* - PDF Free Download

Korea Internet & Security Agency 29 12

CONTENTS 1 3 4 5 6 6 7 9 1 13 14 16 18 23 56 59 61

Windows XP SP1 Windows 2 SP4 1 2912

Bot 326 49 2.3 73 73 239 215 11.2% 256 199 28.6% 25 115 117.4% Bot 8,469 46 617 65 194 277 426 1.4% 641 495 72 23 225 97 2.% 695 599 86 219 291 9 1.6% 925 51 162 299 36 1.% 941 88 21 238 193 1.% 837 1 282 261 386.9% 886 68 244 245.9% 879 14 231 241.6% 1,591 15,94 1,579 1,119 1,285 1,582 1,863 2,319 2,2 2,74 2,676 1,748 1,11 1,144 6,49 1,163 3,175 2,98 2,24 8.1% 29 1 2 3 4 5 6 7 8 9 1 11 12 764 1,134 1,29 1,392 1,18 1,2 1,12 13 285 247 251 1,2 1,39.7% 844 1,2 15 232 252 147.6% 49 73 215 199 115.6% 694 326 73 239 256 25.6% 1,395 21,23 1,148 988 2,743 3,31 4,32 1.% 1,6 28 1,591 29 1,4 1,2 1, 925 941 1,2 8 837 886879 844 641 6 695 694 46 4 2 1 2 3 4 5 6 7 8 9 11112 1,2 7 764 617 599 495 2 1,134 1,392 1,29 1,18 1,12 1,2 28 29 49 326 1 2 3 4 5 6 7 8 9 11112 16 12 8 65 72 86 88 51 4 1 68 14 13 15 28 29 73 73 1 2 3 4 5 6 7 8 9 11112 Bot 8 6 543 532 471 51 489472 484 448 414 495 4 465 461 2 28 29 1 2 3 4 5 6 7 8 9 11112 1,3 28 29 1,1 1,39 1,2 9 7 5 426 386 3 36 251 115 25 147 1 97 193 9 1 2 3 4 5 6 7 8 9 11112 2% 1% 28 29 1.4% 2.%.6% 1.6% 1.%.9%.7%.6% 1.%.9%.6%.6% 1 2 3 4 5 6 7 8 9 11112 2 2912

29 1 2 3 4 5 6 7 8 9 1 11 12 8,469 46 641 695 925 941 837 886 879 1,591 844 1,2 694 1,395 18 16 14 1,591 28 29 12 1 8 6 4 46 641 695 925 941 837 886 879 844 1,2 694 2 1 2 3 4 5 6 7 8 9 1 11 12 3 2912

