December Fourth Week network security report: found put horse site domain name 350

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

Recently, according to the Cncert sampling monitoring results and the national Information Security vulnerability Sharing Platform (CNVD) published data, from December 19 to December 25, China's Internet network Security index overall evaluation. Among them, the territory by Trojans or zombies programmed by the number of hosts about 1.844 million; The new network virus family 1, more than last week, the number of new additions to the territory has been tampered with a sharp increase in the number of sites around twice times, which was tampered with the number of government web sites 55, compared to the number of the ring last week, a sharp rise of about 41%; New information security vulnerabilities, 107, have fallen by about 7% from last week's new volume, with 35 new high-risk vulnerabilities, up about 9.4% from last week's new volume. In addition, the CSDN community, Tianya Two sites have occurred user data leakage events, to the Internet users have brought serious personal information security threats. Below, IDC comments the network with everybody concerns in the period from December 19 to December 25, our country Internet network security condition:

I. Network virus activity

The number of hosts infected with the network virus in the territory is about 1.844 million. Among them, the territory was Trojan or zombie program control of about 389,000, the chain rose about 15.6%; the host of the domestic infection of the Conficker worm is about 1.456 million.

(1) According to the China Anti-Network Virus Alliance (ANVA) organized the release of active network virus to learn that the use of web-horse, software fake and bundled download to spread the proportion of network viruses, viruses are still more to exploit system vulnerabilities to attack the system. In this way, we come to understand the malicious virus TOP5 active on the network:

(Figure 1) December 19-December 25 malicious viruses active on the network TOP5

(2) in the network virus capture, Cncert captured a large number of new network virus files, which by the name of the network virus added 100, compared with the new number of last week, a slight drop of about 2%; According to the Network virus family statistics added 1, compared to last week's new number increased by 1. Below, we look at Cncert detected the top five active horse site domain name, active put horse site IP.

(Figure 2) Active horse-TOP5 site domain name

(Figure 3) Active horse-TOP5 site IP

(3) in the network of virus transmission, cncert monitoring found in 430 of the site, through the domain name access to a total of 350 domain names, direct access through IP only involved in 80 IP. In 350 of the site domain name, registered in the territory of the number of domain names for 94 (about 26.9%), the number of domain names registered abroad 212 (about 60.6%), unknown registrar of the domestic and foreign information of 44 (about 12.6%). The following figure gives the name of the site to be distributed by the top-level domain, the top three is. com (about 40.9%),. info (about 24.9%),. cn (about 7.7%).

(Figure 4) The top-level domain name of 350 horse-putting sites

In addition, the communications industry, the member unit of the Internet communication has submitted 204 malicious domain names to Cncert (after the heavy), the units submitted to the number of statistics as shown in the following figure.

(Figure 5) The number of malicious top-level domains submitted by each unit

II. website Security

According to the Cncert monitoring data, during the statistical period, the number of tampered sites in the territory was 681, up from the number of the chain last week, increased by about twice times. The number of tampered sites in the territory by type distribution as shown in the following figure, the largest number is still. com and. com.cn Domain name Web site. Among them, the gov.cn domain name class website has 55 (occupies the territory 8.1%), compared to last week's 39 chain rose by about 41%.

(Fig. 6) The Quantity distribution map of the tampered websites in mainland China

Summary: During the period from December 19 to December 25, China's Internet Security Index was evaluated as a whole and no network security incident was found to be more serious. However, users need to pay special attention to the need to strengthen the system in a timely manner to repair and reinforce the installation of security protection software. During the internet, do not easily open the network of unknown sources of pictures, music, video and other documents, do not download and install some unknown software, especially some so-called plug-in programs to prevent network virus infection.

Article by China IDC Review Net original edit, original address:

Http://www.idcps.com/News/20120105/36116.html (if you want to reprint, please indicate the source)