First published: 30th September 2012
This is the ninth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks this month has risen slightly from last month's low.
Average Time To Infect: 29 hours 46 minutes
The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.
Summary
- Total number of attacks : 25
- 18 are brand new to this honeypot.
Source of Attacks
The following breaks down where these attacks have come from by use of IP geolocation.
| 8 | Japan |
| 3 | Canada |
| 3 | Vietnam |
| 3 | South Korea |
| 2 | Singapore |
| 2 | Taiwan |
| 1 | Italy |
| 1 | El Salvador |
| 1 | United Kingdom |
| 1 | India |
| 1 | Sri Lanka |
| 1 | Indonesia |
| 1 | United States |
| 1 | Finland |
Malware
| Checksum (md5) | This month | Previous count | Detection* |
|---|---|---|---|
| ae80588386f3783d9fc47a105fc9a881 | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , ) |
| 0fed4b31a0592a1a66ec71eb298d31d1 | 2 | 0 ***NEW | Y (w32/genbl.0fed4b31!olympus , UDS:DangerousObject.Multi.Generic , , ) |
| 94109e9b3f2b045350db9a5cb592b178 | 1 | 12 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 8be3ff632500903d38013474346ea93f | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.a , , ) |
| b82698a30e07fc71349f06750cae2664 | 2 | 5 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 1d53fb866c27a421f7557e3cda0592ac | 2 | 6 | N (, , , ) not a new file but with little detection |
| df23f0e2860d26bc717c78759513238a | 1 | 0 ***NEW | Y (w32/genbl.df23f0e2!olympus , Trojan.Win32.Jorik.Lethic.aqv , , ) |
| bbb5034e33568e100dd3dadabb5a57e9 | 1 | 15 | Y (w32/sdbot.otr w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 923fe97652d40e90b2416a3b1c2d8a22 | 1 | 0 ***NEW | Y (w32/genbl.923fe976!olympus , Trojan.Win32.Jorik.IRCbot.qrq , , ) |
| cb576cca04946b3d0829703d108ae270 | 1 | 15 | Y (w32/sdbot.otr w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 90af8982f4c98882c173024cf931c474 | 1 | 0 ***NEW | Y (w32/rahack.a.gen!eldorado , , , ) |
| f895f41516d85bb7ad348237e2c4f4f7 | 1 | 0 ***NEW | Y (w32/allaple.c , , , ) |
| 5e8dd2939aea462bd1116aa358e3d92f | 1 | 0 ***NEW | Y (w32/rahack.a.gen!eldorado , , , ) |
| deb53113983eba1f68cc3c2f62329787 | 1 | 0 ***NEW | N (, , , ) not a new file but with little detection |
| 41cc77ad6cf73276c2d421f536467f40 | 2 | 0 ***NEW | N (, , , ) a new file with little detection |
| b93decfbef74784ede9d20b5590550ee | 1 | 0 ***NEW | Y (w32/genbl.b93decfb!olympus , Trojan.Win32.Jorik.Lethic.aqv , , ) |
| 10980f4df2060b86a72eb5e533102980 | 1 | 2 | Y (w32/backdoor2.dstk w32/backdoor2.dstk , Backdoor.Win32.IRCBot.jwy Worm.Win32.AutoRun.tet , W32Ircbot!I484 , ) |
| 70cef8240529b5ab041964ac3e6f5db5 | 1 | 0 ***NEW | Y (w32/trojan.mex , Backdoor.Win32.Rbot.bni , , ) |
| 93ea070aeba1be7c464e788350018bd5 | 1 | 0 ***NEW | Y (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.b , , ) |
| ee94b06c5edc3f9e75a26c0108d08b55 | 1 | 0 ***NEW | Y (w32/genbl.ee94b06c!olympus , Backdoor.Win32.Azbreg.esn , , ) |
| 7e6936d3e7fa8f92e7e34903335d326e | 1 | 0 ***NEW | Y (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.b , , ) |
| 0b81d75db17f25d58491a5dc08a07be0 | 1 | 0 ***NEW | Y (w32/emailworm.amx , Net-Worm.Win32.Allaple.b , , ) |
| af1894848b6525c7882c33b59d1bbebd | 1 | 0 ***NEW | Y (w32/allaple.h w32/allaple.h , Net-Worm.Win32.Allaple.e , , ) |
| 7867de13bf22a7f3e3559044053e33e7 | 1 | 4 | Y (w32/susppack.cy.gen!eldorado , Backdoor.Win32.Agent.aknp , , ) |
| 01a75df3f3e7bf1a08632187e5965ac0 | 1 | 0 ***NEW | Y (w32/emailworm.hqk , Net-Worm.Win32.Allaple.e , , ) |
One of these files has been in the Wildlist.
Note:
The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.