29 1 2 3 4 5 6 ONLINE GAME ONLINE GAME 1 AGENT 7 CONFICKER 17 CONFICKER 128 HACK 13 AGENT 135 HACK 118 ONLINE GAME 2 HACK 64 AIMBOT 98 VIRUT 76 AGENT 118 XEMA 134 AGENT 93 ONLINE GAME 3 CONFICKER 63 AGENT 64 AGENT 71 CONFICKER 8 HACK 9 XEMA 93 ONLINE GAME 4 XEMA 55 HACK 6 XEMA 68 XEMA 79 CONFICKER 64 CONFICKER 57 ONLINE GAME 5 AUTORUN 18 XEMA 56 HACK 58 VIRUT 5 DOWNLOADER 35 HUPIGON 29 6 MALPACKEDB 13 DOWNLOADER 26 IRCBOT 38 AUTO RUN 42 HUPIGON 33 MAGANA 29 7 KIDO 9 VIRUT 17 AUTO RUN 21 DOWNLOADER 37 VIRUT 31 AUTO RUN 23 8 DOWNLOADER 9 AUTO RUN 17 BOBAX 19 HUPIGON 26 IRCBOT 21 DOWNLOADER 22 9 GRUM 5 UPACK 14 PAKES 15 BAGLE 22 AUTO RUN 16 VIRUT 21 1 BAGLE 5 IRCBOT 11 DOWNLOADER 15 KEY LOGGER 16 AVKILLER 16 NATICE 16 149 171 186 325 367 336 46 641 695 925 941 837 1 2 3 4 5 6 7 8 9 1 29 7 8 9 1 11 12 ONLINE GAME ONLINE GAME HACK 146 XEMA 98 INDUC 692 INDUC 124 MALWARE 86 HACK 93 ONLINE GAME ONLINE GAME AGENT 117 AGENT 75 HACK 17 HACK 83 AGENT 8 AGENT 76 ONLINE GAME XEMA 114 HACK 67 XEMA 1 FAKEAV 76 XEMA 66 MAGANIA 64 CONFICKER 71 IRCBOT 5 AGENT 93 XEMA 57 DOWNLOADER 6 XEMA 63 DOWNLOADER 35 CONFICKER 49 CONFICKER 61 AGENT 53 INDUC 58 DOWNLOADER 38 ONLINE GAME MAGANIA 33 VIRUT 43 ALUREON 48 MALWARE 37 HACK 51 AUTO RUN 25 MY DOOM 27 HUPIGON 4 DOWNLOADER 46 MAGANIA 26 ZBOT 37 MALWARE 25 HUPIGON 23 DOWNLOADER 38 AUTO RUN 3 CONFICKER 23 AUTO RUN 3 INDUC 17 VIRUT 15 MAGANIA 27 HUPIGON 26 DOWNLOADER 2 VBNA 29 BAGLE 16 AUTO RUN 15 INDUC 22 TDSS 23 HUPIGON 18 MAGANIA 29 DAONOL 12 29 37 365 327 476 265 886 879 1,591 844 1,2 694 4 2912

29 1 2 3 4 5 6 7 8 9 1 11 12 6,49 617 495 599 764 1,134 1,29 1,392 1,18 1,2 1,12 49 326 1,148 1,163 65 72 86 51 88 1 68 14 13 15 73 73 988 3,175 194 23 219 162 21 282 244 231 285 232 215 239 2,743 2,98 277 225 291 299 238 261 245 241 247 252 199 256 3,31 2,24 426 97 9 36 193 386 251 1,2 1,39 147 115 25 4,32 15,94 1,579 1,119 1,285 1,582 1,863 2,319 2,2 2,74 2,676 1,748 1,11 1,144 21,23 21.9% 22.4% 28.5% 2.9% 6.4% 5 2912

29 1 2 3 4 5 6 7 8 9 1 11 12 3,344 458 316 273 228 316 396 368 41 375 355 46 294 4,186 63 41 31 48 49 44 59 53 41 73 55 49 55 598 173 18 14 13 15 23 29 26 27 17 23 22 11 238 2 1 1 1 1 11,818 1,61 758 951 1,29 1,48 1,835 1,752 2,235 2,211 1,315 534 784 16,26 15,94 1,579 1,119 1,285 1,582 1,863 2,319 2,2 2,74 2,676 1,748 1,11 1,144 21,23 68.5% 25.7% 4.8% 1.% 29 1 2 3 4 5 6 7 8 9 1 11 12 Windows 1,834 866 769 891 1,176 1,483 1,666 1,742 1,513 1,377 1,358 7 633 14,174 Linux 2,744 481 17 174 16 15 45 258 952 978 215 142 315 4,4 Unix 192 15 32 37 28 39 63 28 54 133 11 36 14 49 2,17 217 148 183 218 191 185 172 185 188 164 133 182 2,166 15,94 1,579 1,119 1,285 1,582 1,863 2,319 2,2 2,74 2,676 1,748 1,11 1,144 21,23 6 2912

1,163 65 72 86 51 88 1 68 14 13 15 73 29 1 2 3 4 5 6 7 8 9 1 11 12 73 988 18 16 28 29 14 12 1 8 6 65 72 86 51 88 1 68 14 13 15 73 73 4 2 1 2 3 4 5 6 7 8 9 1 11 12 4.1% 1.4% 69 1 3 94.5% 73 7 2912

