Is China Leaving the Internet's Back Door Open?

Is China Leaving the Internet's Back Door Open?

Chinese Networks Are Hosting Majority of the Internet’s Malware Sites, Report Finds


CAMBRIDGE, Mass., June 24, 2008 — The majority of the Internet’s malware-infected websites are located on Chinese networks, finds a new report released today by, the university-based research initiative aimed at protecting users from dangerous software. The report also identifies the 10 network blocks that contain the largest number of badware sites. Six of the 10 are located in China.

“Sites that infect visiting PCs represent some of the worst of digital pollution,” said Jonathan Zittrain, co-director and Professor of Law at Harvard Law School. “Malware is a global problem that requires cooperation across industries and across national borders.”

As China strives to hone its image in preparation for the Beijing Olympics, fifty-two percent of the more than 200,000 infected sites analyzed in late May were hosted by Chinese networks. U.S.-based networks accounted for 21 percent of bad sites. The data were provided by Google’s Safe Browsing team and are searchable by URL in the Badware Website Clearinghouse.

The analysis also revealed the Internet’s 10 most infected network blocks:

The owners of these network blocks play a variety of roles in the Internet ecosystem. Some directly control the infected servers on their networks, while others lease equipment and/or bandwidth to customers who control their own servers. Google, which is a sponsor of, hosts free blogs on its network through its popular Blogger service. Malicious users sometimes exploit these free blogs as a means to link to or distribute malware. Google disables the blogs as soon as they detect the bad content, but the dead blogs remain in the list of infected sites until Google’s automated malware detection system has an opportunity to rescan them.

Maxim Weinstein, manager of, says the country and network data are a helpful step in understanding the distribution of malware, but we should be careful about assigning blame.

“Our goal in releasing this report is not to point fingers or to imply that network owners or governments are at fault for the malware on their networks, but rather to start a conversation. When different links in the Internet chain talk to each other and share information, it leads to solutions that in turn lead to a safer Internet for all of us.”

He points, for example, to his team’s success last year, when a similar report revealed U.S.-based web hosting company iPowerWeb as home to over ten thousand infected sites, making it the most infected network at the time.

“When we published that report,” says Weinstein, “it prompted iPowerWeb to ask for help. With support from and data from Google, the company was able to clean up all those sites and secure its servers against future attacks.” Weinstein notes that, based on the latest data, iPowerWeb is hosting so few infected sites that it is not even in the top 250 most infected networks.

On Friday, researchers will present related research at the Workshop on the Economics of Information Security, hosted by the Tuck School of Business at Dartmouth College.

To read a full copy of the report, please follow this link.

About is a partnership among academic institutions, technology industry leaders, and volunteers committed to protecting Internet users from threats to their privacy and security caused by bad software. is led by Harvard University’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute. Consumer Reports WebWatch serves as an unpaid special advisor. The initiative is supported by Google, PayPal, Lenovo, AOL, Trend Micro, and VeriSign. For more information, please visit