Symantec.com > Enterprise > Security Response > Internet Security Threat Report > View the Report > Europe, the Middle East, and Africa (EMEA)

Europe, the Middle East, and Africa (EMEA)

Introduction | EMEA Malicious Activity by Geography | Attack Origin by Country | Top Malicious Code Samples

EMEA Malicious Activity by Geography

Background

This metric assesses the countries in the Europe, the Middle East, and Africa (EMEA) region in which the largest amount of malicious activity takes place or originates. Malicious activity usually affects computers that are connected to high-speed broadband Internet because these connections are attractive targets for attackers. Broadband connections provide larger bandwidth capacities than other connection types, faster speeds, the potential of constantly connected systems, and typically a more stable connection. Symantec categorizes malicious activities as follows:
  • Malicious code: This includes viruses, worms, and Trojans that are covertly inserted into programs. The purposes of malicious code include destroying data, running destructive or intrusive programs, stealing sensitive information, or compromising the security or integrity of a victim’s computer data
  • Spam zombies: These are compromised systems that are remotely controlled and used to send large volumes of junk or unsolicited emails. These emails can be used to deliver malicious code and phishing attempts.
  • Phishing hosts: A phishing host is a computer that provides website services for the purpose of attempting to illegally gather sensitive, personal and financial information while pretending that the request is from a trusted, well-known organization. These websites are designed to mimic the sites of legitimate businesses.
  • Bot-infected computers: These are compromised computers that are being controlled remotely by attackers. Typically, the remote attacker controls a large number of compromised computers over a single, reliable channel in a bot network (botnet), which then is used to launch coordinated attacks.
  • Network attack origins: These are originating sources of attacks from the Internet. For example, attacks can target SQL protocols or buffer overflow vulnerabilities.
  • Web-based attack origins: This measures attack sources that are delivered via the Web or through HTTP. Typically, legitimate websites are compromised and used to attack unsuspecting visitors.

Methodology

To determine malicious activity by source geography, Symantec has compiled geographical data on numerous malicious activities, including malicious code reports, spam zombies, phishing hosts, bot-infected computers, and network attack origins. The proportion of each activity originating in each geography is then determined within the region. The mean of the percentages of each malicious activity that originates in each geography is calculated. This average determines the proportion of overall malicious activity that originates from the geography in question. The rankings are then determined by calculating the mean average of the proportion of these malicious activities that originated in each geography.
Figure E.1. Malicious activity by source: EMEA rankings, 2011 Source: Symantec
Figure E.1. Malicious activity by source: EMEA rankings, 2011
Source: Symantec
Figure E.2. Malicious activity by source: EMEA Malicious code, 2011 Source: Symantec
Figure E.2. Malicious activity by source: EMEA
Malicious code, 2011
Figure E.3. Malicious activity by source: EMEA Spam zombies, 2011 Source: Symantec
Figure E.3. Malicious activity by source: EMEA Spam zombies, 2011
Source: Symantec
Figure E.4. Malicious activity by source: EMEA Phishing hosts, 2011 Source: Symantec
Figure E.4. Malicious activity by source: EMEA Phishing hosts, 2011
Source: Symantec
Figure E.5. Malicious activity by source: EMEA Bots, 2011 Source: Symantec
Figure E.5. Malicious activity by source: EMEA
Bots, 2011 Source: Symantec
Figure E.6. Malicious activity by source: EMEA Web attack origins, 2011 Source: Symantec
Figure E.6. Malicious activity by source: EMEA Web attack origins, 2011
Source: Symantec
Figure E.7. Malicious activity by source: EMEA Network attack origins, 2011 Source: Symantec
Figure E.7. Malicious activity by source: EMEA Network attack origins, 2011
Source: Symantec

Commentary

  • Malicious activity originating from computers in Germany has pushed the geography to the top of the table of overall malicious activity in 2011, with Germany being the number one host for phishing Web sites in the region. Germany was also ranked in second position for bot activity, network attacks and Web-based attacks. Germany was ranked in fifth position worldwide as a source for worldwide malicious activity.
  • Russia was ranked in second position overall in EMEA and was the top source of spam zombies in the region.
  • The United Kingdom was ranked third overall in the region and was in first position for malicious code activity in EMEA and the top source of network attacks in the region.