9 1 2 3 1 3 3 2 1 1 1 1 1 1 1 31 33 1 2 3 1 6 3 3 2 1 1 1 2 1 13 73 36 4 38 19.2% 9 5 7 14 9.6% 6.8% 12.3% 52.1% 73 TCP/8 73 1% 8 2912

2,24 426 788 1 2 3 4 5 6 7 8 9 1 11 12 76 97 57 9 55 36 122 193 99 386 1 29 251 1,2 1,39 117 126 71 147 72 115 68 25 48 4,32 1,11 1,4 1,2 1, 1,2 1,39 8 6 4 2 426 386 36 193 251 25 122 76 97 57 9 55 99 1 117 126 71 147 72 115 68 48 1 2 3 4 5 6 7 8 9 1 11 12 9 2912

29 1 2 3 4 5 6 7 8 9 1 11 12 8.1% 1.4% 2.% 1.6% 1.% 1.%.9%.9%.6%.7%.6%.6%.6% 1.% 15% 29 28 1% 5% % 2.% 1.4% 1.6% 1.% 1.%.9%.9%.6%.7%.6%.6%.6% 1,2, 1,1, 1,, 9, 8, 7, 6, 5, 4, 3, 2, 1, 1 2912

TCP/445 TCP/139 TCP/8 TCP/1433 TCP/135 TCP/445 TCP/8 TCP/139 TCP/23 TCP/1433 23 Cisco Telnet 2967 Symantec Exploit 8 WebDAV, ASN.1-HTTP, Cisco HTTP 2745 Bagle, Bagle2 135 DCOM, DCOM2 3127 MyDoom 139 NetBIOS, ASN.1-NT 314 Optix 143 IMail 5 UPNP 445 NetBIOS, LSASS, WksSvc, ASN.1-SMB, DCOM, RPC 611 Veritas Backup Exec 93 NetDevil 6129 Dameware 125 DCOM 173 Kuang2 1433 MS-SQL 27347 Sub7 1) Http://www.microsoft.com/technet/security/current.aspx 2) Http://www.boho.or.kr/pccheck/pcch_5.jsp?page_id=5 11 2912

25 2 8 Windows XP SP1 8 Windows 2 SP4 9 Windows XP SP1 9 Windows 2 SP4 15 1 5 1 2 3 4 5 6 7 8 9 1 11 12 1 2 3 4 5 6 7 8 9 1 11 12 18 58 111 23 126 57 154 52 169 19 25 5 187 7 25 12 199 58 216 6 141 4 138 52 87 26 9 1 11 14 145 4 174 25 16 14 29 29 226 39 29 13 197 44 144 19 185 15 12 2912

3,5 3, IP IP 2,5 2, 1,5 1, 5 1 2 3 4 5 6 7 8 9 1 11 12 KISC - Korea Internet Security Center, KISA 13 2912

China U.S.A Taiwan 15% 24% 4% 27% 37% 11% 9% 9% 18% 9% 9% 18% 64% 1% China U.S.A Taiwan TCP/1433-tcp service scan TCP/2967-tcp service scan TCP/1521-tcp service scan TCP/22-tcp service scan TCP/445-netbios smb client to lsasrv request ICMP/-icmp ping advanced IP scanner v1.4 TCP/22-tcp service scan TCP/139-worm esbot.a TCP/445-netbios smb $unicode TCP/445-netbios smb client to lsasrv request TCP/2967-tcp service scan 14 2912

