Statistics report 2005-2007

04/03/2008 Written by Marcelo Almeida (Vympel)

grade1Every year, Zone-​H pub­lishes stats of reg­is­tered attacks.
In the early months of Zone-​H, we received an aver­age of 2.500 noti­fi­ca­tions per month, last year this aver­age jumped to 37.915 monthly attacks. In order to have bet­ter idea of the attacks num­ber, dur­ing Jan­u­ary 2007, 62.092 attacks were val­i­dated, and in the month of June — when a DDoS cyber­war in Rus­sia par­a­lyzed thou­sands of web sites, Zone-​H included — we val­i­dated 17.797 deface­ments. The record occurred in the month of August 2006, with 130.645 reg­is­tered attacks.

In the past the most attacked oper­at­ing sys­tem was Win­dows, but many servers were migrated from Win­dows to Linux…

There­fore the attacks migrated as well, as Linux is now the most attacked oper­at­ing sys­tem with 1.485.280 deface­ments against 815.119 in Win­dows sys­tems (num­bers cal­cu­lated since 2000).



Attacks by month Year 2005
Year 2006 Year 2007
Jan 45.929 43.585 62.092
Feb 47.059 37.061 52.697
Mar 41.175 38.630 54.842
Apr 48.995 43.007 40.919
May 41.735 86.135 41.410
Jun 43.870 51.888 17.797
Jul 41.469 95.461 56.763
Aug 41.917 130.645 38.362
Sep 31.853 69.643 29.236
Oct 40.724 52.421 31.681
Nov 35.000 50.940 31.925
Dec 34.114 52.945 23.181
Total 493.840 752.361 480.905

Spe­cial Attacks by month Year 2005
Year 2006
Year 2007
Jan 832 923 863
Feb 924 517 613
Mar 755 787 656
Apr 958 682 592
May 903 597 349
Jun 822 821 176
Jul 1.607 1.746 715
Aug 1.749 1.187 840
Sep 799 911 717
Oct 741 849 1.029
Nov 591 1.004 763
Dec 565 890 468
Total 11.246 10.914 7.781
Sin­gle attacks by month Year 2005
Year 2006 Year 2007
Jan 9.584 10.846 14.446
Feb 6.233 10.865 11.135
Mar 8.128 14.625 13.324
Apr 12.398 13.591 10.394
May 8.950 14.397 9.870
Jun 13.203 27.832 3.827
Jul 11.384 24.167 14.537
Aug 10.328 20.198 10.300
Sep 8.667 16.589 8.954
Oct 14.263 12.407 10.038
Nov 10.627 11.679 8.384
Dec 9.140 12.911 7.344
Total 122.905 190.107 122.553
Mass attacks by month Year 2005
Year 2006 Year 2007
Jan 36.345 32.739 47.646
Feb 40.826 26.196 41.562
Mar 33.047 24.005 41.518
Apr 36.597 29.416 30.525
May 32.785 71.738 31.540
Jun 30.667 24.056 13.970
Jul 30.085 71.294 42.226
Aug 31.589 110.447 28.062
Sep 23.186 53.054 20.282
Oct 26.461 40.014 21.643
Nov 24.373 39.261 23.541
Dec 24.974 40.034 15.837
Total 370.935 562.254 358.352

