Symantec.com > Enterprise > Security Response > Internet Security Threat Report > View the Report > Americas (AMS) - North America & Latin America

Americas (AMS) - North America & Latin America

The Americas Region - Introduction | AMS Malicious Activity by Geography | AMS Attack Origin by Country | AMS Top Malicious Code Samples

AMS Malicious Activity by Geography

Background

This metric assesses the countries in the Americas (including North America and Latin America) region in which the largest amount of malicious activity takes place or originates. Malicious activity usually affects computers that are connected to high-speed broadband Internet because these connections are attractive targets for attackers. Broadband connections provide larger bandwidth capacities than other connection types, faster speeds, the potential of constantly connected systems, and typically a more stable connection. Symantec categorizes malicious activities as follows:
  • Malicious code: This includes viruses, worms, and Trojans that are covertly inserted into programs. The purposes of malicious code include destroying data, running destructive or intrusive programs, stealing sensitive information, or compromising the security or integrity of a victim’s computer data.
  • Spam zombies: These are compromised systems that are remotely controlled and used to send large volumes of junk or unsolicited emails. These emails can be used to deliver malicious code and phishing attempts.
  • Phishing hosts: A phishing host is a computer that provides website services for the purpose of attempting to illegally gather sensitive, personal and financial information while pretending that the request is from a trusted, well-known organization. These websites are designed to mimic the sites of legitimate businesses.
  • Bot-infected computers: These are compromised computers that are being controlled remotely by attackers. Typically, the remote attacker controls a large number of compromised computers over a single, reliable channel in a bot network (botnet), which then is used to launch coordinated attacks.
  • Network attack origins: These are originating sources of attacks from the Internet. For example, attacks can target SQL protocols or buffer overflow vulnerabilities.
  • Web-based attack origins: This measures attack sources that are delivered via the Web or through HTTP. Typically, legitimate websites are compromised and used to attack unsuspecting visitors.

Methodology

To determine malicious activity by source geography, Symantec has compiled geographical data on numerous malicious activities, including malicious code reports, spam zombies, phishing hosts, bot-infected computers, and network attack origins. The proportion of each activity originating in each geography is then determined within the region. The mean of the percentages of each malicious activity that originates in each geography is calculated. This average determines the proportion of overall malicious activity that originates from the geography in question. The rankings are then determined by calculating the mean average of the proportion of these malicious activities that originated in each geography.

Data

Figure G.1. Malicious activity by source: Americas rankings, 2011
Figure G.1. Malicious activity by source: Americas rankings, 2011
Source: Symantec
Figure G.2. Malicious activity by source: Americas Malicious code, 2011
Figure G.2. Malicious activity by source: Americas Malicious code, 2011
Source: Symantec
Figure G.3. Malicious activity by source: Americas Spam zombies, 2011
Figure G.3. Malicious activity by source: Americas Spam zombies, 2011
Source: Symantec
Figure G.4. Malicious activity by source: Americas Phishing hosts, 2011
Source: Symantec
Figure G.5. Malicious activity by source: Americas Bots, 2011
Source: Symantec
Figure G.6. Malicious activity by source: Americas Web attack origins, 2011
Figure G.6. Malicious activity by source: Americas Web attack origins, 2011
Source: Symantec
Figure G.7. Malicious activity by source: Americas Network attack origins, 2011
Source: Symantec

Commentary

  • Malicious activity originating from infected computers in the Brazil has pushed the country to the top of the table as a source of malicious activity in LAM for 2011, and ranked fourth globally.
  • The United States was number one for NAM and number one globally. Brazil and the United States were the top source of malicious activity across all categories for each of their respective regions.
  • Argentina was ranked in second position overall in LAM, and was ranked second for spam zombies, bots and as a source of network attacks in LAM.