1 2 3 4 5 6 7 8 9 1 64.6% 65.5% 64.4% 13.3% 14.3% 18.9% 2.3% 2.2% 1.4% 1.8% 2.% 1.3% 1.6% 1.7% 1.3% 1.5% 1.%.9% 1.5% 1.%.9% 1.1%.9%.9%.8%.7%.8%.7%.7%.7% 1.7% 1.2% 8.6% 54.6% 21.1% 1.% 2.1% 1.3% 1.2%.6%.6%.5%.5% 7.6% 61.9% 14.6% 5.3% 2.4% 2.1% 1.1% 1.1% 65.8% 12.% 3.5% 2.1% 1.9% 1.5% 1.1%.9%.9%.9%.7% 8.9%.8%.7% 9.7% 1 2 3 4 5 6 7 8 9 1 77.2% 7.7% 2.2% 1.5% 1.%.9%.8%.8%.7%.7% 6.4% 75.7% 11.5% 2.1% 65.2% 15.% 3.8% 5.5% 21.% 4.3% 1.3% 1.8% 3.%.9%.9%.7%.6%.4%.4% 5.5% 1.6% 1.4%.9%.9%.8%.7% 7.9% 2.3% 1.6% 1.6% 1.4% 1.3% 1.3% 11.8% 63.4% 12.% 4.6% 2.1% 2.% 1.6% 1.2% 1.% 1.% 1.% 1.1% 68.5% 9.5% 4.1% 3.6% 1.6% 1.4% 1.3%.9%.9%.6% 7.6% 15 2912

1 UDP/53 udp service scan 2.8% TCP/1433 tcp service scan 22.2% TCP/1433 tcp service scan 25.4% netbios smb client to lsrv netbios smb client to lsrv 2 TCP/1433 tcp service scan 18.2% TCP/445 request 16.8% TCP/445 request 18.9% netbios smb client to lsrv 3 TCP/445 request 12.5% TCP/2967 tcp service scan 15.4% TCP/2967 tcp service scan 12.1% 4 TCP/2967 tcp service scan 9.% TCP/22 tcp service scan 8.7% TCP/22 tcp service scan 8.1% 5 6 7 8 9 1 TCP/22 tcp service scan 7.6% UDP/53 udp service scan 4.6% TCP/88 tcp service scan 3.6% TCP/89 tcp service scan 2.5% TCP/88 tcp service scan 2.9% TCP/888 tcp service scan 2.2% TCP/888 tcp service scan 2.4% ICMP icmp ping Nmap scan 2.8% TCP/336 tcp service scan 2.1% TCP/88 tcp service scan 2.4% TCP/8 tcp service scan 2.3% TCP/89 tcp service scan 2.% TCP/445 tcp service scan 2.2% TCP/89 tcp service scan 2.% TCP/8 tcp service scan 2.% TCP/889 tcp service scan 2.2% TCP/445 tcp service scan 2.% TCP/889 tcp service scan 1.9% 2.1% 2.1% 21.6% 1 TCP/1433 tcp service scan 3.4% TCP/1433 tcp service scan 34.1% TCP/1433 tcp service scan 24.7% 2 3 4 5 6 7 8 9 1 netbios smb client to lsrv request 2.% netbios smb client to lsrv request 13.2% TCP/2967 tcp service scan 9.% TCP/2967 tcp service scan 13.% TCP/2967 tcp service scan 15.2% TCP/445 TCP/445 netbios smb client to lsrv request 9.% TCP/445 TCP/22 tcp service scan 6.8% TCP/22 tcp service scan 6.8% TCP/22 tcp service scan 8.1% TCP/88 tcp service scan 3.9% UDP/445 tcp service scan 3.% TCP/8 tcp service scan 3.5% TCP/336 tcp service scan 3.5% TCP/8 tcp service scan 2.4% TCP/88 tcp service scan 3.5% TCP/8 tcp service scan 3.2% TCP/336 tcp service scan 2.2% TCP/888 tcp service scan 2.6% TCP/445 tcp service scan 3.% TCP/888 tcp service scan 2.1% TCP/139 worm esbot.a 1.9% TCP/8 tcp service scan 3.% TCP/88 tcp service scan 1.8% TCP/889 tcp service scan 1.8% TCP/1521 tcp service scan 2.8% TCP/1521 tcp service scan 1.8% TCP/445 tcp service scan 1.6% 21.3% 17.4% 23.4% 16 2912

netbios smb client to lsrv 1 TCP/445 request 24.2% TCP/1433 tcp service scan 28.3% TCP/1433 tcp service scan 27.7% netbios smb client to lsrv 2 TCP/1433 tcp service scan 17.% TCP/445 request 15.5% TCP/2967 tcp service scan 12.6% 3 TCP/2967 tcp service scan 12.% TCP/22 tcp service scan 11.9% TCP/22 tcp service scan 1.2% 4 5 6 7 8 9 1 netbios smb client to lsrv TCP/22 tcp service scan 8.5% TCP/2967 tcp service scan 6.1% TCP/445 request 8.2% TCP/88 tcp service scan 4.5% TCP/1521 tcp service scan 6.% TCP/1521 tcp service scan 6.7% TCP/445 tcp flag syn/data 3.% TCP/88 tcp service scan 5.6% TCP/445 setbios smb c$ unicode 3.% TCP/139 worm esbot.a 2.8% TCP/8 tcp service scan 2.6% TCP/88 tcp service scan 2.5% ICMP icmp ping Nmap scan 2.4% TCP/139 worm esbot.a 2.3% TCP/139 worm esbot.a 2.3% TCP/1521 tcp service scan 2.4% TCP/336 tcp service scan 2.% TCP/3389 tcp service scan 2.3% TCP/8 tcp service scan 2.3% TCP/139 tcp service scan 1.8% TCP/18 tcp service scan 22.2% 2.9% 17.9% 22.2% 41.3% 27.7% 12.6% 1.2% 8.2% TCP/1433 - tcp service scan TCP/2967 - tcp service scan TCP/22 - tcp service scan TCP/445 - netbios smb client to lsasrv request 17 2912

1 TCP/1433 tcp service scan 37.2% TCP/135 netbios dcerpc invalid bind 37.7% TCP/4899 tcp service scan 21.% 2 3 4 5 6 7 8 9 1 rpc dcom interface TCP/135 netbios dcerpc invalid bind 23.5% TCP/135 overflow exploit 15.3% TCP/189 tcp service scan 13.3% rpc dcom interface TCP/135 overflow exploit 9.5% TCP/135 tcp service scan 15.% TCP/135 netbios dcerpc invalid bind 11.8% icmp ping Advanced IP ICMP Scanner v1.4 7.7% TCP/1433 tcp service scan 11.1% TCP/1433 tcp service scan 11.2% icmp ping Advanced IP TCP/135 tcp service scan 4.9% ICMP Scanner v1.4 3.6% TCP/22 tcp service scan 6.5% TCP/189 tcp service scan 3.% TCP/2967 tcp service scan 3.4% TCP/135 tcp service scan 5.7% TCP/22 tcp service scan 2.6% TCP/22 tcp service scan 2.7% TCP/2967 tcp service scan 5.% backdoor famous rpc dcom interface TCP/3389 tcp service scan 2.% UDP/53 botnet ddns dns query 2.2% TCP/135 overflow exploit 4.2% backdoor famous UDP/53 botnet ddns dns query 1.6% TCP/3389 tcp service scan 1.7% TCP/3389 tcp service scan 2.9% TCP/2967 tcp service scan 1.2% TCP/445 tcp service scan 1.3% TCP/1434 worm slammer 2.7% 6.8% 5.9% 15.5% 1 TCP/135 tcp service scan 2.1% TCP/1433 tcp service scan 2.8% TCP/135 tcp service scan 15.2% 2 3 4 5 6 7 8 9 1 TCP/1433 tcp service scan 14.1% TCP/135 netbios dcerpc invalid bind 11.9% UDP/1434 worm slammer 13.4% backdoor famous TCP/189 tcp service scan 12.2% UDP/53 botnet ddns dns query 1.3% TCP/135 netbios dcerpc invalid bind 11.8% TCP/4899 tcp service scan 8.7% TCP/4899 tcp service scan 8.9% TCP/1433 tcp service scan 1.1% TCP/22 tcp service scan 8.% TCP/22 tcp service scan 7.6% ICMP icmp ping Nmap scan 9.9% backdoor famous TCP/135 netbios dcerpc invalid bind 5.6% TCP/135 tcp service scan 7.% UDP/53 botnet ddns dns query 7.2% rpc dcom interface rpc dcom interface TCP/3389 tcp service scan 4.% TCP/135 overflow exploit 5.2% TCP/135 overflow exploit 6.2% rpc dcom interface TCP/135 overflow exploit 2.9% UDP/1434 worm slammer 2.6% TCP/4899 tcp service scan 5.2% TCP/445 tcp service scan 2.4% TCP/3389 tcp service scan 2.% TCP/22 tcp service scan 5.2% icmp ping Advanced IP ICMP Scanner v1.4 2.4% TCP/42 tcp service scan 2.% TCP/139 worm esbot.a 2.7% 19.7% 21.8% 13.2% 18 2912

