Your Peace of Mind is our Commitment

Contact Us English Recent Articles

February Hong Kong Honeypot Report

First published: 16th February 2013

This is the fourteenth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks was quite low.

Average Time To Infect: 39 hours 9 minutes

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.

Summary

Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.

8Japan
3United_States
3Canada
1Ecuador
1Sweden
1Germany
1Cameroon
1Taiwan

Malware

Checksum (md5)This monthPrevious countDetection*
14a09a48ad23fe0ea5a180bee8cb750a212Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.bqj Backdoor.Win32.DsBot.vd , , )
1d419d615dbe5a238bbaa569b3829a23210Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.bqj Backdoor.Win32.DsBot.vd , , )
df51e3310ef609e908a6b487a28ac068114Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.rgk , , )
15965bb88165d1eb06851d8f076130ba120Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
673fdc1e6cc862c42b82d4091249c4b91 0 ***NEWY (w32/virut.7205 , Net-Worm.Win32.Allaple.e Virus.Win32.Virut.bl , , )
786ab616239814616642ba4438df78a91 0 ***NEWN (, , , ) old file, limited detection
98eb0fdadf8a403c013a8b1882ec986d1 1Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.kez , , )
681295872c5ce4f25617943c4e7a83f91 0 ***NEWN (, , , ) old file, limited detection
27e0cb71d5229bf0290590dc9eef70ba1 2Y (w32/allaple.h , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , )
4d56562a6019c05c592b9681e9ca27371 1Y (w32/trojan-sml-sdcw!eldorado , Trojan.Win32.Genome.ahpxd Net-Worm.Win32.Kido.ih UDS:DangerousObject.Multi.Generic , , )
b82698a30e07fc71349f06750cae26641 7Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
b43ad71209c5100b9ed71edb10041514210N (, , , ) old file, limited detection
1d53fb866c27a421f7557e3cda0592ac222N (, , , ) script
d8f3cc60bf226f6a5745ed9fdef2d2871 0 ***NEWY (, Backdoor.Win32.Rbot.adqd , , )
0da155b04f16dafafffbb1a485b3d0e11 1Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )

Note:

The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.


More Information