December First week network security Report: Found active malicious domain name 29

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Recently, according to the Cncert sampling monitoring results and national information security vulnerability Sharing Platform (CNVD) published data, from November 28 to December 4, China's Internet network Security index overall evaluation as good.

Among them, the number of hosts infected with network virus in the territory of about 1.232 million, compared to the number of last week, a sharp reduction of about 43.5%; The new network virus family 3, compared to last week, reduced the number of 2; New information security vulnerabilities, 76, are down 37.7% from last week's new number, with 22 new high-risk vulnerabilities and a 20 reduction from last week's new number.

Below, IDC comments the network with everybody concerns in the period from November 28 to December 4, our country Internet network security condition:

I. Network virus activity

The number of hosts infected with the network virus in the territory is about 1.232 million, a sharp drop of about 43.5% from last week's number. Among them, the territory by Trojans or zombies program control of about 227,000, the chain significantly reduced by about 43.1%, the domestic infection of the Conficker worm host about 1.004 million, the chain significantly reduced by about 43.6%.

(1) According to the China Anti-Network Virus Alliance (ANVA) organized the release of active network virus to learn that the use of web-horse, software fake and bundled download to spread the proportion of network viruses, viruses are still more to exploit system vulnerabilities to attack the system. In this way, we come to understand the malicious virus TOP5 active on the network:

(Figure 1) November 28-December 4 malicious viruses active on the network TOP5

(2) in the network virus capture, cncert through a variety of channels to obtain a large number of new network virus files, including new network virus name of 124, compared with the new number of last week decreased by about 10.8%; The new network virus family 3, compared to last week's new number reduced by 2. Below, we look at Cncert detected the top five active horse site domain name, active put horse site IP.

(Figure 2) Active horse-TOP5 site domain name

(Figure 3) Active horse-TOP5 site IP

(3) In the statistical period, Cncert monitoring discovery and ANVA focus on active malicious domain name a total of 29, of which the number of domain names registered in the territory of 7 (about 24.1%), the number of registered in the foreign domain is 22 (about 75.9%). The following table for these active malicious domain name top-level domain name top three specific situation, you can see the vast majority of malicious domain names distributed in very few top-level domain.

(Figure 4) Active malicious domain name

II. website Security

According to the Cncert monitoring data, during the statistical period, the number of tampered sites in the territory was 577, down from the number of the last week about 11.8%. The number of tampered sites in the territory by type distribution as shown in the following figure, the largest number is still. com and. com.cn Domain name Web site. Among them, the gov.cn domain name class website has 39 (occupies the territory 6.8%), compared to last week's 48 chain drop about 18.8%.

(Fig. 5) The Quantity distribution map of the tampered websites in mainland China

Summary: In the period from November 28 to December 4, China's Internet network Security index overall evaluation as good, no harm more serious network security incidents. However, users need to pay special attention to the need to strengthen the system in a timely manner to repair and reinforce the installation of security protection software. During the internet, do not easily open the network of unknown sources of pictures, music, video and other documents, do not download and install some unknown software, especially some so-called plug-in programs to prevent network virus infection.