1 UDP/1434 worm slammer 43.4% TCP/135 netbios dcerpc invalid bind 17.3% TCP/135 netbios dcerpc invalid bind 18.9% 2 3 4 5 6 7 8 9 1 TCP/135 tcp service scan 1.% TCP/4899 tcp service scan 13.3% TCP/135 tcp service scan 16.3% rpc dcom interface TCP/4899 tcp service scan 9.5% TCP/135 tcp service scan 12.5% TCP/135 overflow exploit 12.9% rpc dcom interface TCP/135 netbios dcerpc invalid bind 8.8% TCP/135 overflow exploit 1.4% TCP/4899 tcp service scan 11.7% rpc dcom interface TCP/135 5.4% TCP/1433 tcp service scan 9.6% TCP/1433 tcp service scan 9.7% overflow exploit UDP/53 backdoor famous botnet ddns dns query 4.6% UDP/53 backdoor famous botnet ddns dns query 6.6% UDP/53 backdoor famous botnet ddns dns query 5.6% TCP/1433 tcp service scan 4.6% UDP/1434 worm slammer 4.7% TCP/22 tcp service scan 4.5% icmp ping Advanced IP TCP/1433 worm esbot.a 2.3% TCP/22 tcp service scan 4.5% ICMP Scanner v1.4 3.2% TCP/22 tcp service scan 2.1% TCP/1521 tcp service scan 2.4% TCP/139 worm esbot.a 2.5% TCP/336 tcp service scan 1.2% TCP/139 worm esbot.a 2.3% TCP/1521 tcp service scan 2.1% 8.2% 16.4% 12.7% 4.2% 13.9% 16.3% 12.9% 11.7% TCP/135 - netbios dcerpc invalid bind TCP/135 - tcp service scan TCP/135 - rpc dcom interface overflow expoit TCP/445 - tcp service scan 19 2912

22,, 2,, 18,, 16,, 14,, 12,, 1,, 8,, 6,, 4,, 2,, 12/ 1 2 3 4 5 6 7 8 9 1 11 12 13 14 15 16 17 18 19 2 21 22 23 24 25 26 27 28 29 3 31 TCP/8 UDP/9155 TCP/25 TCP/51 TCP/9153 TCP/24 TCP/443 UDP/53 TCP/88 TCP/6242 2,2, 2,, 1,8, 1,6, 1,4, 1,2, 1,, 8, 6, 4, 2, 12/ 1 2 3 9 14 15 16 17 2 23 24 25 27 28 29 3 31 4 5 6 7 8 1 11 12 13 18 19 21 22 26 TCP SYN Flooding(DDoS) Host Sweep UDP Flooding TCP ACK Flooding UDP Tear Drop Ping Sweep ICMP Redirect DoS ICMP Unreachable Storm TCP Connect DOS SMB Service sweep 2 2912