Oper­a­tional System Year 2005 Year 2006 Year 2007
Linux 276.350 446.311 306.076
Win­dows 2003 72.377 183.953 114.137
Win­dows 2000 101.151 69.754 23.838
FreeBSD 23.653 31.075 18.542
Unknown 2.834 3.802 9.314
SolarisSunOS 6.193 9.797 5.226
Win­dows NT/​9x 5.921 4.023 1.204
MacOSX 2.139 2.247 1.488
Win­dows XP 498 393 323
HP-​UX 667 166 259
AIX 367 101 124
SCO UNIX 19 5 92
Unix 7 134 79
Tru64 54 25 40
OpenBSD 21 13 39
NetBSDOpenBSD 366 229 36
IRIX 771 211 34
BSDOS 498 49 26
NovellNetware 30 24 9
OpenServer 0 0 7
OS390 1 3 3
MacOS 27 6 3
OS2 9 9 2
Com­paq Tru64 23 13 1
NetBSD 31 14 1
Dig­i­tal UNIX 2 3 1
Win­dows .NET 10 1 1
VM 1 0 0
Web­server defaced Year 2005
Year 2006 Year 2007
Apache 308.281 486.294 319.439
IIS/6.0 72.338 180.926 113.935
IIS/5.0 99.616 66.304 23.664
Unknown 4.974 8.805 16.741
Zeus 1.059 506 1.972
NOYB 0 1308 1.920
IIS/4.0 5.846 3.952 1.149
nginx 136 870 729
IIS/5.1 540 412 308
Rapidsite 158 110 244
SonataServer 4 557 178
A-​NETEK RobustWeb 4 4 92
Zope 106 67 80
LiteSpeed 3 150 65
IdeaWebServer 50 191 60
E-​Neverland DataPalm 15 16 41
lighttpd 25 33 37
DinaHTTPd Server 52 89 36
Boa 6 59 26
Sil­ver­Stream Server 36 40 20
SAMBAR 0 18 17
thttpd 8 29 15
SunONE WebServer 165 670 12
ConcentricHost-​Ashurbanipal 18 12 11
Lasso 18 26 11
Cougar 1 21 10
NetWare-​Enterprise-​Web-​Server 5 3 8
Sun Java Sys­tem Web Server 6.1 0 6 8
GWS 2 4 8
DataPalm 0 7 7
Abyss 0 0 5
OBEC-​Web-​Serv 0 13 5
InfomexWebServer 2 14 4
tigershark 54 9 4
4D_​WebSTAR_​S 34 169 4
IBM HTTP SERVER 7 17 4
Jetty 0 0 4
Netscape-​Enterprise 37 21 4
OmniHTTPd 7 3 4
AOL server 28 15 3
IIS/3.0 3 4 3
exteNd Appli­ca­tion Server 3 2 2
RaidenHTTPD 5 5 2
Resin 9 25 2
Replica 1 0 2
RRRPHP/9.4.2 1 0 2
CoffeeMaker 0 0 1
Hix Webserver 0 0 1
KFWebserver 5 5 1
NetCache 5 8 1
Ora­cle AS 0 3 1
WebLogic Server 27 27 1
Xitami 7 16 1
Zort Zirt Server 20 7 1
Caudium 2 3 0
VHFFS 15 2 0
Oracle 33 2 0
Roxen 87 2 0
Lotus-​Domino 6 5 0
Mistral 1 1 0
Web Crossing 0 1 0
Netscape-​FastTrack 0 2 0
Web­Sphere Appli­ca­tion Server 0 5 0
PWS 0 5 0
Netscape-​Communications 0 1 0


Attack Method Total 2005 Total 2006 Total 2007
Attack against the administrator/​user (pass­word stealing/​sniffing) 48.006 207.323 141.660
Shares misconfiguration 39.020 36.529 67.437
File Inclusion 118.395 148.082 61.011
SQL Injection 36.253 47.212 35.407
Access cre­den­tials through Man In the Mid­dle attack 20.427 21.209 28.046
Other Web Appli­ca­tion bug 50.383 6.529 18.048
FTP Server intrusion 58.945 55.611 17.023
Web Server intrusion 38.975 30.059 13.405
DNS attack through cache poisoning 7.541 9.131 9.747
Other Server intrusion 1.4732 16.050 8.050
DNS attack through social engineering 4.719 5.959 7.585
URL Poisoning 2.897 7.988 6.931
Web Server exter­nal mod­ule intrusion 8.487 17.290 6.690
Remote admin­is­tra­tive panel access through bruteforcing 2.738 4.988 6.607
Rerout­ing after attack­ing the Firewall 988 4.308 6.127
SSH Server intrusion 2.644 14.746 5.723
RPC Server intrusion 1.821 5.793 5.516
Rerout­ing after attack­ing the Router 1.520 4.867 5.257
Remote ser­vice pass­word guessing 939 7.008 5.105
Tel­net Server intrusion 1.863 6.252 4.753
Remote admin­is­tra­tive panel access through pass­word guessing 1.014 4416 4.753
Remote admin­is­tra­tive panel access through social engineering 780 5472 3.127
Remote ser­vice pass­word bruteforce 3.576 4018 3.125
Mail Server intrusion 1.198 4195 1.315
Not avail­able 11.382 37243 9.724
Attack Reason Year 2005 Year 2006 Year 2007
I just want to be the best defacer 95.870 300.858 197.413
Heh…just for fun! 179.234 175.241 95.664
As a challenge 59.991 72.287 60.314
Polit­i­cal reasons 61.068 77.350 31.073
Patriotism 53.168 30.207 28.307
Revenge against that website 17.847 11.489 10.120
Not available 26.662 84.929 58.014

Linux X Windows

Year Total deface­ments Linux (all distros) Total deface­ments Win­dows (all versions)
2000 931 2.586
2001 4.081 13.552
2002 22.693 43.426
2003 191.720 58.559
2004 247.118 119.412
2005 276.350 179.957
2006 446.311 258.124
2007 306.076 139.503
Total 1.485.280 815.119


Share this content: