Is China leaving the Internet’s back door open?

The majority of the Internet’s malware-infected websites are located on Chinese networks, finds a new report released today by StopBadware.org, the university-based research initiative aimed at protecting users from dangerous software. The report also identifies the 10 network blocks that contain the largest number of badware sites. Six of the 10 are located in China.

As China strives to hone its image in preparation for the Beijing Olympics, 52 percent of the more than 200,000 infected sites StopBadware.org analyzed in late May were hosted by Chinese networks. U.S.-based networks accounted for 21 percent of bad sites. The data were provided by Google’s Safe Browsing team and are searchable by URL in the StopBadware.org Badware Website Clearinghouse.

The owners of these network blocks play a variety of roles in the Internet ecosystem. Some directly control the infected servers on their networks, while others lease equipment and/or bandwidth to customers who control their own servers. Google, which is a sponsor of StopBadware.org, hosts free blogs on its network through its popular Blogger service. Malicious users sometimes exploit these free blogs as a means to link to or distribute malware. Google disables the blogs as soon as they detect the bad content, but the dead blogs remain in the list of infected sites until Google’s automated malware detection system has an opportunity to rescan them.

Maxim Weinstein, manager of StopBadware.org, says the country and network data are a helpful step in understanding the distribution of malware, but we should be careful about assigning blame.