Report: 28 percent of malware attacks originate in China

Nearly 30 percent of all cyberattacks that target individuals' private data and companies' internal systems originate in China, a new report finds.

Those hackers typically rely on U.S.-based e-mail servers to dispatch their malware to computers around the globe, creating the impression that more than one-third of the world's malicious code originates in the United States, according to Symantec's study, released on Thursday.


But a closer look at the source IP address behind the e-mails -- which best pinpoints the message's starting point -- reveals about 28.2 percent of global malware attacks actually arrive by way of China.

"When considering the true location of the sender rather than the location of the email server, fewer attacks are actually sent from North America than it would at first seem," said Paul Wood, a top analyst for Symantec's MessageLabs Intelligence.

"A large proportion of targeted attacks are sent from legitimate webmail accounts which are located in the United States and therefore, the IP address of the sending mail server is not a useful indicator of the true origin of the attack," he added.

Symantec's findings this week are sure to bolster congressional lawmakers and tech insiders' recent criticisms of China, which many seem to pinpoint as the source of an increasing number of cyberattacks on businesses and governments.

One such alleged Chinese breach in January targeted Google, human rights activists on its Gmail network and 20 other U.S. businesses. While Google insisted the Chinese military working with two schools piloted the attacks, officials in Beijing have routinely denied any involvement.

The spat has grown so virulent that Google has since ceased censoring its search services -- a violation of Chinese law that could result in the company's expulsion from the search market.

Citing that incident, a number of U.S. lawmakers have consequently called for comprehensive cybersecurity legislation to protect essential government or private networks from a crippling security breach.

At least three proposals of varying size and scope are awaiting further congressional action, with one bill -- authored by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine) -- soon to head to the Senate floor.