First published: 29th May 2012
This is the fifth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. This month, Taiwan and Japan tie for top attack source, each outnumbering all the other sources added together. The number of attacks has risen slightly.
Average Time To Infect: 9 hours 21 minutes
The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.
Summary
- Total number of attacks : 77
- 25 are brand new to this honeypot.
- 8 of these files have not been seen in other honeypots
Source of Attacks
The following breaks down where these attacks have come from by use of IP geolocation.
| 28 | Taiwan |
| 28 | Japan |
| 4 | Singapore |
| 3 | Vietnam |
| 2 | Romania |
| 2 | United_States |
| 2 | China |
| 1 | New_Zealand |
| 1 | India |
| 1 | Austria |
| 1 | Canada |
| 1 | Italy |
| 1 | Russian_Federation |
| 1 | Portugal |
| 1 | Philippines |
Malware
| Checksum (md5) | This month | Previous count | Detection* |
|---|---|---|---|
| df51e3310ef609e908a6b487a28ac068 | 8 | 5 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.rgk , , ) |
| 0aaddde049fd4507effe596c04b73890 | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , ) |
| 8d9a4ff99fcb614b99d572e06a2a3d1a | 1 | 0 ***NEW | Y (w32/virut.7205 w32/sdbot.aefv , Backdoor.Win32.Rbot.adqd , , ) |
| 15965bb88165d1eb06851d8f076130ba | 5 | 4 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| fd06f97c6c2ca431c77be7bfa87b6b8b | 1 | 0 ***NEW | Y (W32/GenBl.FD06F97C!Olympus, Trojan.Win32.Jorik.IRCbot.kjf , , ) |
| 46f4046abda82df2ab96c59807ed8e56 | 1 | 0 ***NEW | Y (W32/Trojan5.DCW W32/Backdoor.ZZR , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.rax , , ) |
| 8a5ce07df6a5357dafa84f5317aaad35 | 2 | 3 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| bbb5034e33568e100dd3dadabb5a57e9 | 2 | 6 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 9019b23f2a5a51c33671739af2f30992 | 1 | 3 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| cc16ca0cb8befc56a3b564e41de5227e | 1 | 0 ***NEW | Y (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.b , , ) |
| 036ee49ada38f73f2f5c51c9aced4ea4 | 2 | 0 ***NEW | Y (W32/GenBl.036EE49A!Olympus, Backdoor.Win32.Floder.ila , , ) |
| b82698a30e07fc71349f06750cae2664 | 2 | 1 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 865915650a85e7c27cdd11850a13f86e | 4 | 3 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| cb576cca04946b3d0829703d108ae270 | 3 | 4 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| f9dc3945bdd7406bd8db06a47963ec14 | 5 | 8 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 925dabe1aa7a95811d363bf3441c74b4 | 1 | 3 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.xri , , ) |
| 51767999be799dbcc493e3ecaeb19d44 | 1 | 1 | Y (w32/virut.7116 , Virus.Win32.Virut.av , , ) |
| 39b8ab14eaf444c6a873685e4fc644d3 | 1 | 0 ***NEW | Y (W32/WormX.JE W32/Allaple.H , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , ) |
| 22646e61e3e92158696169ca682a8372 | 1 | 0 ***NEW | Y (W32/GenBl.22646E61!Olympus, Trojan.Win32.Jorik.IRCbot.kun , , ) |
| 6f06e39cb6df0908d5ab6e661c6b0386 | 1 | 0 ***NEW | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj Backdoor.Win32.Rbot.advj , , ) |
| a6ea960823e477bb7ac2f81987428f08 | 1 | 0 ***NEW | Y (w32/emailworm.gvd , Net-Worm.Win32.Allaple.b , , ) |
