September the second week of Network security report: found put horse site domain name 52

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6.58.html ">seo diagnose Taobao guest cloud host technology Hall

IDC Comment Network (idcps.com) September 25 reported: Recently, according to Cncert sampling monitoring results and national information security vulnerability Sharing Platform (CNVD) published data, from September 9 to September 15, China's Internet network Security index overall evaluation as medium.

Among them, the number of hosts infected with network virus in the country is about 580,000, up 5.6% from last week; the number of government sites tampered with was 353, down 0.8% from last week; the number of government websites that had been implanted in the back door was 107, down 20.7% from last week; the number of phishing pages for domestic websites is 954 , up 51.7% from a quarter earlier last week, with 133 new information security vulnerabilities, with 40 new high-risk vulnerabilities, down 29.8% from last week.

Below, IDC comments the network with everybody concerns in the period from September 9 to September 15, our country Internet network security condition:

I. Network virus activity

(1) The number of hosts infected with the network virus in the territory is about 580,000, including about 265,000 of the hosts that have been programmed by Trojans or zombies, and about 315,000 of the hosts infected with the Conficker worm in the territory.

(2) in the network virus capture, Cncert captured a large number of new network virus files, according to the network virus name statistics add 93, according to network virus family statistics no new.

(3) In the network virus transmission, the CNCERT monitoring discovers the horse-putting site altogether involves the domain name 52, involves the IP address 77. Of the 52 domain names, about 69.2% are registered overseas and about 78.8% of the top-level domain is. com, and about 29.9% of the 77 IP is located offshore. According to the analysis of the Put horse URL, most of the horse-putting site is accessed through the domain name, while direct access through IP involves 34 IP.

(Fig. 1) The distribution of the domain name registration of the Pegasus site

(Figure 2) The top-level domain name of 52 horse-putting sites

II. website Security

According to the Cncert monitoring data, during the statistical period, the number of tampered sites in the territory was 5,269, down 2.2% from the Quarter-on-quarter last week. The number of sites implanted in the back door was 10,402, up 27.5% per cent last week; the number of phishing pages for domestic websites was 954, up 51.7% per cent last week.

The territory has been tampered with the number of government websites (gov category) is 353 (about 6.7%), compared to last week, decreased by 0.8%; The number of government websites (Gov), which was implanted in the back door, was 107 (about 1%), which decreased by 20.7% in the last week; Phishing pages for domestic sites involve 749 domain names, 175 IP addresses, and an average of about 5 phishing pages per IP address.

(Fig. 3) The tampered websites in our country are distributed by type

(Fig. 4) Web sites in China that are implanted in the back door are distributed by type

Iii. Critical Vulnerabilities

The national information Security vulnerability Sharing Platform (CNVD) includes 133 new network security vulnerabilities, and the overall evaluation level of information security vulnerability threat is medium.

(Figure 5) CNVD included vulnerabilities by impact object type

Summary: In the period from September 9 to September 15, China's Internet network Security index overall evaluation as medium. No more serious network security incidents were found. However, users need to pay special attention to the need to strengthen the system in a timely manner to repair and reinforce the installation of security protection software. During the internet, do not easily open the network of unknown sources of pictures, music, video and other documents, do not download and install some unknown software, especially some so-called plug-in programs to prevent network virus infection.