YNOT – Despite escalating hostilities over allegations that the Chinese government has embarked upon an extensive program of cyber-espionage, the majority of malware attacks are hosted on servers in the U.S. and Russia, a new report asserts.

Host Exploit’s quarterly World Hosts Report for the quarter ending December 31, 2012, calls Ecatel Network in the Netherlands the most malicious host in the world. Of the top 20, five are located in the U.S. and four are located in Russia. China is represented only once among the top 20 and only twice among the top 50.

Host Exploit ranks malicious hosts based on a propriety algorithm that weighs factors including the volume of malware, botnet traffic, spam and phishing emerging from the block of IP addresses assigned to each host against the total number of IP addresses at the host. While Ecatel, which leads the pack in botnet traffic, is relatively small on a global scale with only about 13,000 IPs, many of the addresses were used for nefarious purposes during October, November and December of 2012. By comparison, Chinanet Backbone — the lone Chinese entry on the top-20 list — encompasses more than 116 million IPs. Though the percentage of compromise within Chinanet Backbone is far smaller than Ecatel’s, the Chinese operation was responsible for a far greater share of the world’s unsavory activity because of its sheer size.

The “most malicious” host in the U.S., according to the report, is Landis Holdings, which ranked ninth with 28,000 IP addresses.

Amazon and Google also appear in the report as U.S. hosting providers with large concentrations of websites infected with drive-by downloads and exploit packs. The leader in that category is Mail.ru, a Russian host.