Korea Cleans Up Its Malware Act

After being one of the worst offenders for malware, the south gets serious about malware. The north is still hoping for electricity.

This past summer, Microsoft found a really peculiar phenomenon in its malware research. It noticed that the Republic of Korea, of all places, had the highest malware infection rate in the world. It seemed the land where StarCraft was a national sport wasn't keeping its PCs clean.A big problem was Win32/Onescan, which affected 21% of computers reporting malware infection at one point. Win32/Onescan is a Korean-language family of pretend antivirus scanners, distributed under the names One Scan, Siren114, EnPrivacy, PC Trouble, My Vaccine, and others, that claim to be legitimate antivirus programs, but aren't. Most Americans learned not to fall for that scam years ago, so the bad guys went elsewhere.That wasn't the only area where the Koreans were playing catchup. In late 2010, in the area of phishing sites per 1,000 hosts, Korea was 80 times higher than the United States, while Malware hosting sites per 1,000 hosts was 172 times higher in Korea than in the United States, and the percentage of sites hosting drive-by downloads was 54 times higher in Korea than in the United States.But the Koreans learned quickly. Microsoft notes that in the second quarter of 2011, the malware infection rate in Korea was at its lowest point in more than a year. Win32/Onescan has fallen out of the top 10 malware families detected by Microsoft's Malicious Software Removal program."This is a very positive change for computer users in Korea. But more work is still needed to further reduce the prevalence of worms and exploits in the region. In addition, phishing sites hosted in Korea, malware hosting sites in Korea, as well as sites hosting drive-by downloads in Korea are all many, many times above the worldwide average," wrote Tim Raines, director of product management in Microsoft's Trustworthy Computing group.Korea isn't perfect yet – he notes that infection rates there are still much higher than the rest of the world – but Korea is cleaning up its systems very fast, which is a far cry from perennial offenders like Russia and China.So what's the worst offender Microsoft's Trustworthy Computing group sees these days? Qatar, a Gulf state that is emerging in the world economy as more than just an oil producer. As it turns out, Qatar computers weren't set to their own nation in location settings. They used a different locale setting. Then Microsoft started using IP geolocation and suddenly it noticed much higher infection rates. So it's not like Qatar was suddenly invaded with malware, it's more a case of it finally being noticed.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.