McAfee: China leads world in hacked computers

in identifying higher-order threats that could compromise critical computer systems.

One reason computers in China are so vulnerable to botnets may be that software piracy is common and computer users often have not updated the patches on their machines, said George Kurtz, McAfee’s worldwide chief technology officer.

In fact, the number of zombie computers in a country says more about the vulnerability of the computers than about who infected them, Baker said. A nation that might want to use botnets as part of an attack probably would want to have its own computers bot-free and commandeer computers in other countries, he said.

Nakashima notes that China has steadfastly denied that it supports or engages in hacking and that it penetrates U.S. firms’ computers to steal technology and trade secrets to help state companies — whether by bots or any other tool. Such “remarks are groundless,” Peng Bo, an official with the Internet bureau under the Information Office, said in remarks to the New China News Agency. “In fact, China is the country worst hit by worldwide hackers.”

Experts say that the United States, which is highly networked and dependent on the Internet for commerce and the running of industry, is the most vulnerable of all countries to cyberattack.

At the same time, the United States is considered the most worrisome potential aggressor, according to McAfee, which in a separate recent survey of 600 technology and security executives of firms around the world found that 36 percent feared the United States and 33 percent feared China as potentially attacking their industries. Russia ran a distant third, at 12 percent.

The result “might simply be a reflection of the raw capabilities and frankly the raw size of U.S. intelligence agencies,” retired Gen. Michael V. Hayden, former director of the CIA and of the National Security Agency, said in the report, which was produced in conjunction with the Center for Strategic and International Studies. The United States also has been engaged in a protracted debate about how to organize its attack and defense capabilities, which may have created an “echo chamber” for concerns about such abilities, the report noted.

That report, issued last month, also found that 59 percent of the executives surveyed said they believed that representatives of foreign governments had already been involved in denial-of-service attacks (the disabling of a Web site by bombarding it with requests for access) and network intrusions to control or steal data from “critical infrastructure” industries in their countries.