Stopbadware.org has released its May, 2008 report (PDF) on badware hosting and the geographical locations from which badware originates. The organization drew its data from Google's "Safe Browsing" initiative, which maintains a database of websites that attempt to phish personal information from users who visit. As of May, Google had recorded some 213,575 individual websites, which StopBadware then mapped to IP addresses. This data was then cross-referenced to determine the IP block's country of origin.

One potential flaw in StopBadware's analysis, however, is that it makes no attempt to differentiate between sites that have been infected by malware and those sites deliberately distributing it. This makes a certain amount of sense—most antivirus software focuses on stopping attacks, not identifying their purpose—but it would've been useful to see what percentage of the websites identified as hosting badware were active distributors. Such information could be directly useful to anyone attempting to attack or block the source of such material. StopBadware acknowledges further limitations in its own report—Google identifies sites based on common malware traits, and the list of sites itself is limited to sites Google has scanned, and is thus unlikely to be truly comprehensive.

Even given these limitations, Stopbadware.org's study reveals that the data rather decisively points in one direction—East.

Stopbadware went a step further, and took a shot at calculating the number of badware sites per million Internet users. The data set, in this case, is from 2006, but the numbers should still point us in the right direction. Once again, China tops the list with 689 badware sites per million. Russia and the US are number two and number three, but follow at a distance. Combined, the two countries would have a ratio of 519 per million users—still 25 percent less than China.

Badspyware further notes that China owns six of the top 10 network blocks used for hosting badware, including the top four infected blocks as detected by the survey. StopBadware attempted to contact the ISPs who own the network blocks in question, but did not receive replies.

StopBadware makes no attempt to determine why China ranks as poorly as it does, but notes that there may be insufficient economic incentives to encourage the Chinese ISPs to clean up their acts (and networks). It's possible for a network to shift position on the organization's list in just one year. After iPowerWeb was identified last year as the owner of the most-infected network block, the company worked closely with both Google and StopBadware to improve the situation. As a result, it's no longer listed among even the top 250 infected networks. Any improvement to the situation will have to come from both international dialog and internal economic policies that encourage ISPs to handle their own policing. The Chinese government has spent enormous amounts of money preparing the country to host the 2008 Olympic Games—it may be time to encourage the nation to clean its digital streets as well.