| 94109e9b3f2b045350db9a5cb592b178 | 4 | 1 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 27c818dd620d8e4ed23953b6befa1a4a | 1 | 0 ***NEW | Y (W32/GenBl.27C818DD!Olympus, Trojan.Win32.Jorik.Poebot.ei , , ) |
| f11d86b86efb1d523a07ec8bcb94a61e | 1 | 1 | N (, , , ) |
| 7867de13bf22a7f3e3559044053e33e7 | 1 | 3 | Y (w32/susppack.cy.gen!eldorado , Backdoor.Win32.Agent.aknp , , ) |
| 585e40a82204221a4ba2c2675cde293b | 1 | 0 ***NEW | Y (W32/GenBl.585E40A8!Olympus, Trojan.Win32.Jorik.IRCbot.kyn , , ) |
| 33fdb683c37fe3d87a403a5db0cbe821 | 1 | 0 ***NEW | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 3228f8bc721572422c268f244476dbb8 | 2 | 0 ***NEW | Y (W32/Trojan5.DCW W32/Backdoor.ZZR , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.bqj Backdoor.Win32.Rbot.abpn , , ) |
| 519af1366c32618d1f807457d0b588ad | 1 | 0 ***NEW | Y (W32/GenBl.519AF136!Olympus, Trojan.Win32.Jorik.IRCbot.ldr , , ) |
| 7a177db9d14c4db6b8ddfafd65b21b68 | 1 | 0 ***NEW | Y (w32/virut.7116 w32/sdbot.aefv , Backdoor.Win32.Rbot.adqd , , ) |
| f4a200f7818dfb166b9a3d238ac55a2d | 2 | 6 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.bqj Backdoor.Win32.DsBot.vd , , ) |
| 1f8a826b2ae94daa78f6542ad4ef173b | 1 | 4 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.phv Backdoor.Win32.Rbot.ion , , ) |
| a80fe85bb810220a0c064191ee65d2b5 | 1 | 0 ***NEW | Y (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.b , , ) |
| cf263991bb889c28e6185ac4dd24668f | 2 | 0 ***NEW | Y (W32/Trojan5.DCW W32/Backdoor.ZZR , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.uca , , ) |
| 3875b6257d4d21d51ec13247ee4c1cdb | 1 | 22 | Y (W32/Sdbot.AEFV W32/Malware!44f4 , Backdoor.Win32.Rbot.bni , W32Rbot!I2663 , ) |
| 0434308fd8833c7fafd48070cd230d00 | 1 | 0 ***NEW | Y (w32/virut.ag , Virus.Win32.Virut.at , , ) |
| 60b4208a6f75857992ecc9ebd9a03131 | 1 | 0 ***NEW | Y (w32/genbl.60b4208a!olympus , HEUR:Backdoor.Win32.Generic , , ) |
| f8815cdca238ad5ab566f05f5a6335a4 | 1 | 2 | Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.voe , , ) |
| 1d419d615dbe5a238bbaa569b3829a23 | 1 | 2 | Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.bqj Backdoor.Win32.DsBot.vd , , ) |
| 9f34976f45bb7c1acbf5fcf378339d5c | 1 | 0 ***NEW | Y (w32/emailworm.hqk , Net-Worm.Win32.Allaple.e , , ) |
| 2fa0e36b36382b74e6e6a437ad664a80 | 1 | 1 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.yqj Backdoor.Win32.Rbot.yol Backdoor.Win32.Rbot.wjd Backdoor.Win32.Rbot.sds , , ) |
| bbdd42f070c62a2f0341cd4ba86701b7 | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.a , , ) |
| 3f56c131ee2ec17b6b417df2c35db681 | 1 | 0 ***NEW | Y (W32/GenBl.3F56C131!Olympus, Trojan.Win32.Jorik.IRCbot.lqh , , ) |
| b4d9dd3a19e7fdd2211d81983f8e4d75 | 1 | 3 | Y (w32/allaple.h , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , ) |
| 10980f4df2060b86a72eb5e533102980 | 1 | 1 | Y (w32/backdoor2.dstk , Backdoor.Win32.IRCBot.jwy Worm.Win32.AutoRun.tet , W32Ircbot!I484 , ) |
| ad581e1ac598b18bf0b87452b7b5599b | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , ) |
| a4eef4a4b56cbdd44990bc4fa191aaed | 1 | 0 ***NEW | Y (w32/virut.7116 , Virus.Win32.Virut.av , , ) |
Two of these files have been in the Wildlist.
Note:
The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.