Your Peace of Mind is our Commitment

Contact Us English Recent Articles

August Hong Kong Honeypot Report

First published: 30th August 2012

This is the eighth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks this month has dropped and is the lowest recorded so far. Last month's high seems to have been a temporary spike.

Average Time To Infect: 39 hours 9 minutes

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.

Summary

Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.

8United States
3Japan
2Canada
2Taiwan
1Vietnam
1Slovakia
1Saint Vincent and the Grenadines
1South Korea

Malware

Checksum (md5)This monthPrevious countDetection*
9b89ef791c5ef4241cc28e30fd464ca21 0 ***NEWY (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
dca8713db4f5b7b84a66b51d925e7f9c2 0 ***NEWY (w32/sdbot.aefv , Virus.Win32.Virut.n Backdoor.Win32.Rbot.vqt , , )
f71fd17390c73ab350b029027fe976221 0 ***NEWY (, Net-Worm.Win32.Allaple.e , , )
46616880960079764e41ff1c1a0057121 0 ***NEWY (, Trojan.Win32.Buzus.lwbh , , )
796645533028c68a684cdaa8030f911f1 0 ***NEWY (w32/virut.ag , Virus.Win32.Virut.at , , )
0fc020bacbee5719246cf48485cfca7e1 0 ***NEWY (W32/Virut.7116 , Virus.Win32.Virut.av Net-Worm.Win32.Allaple.e , , )
12fb7332920a7797c2d02df29b57c6401 1Y (w32/trojan2.kexn , Trojan-Spy.Win32.Agent.bmxb , , )
7831454a23399c7ee6dc04fc9c132f3f1 0 ***NEWY (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , )
b4d9dd3a19e7fdd2211d81983f8e4d751 4Y (w32/allaple.h , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , )
1d53fb866c27a421f7557e3cda0592ac2 4N (, , , ) This file has low levels of detection.
3875b6257d4d21d51ec13247ee4c1cdb128Y (W32/Sdbot.AEFV W32/Malware!44f4 , Backdoor.Win32.Rbot.bni , W32Rbot!I2663.exe , )
352a39c959121d2b0b04eae906371df71 0 ***NEWY (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.b , , )
865915650a85e7c27cdd11850a13f86e213Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
7ef4aef81f21bd4d2740bfa0d3be58671 0 ***NEWY (W32/Sdbot.AEFV , Backdoor.Win32.Rbot.adqd Backdoor.Win32.Rbot.vqt , , )
d00b9e4680d4c3d641405fbbf23898951 0 ***NEWY (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
644ea081625064565c7e9816f235f2641 0 ***NEWY (W32/Virut.7116 W32/Sdbot.AEFV , Backdoor.Win32.Rbot.adqd Virus.Win32.Virut.av , , )

One of these files has been in the Wildlist.

Note:

The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.


More Information