Your Peace of Mind is our Commitment

Contact Us English Recent Articles

November Hong Kong Honeypot Report

First published: 29th November 2012

This is the eleventh monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks continues to fall slowly.

Average Time To Infect: 49 hours 36 minutes

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.

Summary

Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.

4Japan
4Canada
2Spain
2Vietnam
1Taiwan
1United_States
1China

Malware

Checksum (md5)This monthPrevious countDetection*
74aa4e07b4265d7669dca3050c7a180d10 ***NEWY (w32/rbot.b.gen!eldorado , Backdoor.Win32.Rbot.bni , , )
3875b6257d4d21d51ec13247ee4c1cdb133Y (W32/Sdbot.AEFV W32/Malware!44f4 , Backdoor.Win32.Rbot.bni , W32Rbot!I2663 , )
95262bd40b2be4a9c2ef328e14286d0012N (, , , ) old file with no detection
f9dc3945bdd7406bd8db06a47963ec14119Y (W32/Sdbot.OTR , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
30289051393a82eac311fa400d250de110 ***NEWY (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , )
e7673740800b60855706871a3d30ee5f10 ***NEWY (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.b , , )
9a1cd8224b71dae733a2a95fa24d88d810 ***NEWY (w32/genbl.9a1cd822!olympus , Backdoor.Win32.Azbreg.ngb , , )
a99b098e0f41fd41fda492606d8c335510 ***NEWY (w32/virut.ag , Backdoor.Win32.Rbot.adqd , , )
15965bb88165d1eb06851d8f076130ba216Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
8301d449e872c833d90660894a32edf610 ***NEWY (w32/virut.ag , Virus.Win32.Virut.at Net-Worm.Win32.Allaple.e , , )
d739340ac12e45ba28ead7213e72a71210 ***NEWY (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
1d53fb866c27a421f7557e3cda0592ac28N (, , , ) old file with low detection
df155696b3af7da8b18896fe6377eab610 ***NEWY (w32/genbl.df155696!olympus , Worm.Win32.Hamweq.ly , , )

One of these files has been in the Wildlist.

Note:

The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.


More Information