March Hong Kong Honeypot Report

First published: 29^th March 2012

This is the third monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks has dropped this month, and Canada tops the list of the commonest source for the first time.

Average Time To Infect: 15 hours 49 minutes

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected. Two hours longer than previously.

Summary

Total number of attacks : 44
25 are brand new to this honeypot.
10 of these files have not been seen in other honeypots

Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.

Number of attacks	Source
8	Canada
7	United States
7	Japan
4	Saint Lucia
4	Thailand
2	Germany
1	Finland
1	Taiwan
1	Ukraine
1	Macedonia
1	Malaysia
1	Romania
1	Korea, Republic of
1	Vietnam
1	India
1	Hungary
1	Egypt
1	China

Canada, the United States and Japan are the top sources this month.

Malware List

Checksum (md5)	This month	Previous count	Detection
524412854e3e07f03daa94f52732fd5a	1	0 ***NEW	Y (W32/Virut.7116, Net-Worm.Win32.Kolab.epr , , )
61750fceda6d2d955ffe39406323a900	1	0 ***NEW	Y (W32/Virut.7205, Backdoor.Win32.Rbot.adqd , , )
5cfc941ac811a6cb7eb689b10b623965	1	0 ***NEW	Y (W32/EmailWorm.AMX, Net-Worm.Win32.Allaple.b , , )
27e0cb71d5229bf0290590dc9eef70ba	1	0 ***NEW	Y (w32/allaple.h , trojan.win32.genome.rioo Net-Worm.Win32.Allaple.e , , )
01217b54b0c96a9a7a21b7525b303f19	1	0 ***NEW	Y (W32/Allaple.C, Net-Worm.Win32.Allaple.b , , )
d3e06bd6807fed271a0999eaf15b191e	1	0 ***NEW	Y (W32/GenBl.D3E06BD6!Olympus, Trojan.Win32.VBKrypt.kbuc Net-Worm.Win32.Kido.ih , , )
a53d42b903c73c6f3a344839544cc86f	1	0 ***NEW	Y (W32/Allaple.A.gen!Eldorado, Net-Worm.Win32.Allaple.e , , )
a0f7bc4600b926cc466c3f1328482088	1	0 ***NEW	Y (W32/Virut.7116, Virus.Win32.Virut.av Net-Worm.Win32.Allaple.e , , )
624223c0add992ad25ace18a0e04a948	1	0 ***NEW	Y (W32/RAHack.A.gen!Eldorado, Net-Worm.Win32.Allaple.b , , )
208ad942d625713918bc9e1907d843af	1	0 ***NEW	Y (, Trojan-Dropper.Win32.Injector.cybi , , )
4fef2f0068be9a49fc23b67b4e0c0b09	1	0 ***NEW	Y (W32/EmailWorm.HQK, Net-Worm.Win32.Allaple.e , , )
ceaa9adf344f3bf47fff1d1cf19a58a1	1	0 ***NEW	Y (W32/Virut.7116, Net-Worm.Win32.Allaple.e , , )
820dc20fab3125fefd3ebff3ab4e0f0f	5	0 ***NEW	Y (W32/GenBl.820DC20F!Olympus, Trojan.Win32.Jorik.Poebot.ce , , )
59f45bee28c9e31145ef7a2ef7a66ef7	8	0 ***NEW	N (, , , )
a78b07e6875c8a0702ce855bf41d0abb	4	0 ***NEW	N (, , , )
e3bb292eff0a5bfbf768f42dcbea845d	1	0 ***NEW	Y (W32/WormX.TV W32/Allaple.H , trojan.win32.genome.rioo Net-Worm.Win32.Allaple.e , , )
bf79e90feed96f50c0ba5d7f212757e9	1	0 ***NEW	Y (w32/agent.ix.gen!eldorado , Trojan-Spy.Win32.Agent.bmxb trojan-spy.win32.agent.bmxb , , )
06eaaf68e98a39b2085d5c15f40bf298	1	0 ***NEW	Y (W32/RAHack.A.gen!Eldorado, Net-Worm.Win32.Allaple.b , , )
c896319a2f711580ce9fcb1160eadcef	1	0 ***NEW	Y (W32/Allaple.A.gen!Eldorado, Net-Worm.Win32.Allaple.e , , )
48a23388878a981bf058b26f659ddb05	1	0 ***NEW	N (, , , )
f11d86b86efb1d523a07ec8bcb94a61e	1	0 ***NEW	N (, , , )
9e299dd7ecc7e286d33f962275a1053b	1	0 ***NEW	Y (W32/Allaple.A.gen!Eldorado, Net-Worm.Win32.Allaple.e , , )
9be443d09b25157fcfbccb953f4a2cd4	4	4	N (, , , )
979ed4871eb7ca2dad69c48cd924f4d5	1	1	Y (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
6280aa5062ee0e5a94b26fa85ae76d5d	1	0 ***NEW	Y (W32/Sdbot.AEFV , Backdoor.Win32.Rbot.adqd , , )
07f43e524ea20e1a5677e8ae7434ebdb	1	0 ***NEW	Y (W32/Virut.7116, , , )
12fb7332920a7797c2d02df29b57c640	1	0 ***NEW	Y (W32/Trojan2.KEXN , Trojan-Spy.Win32.Agent.bmxb, , )

Note

The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.