1 2 3 4 5 6 HLLW 25,816 GENERIC 18,854 PWS 14,621 VIRUT 14,53 NSANTI 7,757 HLLM 6,392 HLLW 24,824 PWS 24,767 GENERIC 19,749 VIRUT 17,224 PARITE 7,594 NSANTI 7,376 HLLW 41,88 GENERIC 35,526 PWS 29,58 VIRUT 23,642 PARITE 1,93 NSANTI 9,621 HLLW 18,92 PWS 15,779 GENERIC 12,678 VIRUT 11,739 PARITE 5,397 MYDOOM 4,961 HLLW 22,973 GENERIC 17,19 PWS 16,929 VIRUT 15,959 PARITE 7,89 NSANTI 4,991 VIRUT 29,32 PWS 25,5 HLLW 24,165 GENERIC 19,385 PARITE 8,273 NSANTI 5,413 7 PARITE 5,394 DOWNLOADER 6,29 HLLM 5,734 NSANTI 4,48 HLLM 4,529 HLLM 5,335 8 DOWNLOADER 4,162 HLLM 5,231 MONSH 5,63 HLLM 3,681 DOWNLOADER 3,382 DOWNLOADER 3,794 9 MONSH 3,149 MONSH 2,799 DOWNLOADER 5,327 DOWNLOADER 2,886 PACKED 2,745 MONSH 2,559 1 MULDROP 2,651 HLLP 2,226 MYDOOM 3,799 MONSH 1,756 MONSH 2,189 MULDROP 2,46 51,281 45,291 59,168 33,28 42,242 45,587 154,67 163,371 229,973 114,657 14,218 17,864 1 PWS 26,98 PWS 17,196 VIRUT 1,487 PWS 4,849 PWS 4,641 PWS 4,948 2 3 4 5 6 7 8 9 1 VIRUT 26,624 HLLW 2,355 GENERIC 15,71 VIRUT 16,33 HLLW 15,217 GENERIC 9,399 PWS 7,281 HLLW 7,1 GENERIC 4,26 HLLW 4,641 GENERIC 3,72 VIRUT 2,76 HLLW 3,857 GENERIC 2,994 VIRUT 2,75 HLLW 4,6 GENERIC 3,313 VIRUT 2,784 DOWNLOADER 8,443 PARITE 4,77 DOWNLOADER 2,779 DOWNLOADER 1,947 DOWNLOADER 1,672 DOWNLOADER 2,334 PARITE 7,426 HLLM 3,446 FAKEAV 1,943 FAKEAV 1,213 PARITE 1,278 PARITE 1,311 HLLM 4,279 NSANTI 3,21 PARITE 1,72 BREDOLAB 1,147 HLLM 852 HLLM 878 NSANTI 3,793 DOWNLOADER 2,59 BREDOLAB 1,566 PARITE 1,59 NSANTI 775 NSANTI 784 PACKED 2,751 MYTOB 2,62 MULDROP 1,67 PACKED 1,567 NSANTI 1,468 HLLM 1,358 NSANTI HLLM 912 863 HANSPY APPACTXCOMP 541 438 POLIPOS ACADAP 689 65 42,743 3,479 15,288 1,633 8,5 8,43 16,455 15,711 55,142 33,96 28,298 3,136 21 2912

22 2912

23 2912

14 12 1 8 6 4 2 8/1 2 3 4 5 6 7 8 9 1 11 12 9/1 2 3 4 5 6 7 8 9 1 11 12 45 4 35 48% 52% 3 25 2 15 1 5 24 2912

25 2912

26 2912

28. 11. 21 28. 12. 29 29. 2. 2 29. 3. 4 27 2912

28 2912

29 2912

3 2912

31 2912

1 2 3 4 5 6 7 8 9 1 11 12 1.4% 2.% 1.6% 1.% 1.%.9%.9%.6%.7%.6%.6%.6% 1.% 32 2912

33 2912

34 2912

35 2912

36 2912

18, 16, 14, 12, 1, 16,692 8, 6, 4, 2, 3,26 2,293 2,24 4,32 25 26 27 28 29 1 2 3 4 5 6 7 8 9 1 11 12 426 97 9 36 193 386 251 1,2 1,39 147 115 25 4,32 76 57 55 122 99 1 117 126 71 72 68 48 1,11 37 2912

1, 9, 8, 7, 6, 5, 4, 3, 2, 1, 8,978 6,617 7,352 5,551 26 27 28 29 1 2 3 4 5 6 7 8 9 1 11 12 91 53 7 14 72 137 196 185 255 298 178 92 1,731 294 354 346 58 21 445 61 621 89 797 348 225 5,621 385 47 416 684 273 582 797 86 1,.64 1,95 526 317 7,352 38 2912

