By Joel Hruska
June 25, 2008 - 06:35PM CT

Stopbadware.org has released its May, 2008 report on badware hosting and the geographical locations from which badware originates. The organization drew its data from Google's "Safe Browsing" initiative, which maintains a database of websites that attempt to phish personal information from users who visit.

As of May, Google had recorded some 213,575 individual websites, which StopBadware then mapped to IP addresses. This data was then cross-referenced to determine the IP block's country of origin. One potential flaw in StopBadware's analysis, however, is that it makes no attempt to differentiate between sites that have been infected by malware and those sites deliberately distributing it.

This makes a certain amount of sense—most antivirus software focuses on stopping attacks, not identifying their purpose—but it would've been useful to see what percentage of the websites identified as hosting badware were active distributors. Such information could be directly useful to anyone attempting to attack or block the source of such material.

StopBadware acknowledges further limitations in its own report—Google identifies sites based on common malware traits, and the list of sites itself is limited to sites Google has scanned, and is thus unlikely to be truly comprehensive. Even given these limitations, Stopbadware.org's study reveals that the data rather decisively points in one direction—East.