Old Windows exploits dominate hack attack traffic

China and US are the leading sources of hacking attacks, which are overwhelmingly targeted against Windows systems.

According to a new study by content distribution firm Akamai the two countries accounted for 30 per cent of attack traffic during the first quarter of 2008. Around 17 per cent of denial of service and exploit traffic came from China, with the US close behind at 14 per cent. Ten countries accounted for three in four instances of attack traffic. Argentina, Brazil, India, Japan, South Korea, Taiwan and Turkey were all fingered by Akamai as leading sources of attack.

Many of the network ports targeted by the greatest volume of attack traffic were associated with worms, viruses and Trojans that spread across the internet several years ago. Akamai reckons this finding suggests many people are still failing to patch systems to defend against well-known risks.

"While that’s not to say that there are not any current pieces of malware that attack these ports, it may point to a large pool of Microsoft Windows-based systems that are insufficiently maintained, and remain unpatched years after these attacks 'peaked' and were initially mitigated with updated software," it said.

The most common attacks picked up by Akamai were associated with well-known Windows exploits. Around one-third of the attacks (30 per cent) targeted port 135, which is used for remote procedure calls in Windows. The port was used by the infamous Blaster worm to spread onto unpatched PCs back in 2003. Port 139, generally used for Windows network shares, and port 22 (used by SSH), were also frequently attacked. Attacks associated with port 22 would commonly involve attempts to work out remote access passwords by brute force and accounted for 12 per cent of attack traffic.

Akamai's first State of the Internet (pdf - registration required), published on Thursday, shows that countries long linked with high volumes of spam traffic (such as the US and China) are also associated with high volumes of exploit related traffic.

The survey also sheds light of the worldwide digital divide. South Korea has the highest levels of "high broadband" (ie greater than 5 Mbps) connectivity whereas Rwanda and the Solomon Islands struggle along in the slow-lane of the internet superhighway with the vast majority of internet connections (95 per cent) tapping out at less than 256kbps. ®