Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Hacking Allegations | China Computer Emergency Response Team Weekly Report

Hacking Allegations | China Computer Emergency Response Team Weekly Report

Ratings: (0)|Views: 194|Likes:
Published by John André
China alleges network intrusions of its own following US state-sponsored hacking allegations, claims many came from United States.
China alleges network intrusions of its own following US state-sponsored hacking allegations, claims many came from United States.

More info:

Published by: John André on Mar 23, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/23/2013

pdf

text

original

 
 
1
Key Findings
Malware Activities
1.4 Million
Infected Computers in Mainland China
6,508
616
Defaced Websites in Mainland ChinaDefaced gov.cn
2,092
97
Backdoored Websites in Mainland ChinaBackdoored gov.cn
927
Phishing Webpages Targeting Websites inMainland China
113
30
New Vulnerabilities Collected by CNVDHigh-severity Vulnerabilities
1 milllion0.4 millionConfickersTrojans orBotnets
Issue 10 2013
Mar 4-10
Weekly Report of CNCERT
 
CNCERT/CC
 
36.2%22.4%11.2%5.8%7.9%24.9%1.6%5.6%
The infected computers inmainland China amounted tonearly 1.4 million, among whichabout 0.4 million were controlledby Trojans or Botnets and about 1million by Confickers.
marks the same number as last week; marks an increase from last week; marks a decrease from last week 
31.5%0.7%
Good
 
Fair
 
Poor
 
Very PoorExcellent
 
 
 
2
about 95,000(21.8%)
Guangdongprovince
about 31,000(7.1%)
Jiangsuprovince
about 26,000(6%)
Zhejiangprovince
133New malwarefamiliesNew malwarenames
The map on the left illustratesdistribution of the computers controlledby Trojans or Botnets in mainlandChina. The regions in red are mostseriously affected. This week, the top 3were Guangdong province, Jiangsuprovince and Zhejiang province.CNCERT captured a greatnumber of new malwaresamples this week. 33 newmalware names were identified,and 1 new malware family wasdetected.The malware-hosting websites is the jumping-off place for malware propagation. Themalware-hosting websites monitored by CNCERT this week involved 140 domains and 262 IPaddresses. Among the 140 malicious domains, 60.7% were registered overseas and 66.4% of their TLDs fell into the category of.com. Among the 262 malicious IPs, 54.2% were located in mainlandChina and 45.8% were overseas. Based on our analysis of the malware-hosting website
s URLs, themajority of them were accessed via domain names, and only 98 were accessed directly via IPs.
15.4%1
 
 
3
 Anti Network-Virus Alliance of China (ANVA) is an industry alliance that was initiated by Network and  Information security Committee under Internet Society of China (ISC) and has been operated by CNCERT.
Website Security
Overseas60.7%InmainlandChina24.3%Unknown15.0%
Malware-hosting Websites' Domains RegisteredHome and Abroad (Mar 4-10)
.com66.4%.cn11.4%.net6.4%.kr5.7%.ru2.1%.info2.1%.biz1.4%.it1.4%.org0.7%.ua0.7%Others1.4%
TLD Distibution of the Malware-hostingWebsites' Domains (Mar 4-10)
9272,0926,508Phishing pages targetingwebsites in mainland ChinaBackdoored websits inmainland ChinaDefaced websites in mainlandChina
This week, CNCERT monitored6,508 defaced websites, 2,092websites planted withbackdoors and 927 phishingweb pages targeting websitesin mainland China.This week, the defaced government (gov.cn) websites totaled 616 (9.5%), an increase of 24.9%from last week. Backdoor were installed into 97 (4.6%) government (gov.cn) websites, whichreduced by 5.8% from last week. The fake domains and IP addresses targeting websites inmainland reached 605 and 310 respectively, with each IP address loading about 3 phishing webpages on average.
In terms of the malicious domain names and IPs either monitored by CNCERT or sourced from thereporting members, CNCERT has actively coordinated the domain registrars and other relatedagencies to handle them. Moreover, the blacklist of these malicious domains and IPs has beenpublished on the website of Anti Network-Virus Alliance of China (ANVA).
 
The URL of ANVA for Publishing the Blacklist of Malicious Domains and IPs
.1.6%5.8%11.2%

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->