When most people think of the attacks and hacks that we receive on a daily basis they tend to think of a lot of the attacks coming from foreign countries.
This includes countries such as Russia and China.
But the fact of the matter is that most of the servers that have malware hosted on them come from the United States.
The US is the largest country when it comes to web servers so it only makes sense that they would host the most malware but the people who protect our networks have to remember this statistic as well.
They seem to be on the alert only when it seems as if someone from a foreign country has cracked into an important system but they need to remember to looker closer to home too.
How Does This Malware Get Onto The Servers?
The malware that is hosted on these servers gets on there in many ways.
Some people host the malware there on purpose.
They think that no-one would ever look there so they keep it hiding in plain sight.
They may even have a fake name that they gave the server host.
This way, if anyone does discover their secret they can just leave it and no-one would be more the wiser.
In other cases, the owner of the web server has no clue that it is there because someone has broken into their system and left it there.
They are able to break into the system in many ways.
This includes a direct hack on the server or they may use some software that is on the server such as WordPress and try to find a back door with it.
A lot of the software that people use on their servers is either left unsecured or outdated and needs to be upgraded.
Once the malware is on the server it may take months for anyone to notice that it is up there.
All the while it can be running attacks against innocent victims.
This is why, even though it may not seem like it, the US unwittingly hosts a lot of the malware that we are attacked with.
They have their own black hat hackers, as well as foreign hackers, hiding the malware without anyone knowing.
If you are a person that is in charge of protecting a computer network the first thing that should be a priority is what is the traffic doing that is routing through your system.
Trying to filter the traffic through the use of GEO IP addressing is a losing cause.
If most of the malware is hosted on US soil how are you going to stop it by blocking the IP address of everyone from China?
The malware prevention used on the network needs to be better than that.