July network security report for the first four weeks the discovery of the horse site 125

IDC on the network (idcps.com) reported on 01 may 08: Sharing Platform Based on CNCERT sampling and monitoring results of the national information security vulnerabilities (CNVD) released data that, in the period from July 21st to July 27th, the overall evaluation of China’s Internet network security index for the.

the number of host virus infection within the network is about 770 thousand, up 1.3% over last week; the government has been tampered with the number of sites is 330, increased by 11.1% QoQ last week; territory backdoor number of government websites for 45, up 28.6% over last week; according to the number of counterfeit page within the site is 2110 a, a decline of 26.2% from last week; the new information security vulnerabilities 262, including high-risk vulnerabilities 61.

below, IDC review network with everyone concerned during the period from July 21st to July 27th, China’s Internet security situation:

a, network virus activity

(1) number within the network virus infected host is about 770 thousand, including host Trojan or bot control of the territory and the territory of about 392 thousand (Conficker) infected fly off worm hosts about 378 thousand.

(2) in the network virus capture, CNCERT captured a large number of new network virus files, according to the network name of the virus statistics added 15, according to the network virus family statistics added 2.

(3) in the spread of the virus on the network, the horse is the site of the spread of the virus. This week, CNCERT monitoring found that the horse site involved a total of 125 domain names, involving IP address of 199. In the 125 domain names, about 55.2% for overseas registration, and the top-level domain for.Com accounted for about 68%; in the IP of the, about 38.2% are located outside. According to the analysis of the horse URL found that most of the site is through the domain name to visit the horse, and through the IP direct access to the 36 IP.

(Figure 1) put horse site domain name registration within and outside the territory of the distribution of

  (Figure 2) the 501 horse site belongs to the top-level domain name

two, website security

according to CNCERT monitoring data, during the statistical period, the number of sites were tampered with the territory of 8679, compared with the previous week, an increase of ring ratio of 25.6%. The number of sites inside the back door was 928, the chain fell by 17.4% last week, the number of domestic websites for the number of fake pages, the chain fell by 26.2% last week.

has been tampered with the government website (class GOV) for the number of 330 (about 3.6% of the territory), compared with the previous week, an increase of the ring ratio of 11.1%; the territory of the government portal website (GOV class) number ()