56 Figure 2-2 Categories of the Incidents Handled by CNCERT in 2014 2.2. Internet Awareness 2.2.1. Malware Activities In mainland China, IPs of the hosts infected with Trojan or Botnet reached about 11.1 million, which decreased by 2.3 compared with that in 2013. Because CNCERT awareness systems are all located in mainland China, most IPs of Trojan or Botnet CC servers we found were identified in local networks. But we still saw more than 42.3 thousand oversea CC servers which increased 25.3 from 2013. As shown in Figure 2-3, the US hosted the largest number of oversea CC servers’ IPs of Trojan or Botnet, followed by China HongKong and South Korea. 57 Figure 2-3 The distribution of overseas CC server’s IP addresses in 2014 By CNCERT’s Conficker Sinkhole, over 70.1 million hosts were suspected to be infected all over the world. And 8.9 million compromised hosts were located in mainland China. As shown in Figure 2-4, mainland China 12.7 had the most infection, followed by India 7.9, and Brazil 6.9. Figure 2-4 Worldwide Locations of the Computers Infected With Confickers in 2014 The malware-hosting websites is the jumping-off place for malware propagation. The malware-hosting websites monitored by CNCERT in 2014 involved about 10.4 thousand domains, about 5.1 thousand IP addresses and about 115.1 thousand Mainland China 12.7 India 7.9 Brazil 6.9 Russia 4.8 Vietnam 4.7 Italy 4.0 Mexico 3.3 Taiwan China 3.0 Argentina 2.9 Poland 2.5 Others 47.0 Worldwide Locations of the Computers Infected With Confickers in 2014 58 malware download links. Among the 10.4 thousand malicious domains, 92.9 of their TLDs fell into the category of .com. Among the 5.1 thousand malicious IPs, 52.0 were located overseas. In 2014, CNCERT monitored about 15.9 million malware spreading incidents. Figure 2-5 depicts the monthly statistics of malware spreading incidents in 2014, with the most rampant malware activity in May. Figure 2-5 Monthly Statistics of Malware Spreading Incidents in 2014

2.3. Website Security

About 37.0 thousand websites in mainland China were defaced, a considerable increase of 54.2 compare with that in 2013, including 1763 government sites. Besides, about 40.2 thousand websites were detected to be planted with backdoors and secretly controlled, including 1529 government sites. In 2014, CNCERT found about 99.4 thousand phishing sites targeting the websites in mainland China. About 6844 IPs were used to host those fake pages. About 89.4 were out of mainland China. Most of the phishing servers 17.7 were located in US. CNCERT found almost 19.2 thousand overseas IPs conducted remote control on over 33.6 thousand websites in mainland China. As shown in Figure 2-6, 4761 24.8 were located in the US, followed with 1280 6.7 in Korea and 1238 6.5 in China Hongkong . 276410 615315 168196 1250303 4988879 3051888 686088 1543621 946843 1083748 952761 309660 1000000 2000000 3000000 4000000 5000000 6000000 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Monthly Statistics of Malware Spreading Incidents in 2014 59 Figure 2-6 The distribution of overseas IPs that planted backdoors to Chinese websites in 2014

2.4. Mobile Awareness