Pokemon trading cards China's Mars landing TCL soundbar deal Pipeline hack update Mass Effect: Legendary Edition Stimulus checks still coming

Symantec finds China top source of malware

More malware is sent via e-mail servers in U.S., but China is actually the top source for malware based on true location of senders, says Symantec.

More malware is now coming out of China than from any other country, according to a new report from Symantec.

The United States still leads the world in the number of malware attacks sent from mail servers. Symantec's report (PDF) found U.S. mail servers responsible for distributing 36.6 percent of all global malware in March, followed by China at 17.8 percent and Romania at 16.5 percent.

Symantec captured these results by analyzing the IP addresses of sending mail servers. The company uncovered a large amount of malware from the United States in large part because many Web-based e-mail services, such as Gmail and Yahoo Mail, are hosted in the U.S.


But analyzing the source of malware based on the mail servers doesn't tell the full picture as the sender can use any Web-based e-mail account. By checking the actual sender's IP address found in the e-mail's header, Symantec found individuals in China responsible for 28.2 percent of malware, Romania for 21.1 percent, and the U.S. for 13.8 percent. Overall, the analysis discovered that most of the attacks coming from mail services in North American actually stem from other regions, including Asia, Europe, and Africa.


"When considering the true location of the sender rather than the location of the email server, fewer attacks are actually sent from North America than it would at first seem," Paul Wood, a senior analyst at Symantec's MessageLabs Intelligence, said Thursday in a statement. "A large proportion of targeted attacks are sent from legitimate webmail accounts which are located in the US and therefore, the IP address of the sending mail server is not a useful indicator of the true origin of the attack."

China, of course, has been in the news lately due to its ongoing battles with Google over search and censorship. China has also been tagged as the source of the cyberattacks launched against Google and other companies.

In its latest analysis, Symantec also discovered more malware targeted to people with specific job roles. The five leading titles hit by malware now include director, senior official, vice president, manager, and executive director. The people receiving a higher number of attacks are typically in charge of foreign trade and defense policy, especially related to Asian countries, said the report.

E-mail file attachments hiding malware continue to be a popular method of attack. The most common types of files found in such e-mails were .xls (Microsoft Excel) and .doc (Microsoft Word) documents. Along with .zip and .pdf files, these four accounted for 50 percent of the files attached to malicious messages this month.

But people should also be wary of receiving encrypted .rar files (a method of compressing files) through e-mail. Though these types of files make up only a small percent of malicious e-mail attachments, Symantec found them to be hosts for malware 96.8 percent of the time.


Overall, Symantec found that spam grew by 1.5 percentage points from February to March and now accounts for 90.7 percent of all e-mail. Viruses were discovered in 1 out of every 358 messages in March, a minor decrease from February, while phishing attacks were uncovered in 1 out of every 513 e-mails.