PT

3 min read

A correction was made to this story. Read below for details.

More computers in the Asia-Pacific region are being hijacked and used remotely by hackers to send viruses, according to a recent study by security vendor Symantec.

The number of such "bot infected" systems in China alone grew more than 140 percent in the first six months of 2005, compared with the same period last year, Adrian Tham, Symantec's systems engineer manager for Southeast Asia, said in an interview with ZDNet Asia.

But despite the increasing number of bot-infected computers in Asia, they made up less than 20 percent of the total number of compromised systems worldwide, he said.

Edward Lam, Symantec's general manager for Singapore, noted that there has been an increase in "botnets" across the globe. According to the company's eighth biannual Internet Security Threat Report, the number of "bots" during the first six months of this year increased to 10,352 a day, from fewer than 5,000 in the second half of 2004. The data was derived from readings from more than 24,000 sensors located worldwide.

This is a significant dip, however, compared with the first half of 2004, when more than 30,000 bots were detected per day.

Botnets are groups of compromised PCs, often numbering in the thousands per network, that are rented out to relay spam, to launch denial-of-service attacks, or to perform other malicious acts.

Three Asian cities--Seoul, Beijing and Taipei--were ranked among the top 10 cities worldwide in the number of hijacked systems. Seoul made up 24 percent of infected computers in the Asia-Pacific region, while Beijing and Taipei represented 17 percent and 14 percent respectively.

At least two countries, Korea and Japan, have seen a rise in broadband penetration, something that Tham suggested was behind the increase in compromised systems.

Denial-of-service attacks, a primary function of bot-infected networks, grew by more than 680 percent during the first half of the year. The average number of attacks increased to 927 attacks per day, compared with an average of 119 attacks per day during the months of June to December 2004.

Leading attack
According to Symantec's report, the top attack in the Asia-Pacific region during the first six months of the year was a DoS attack known as the Generic TCP SYN Flood. This contrasted with the global scenario, where the Slammer worm has occupied the top attack spot for the past four reporting periods.

In addition, information taken from sensors located across the region showed that many countries in the Asia-Pacific were the host of security attacks in this region.

The United States was the leading host of attacks against infected systems in the Asia-Pacific, accounting for 42 percent of the total, Symantec found. Australia, China, Taiwan, Singapore, Hong Kong, the Philippines and South Korea also made it to the top 10 list.

Tham noted that Symantec expects the number of botnets to increase over the next year, and warned that attacks would likely become more sophisticated.

Correction: This story incorrectly stated the numbers of bots detected per day in the first half of 2004. There were more than 30,000 bots detected.

Vivian Yeo of ZDNet Asia reported from Singapore.