39 2912

4 2912

41 2912

42 2912

43 2912

44 2912

8, 7, 6, 5, 4, 3, 2, 1, 25 26 27 28 29 4932 668 6514 5632 5734 45 2912

29 28 27 1 2 3 4 5 6 7 5887 38 589 535 1 587 5271 16 447 46 2912

4% 3% 3% 48% 48% 46% 51% 49% 48% 27 28 29 6% 5% 4% 3% 2% 1% % 25 26 27 28 29 H1 47 2912

1% 9% 8% 7% 6% 5% 4% 3% 2% 1% % 25 26 27 28 29 H1 PDF Office 17% 5% 5% 83% 28 29 48 2912

8% 7% 6% 5% 4% 3% 2% 1% % 25 26 27 28 29 H1 ActiveX Internet Explorer Firefox Others 49 2912

1 2 3 4 5 6 7 8 9 1 11 12 29 28 3 8 8 23 14 31 15 19 8 34 15 12 19 3 17 12 1 6 1 9 26 8 21 4 29 155 27 1 2 15 19 15 11 14 4 9 2 11 13 74 78 69 5 2912

1 2 3 4 5 6 7 8 9 1 11 12 2 3 1 1 11 17 9 15 6 21 3 6 5 7 1 3 11 3 4 2 1 12 5 1 3 3 3 3 1 1 1 11 6 4 4 14 8 11 1 24 1 7 1 3 4 9 12 9 3 3 1 1 2 2 1 2 51 2912

2% 7% 7% 14% % 12% % 13% 13% 14% 6% % 3% 16% 12% 1% 14% 16% 2% 13% 17% 28 29 11% 6% 6%2% 12% 8% 5% 3% 75% 72% 28 29 52 2912

157 16 127 14 12 19 98 1 12 1 8 6 4 2 9 8 9 8 9 8 53 2912

54 2912

55 2912

http://axxxxxo.com/profile/asitsoft.php http://daxxxxff.com/lib/index.php http://gxxxxxn.pe.kr/bbs/data/midi/css.htm 34 8 7 56 2912

29 1 2 3 4 5 6 7 8 9 1 11 12 1,324 91 53 7 14 72 137 196 185 255 298 178 92 1,731 7,654 294 354 346 58 21 445 61 621 89 797 348 225 5,621 8,978 385 47 416 684 273 582 797 86 1,64 1,95 526 317 7,352 14 28 29 12 1 8 6 4 59 385 313 47 835 416 1,195 841 684 273 667 582 797 731 487 86 1,129 1,95 1,64 928 526 416 846 317 2 1 2 3 4 5 6 7 8 9 1 11 12 29 1 2 3 4 5 6 7 8 9 1 11 12 6,68 232 274 28 483 159 372 486 54 67 64 288 173 4,561 138 9 4 3 7 2 5 14 8 4 1 2 68 748 31 33 38 47 27 32 6 63 59 86 34 32 542 16 4 2 1 3 1 1 12 51 16 25 19 32 11 32 32 3 58 47 19 8 329 1,468 97 67 76 113 74 141 24 21 27 311 183 13 1,84 8,978 385 47 416 684 273 582 797 86 1,64 1,95 526 317 7,352 57 2912

32.5% 2.5% 1.1% 54.6% 29 1 2 3 4 5 6 7 8 9 1 11 12 5,379 218 241 258 388 84 223 194 25 21 221 146 86 2,519 598 56 69 54 121 93 182 22 27 326 219 127 81 1,8 3,1 111 97 14 175 96 177 41 286 528 655 253 15 3,33 8,978 385 47 416 684 273 582 797 86 1,64 1,95 526 317 7,352 58 2912

22 8 135 139 445 125 18 1433 1434 2745 341 4899 5 6129 59 2912

6 2912

Trojan Phishing ASP.NET Botnet DHTML Editing Component ActiveX E-mail Hyperlink KrCERT/CC LLS NetBIOS OLE/COM PNG SMB TCP Syn Flooding Windows SharePoint Services Windows Shell 61 2912