Malware fight goes public on the web
Reported unique IP addresses with infections from February 22 to May 22, 2013. Photo: Australian Communications and Media Authority
At any one time in Australia about 16,500 IP addresses are identified as having malware-infected devices behind them.
That's according to the Australian Communications and Media Authority, which has released a web page of statistics it sends to internet service providers (ISPs) about the infections.
The authority released the data in the hope it would help reduce malicious software, or malware, infections in Australia and raise awareness about how many devices are known to be infected.
The web page, published on Tuesday as part of National Cyber Security Awareness Week, contains detailed statistics of malware infections reported daily to about 130 ISPs and other network operators through the Australian Internet Security Initiative (AISI).
Formed in 2005 to help address the problem of compromised computers – sometimes referred to as bots, or drones – connected to the internet, AISI collects data from various sources on devices exhibiting odd bot-like behaviour on Australian IP addresses.
Using this data, the authority provides malware reports to internet providers, identifying IP addresses on their networks that have generally been supplied in the previous 24 hours. These providers can then choose to inform the customer associated with the IP address that their device appears to be compromised and provide advice on how they can repair it.
The detailed statistics on malware infections show that on average during this financial year about 16,500 malware reports have been provided to AISI participants each day – representing what the authority says is a "significant level of malware" affecting Australians.
How many devices are behind each IP address identified as being infected will vary widely, from only one in some situations to thousands of devices on corporate networks. Because of this, it's likely many more than 16,500 infected devices exist in Australia.
"Once infected with malware, a user's personal identity information can be stolen and their infected computing device used to harm and infect other internet users," said Richard Bean, the authority's deputy chairman.
"Just as the internet increasingly provides rapid access to information about news, events and the activities of friends and family, it should also enable Australians to quickly get information about online risks and threats such as malware infections."
The malware statistics web page is updated every morning with statistics on the number of infections reported to ISPs earlier that day, including the top 20 infection types reported.
The data spans a rolling 90-day period.
The authority said the most prevalent infection type currently being reported are numerous variants of Zeus, which is primarily used for banking fraud, and, among other things, can intercept and modify an infected user's online banking transactions. This allows a person with malicious intent to steal money from an infected user's bank account.
This reporter is on Facebook: /bengrubb