March Hong Kong Honeypot Report

First published: 31^st March 2013

This is the fifteenth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks has risen since February.

Average Time To Infect: 18 hours ten minutes

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.

Summary

Total number of attacks : 37
11 are brand new to this honeypot.

Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.


18	Japan

5	China

4	Taiwan

3	United States

1	Hong Kong

1	Bangladesh

1	Russia

1	India

1	New Zealand

1	France

1	South Korea

Malware

Checksum (md5)	This month	Previous count	Detection*
14a09a48ad23fe0ea5a180bee8cb750a	4	14	Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.bqj Backdoor.Win32.Rbot.aftu Backdoor.Win32.DsBot.v d , , )
15965bb88165d1eb06851d8f076130ba	4	21	Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
98eb0fdadf8a403c013a8b1882ec986d	2	2	Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.kez Backdoor.Win32.Rbot.aftu , , )
e3d75d2a41a99c84cacfd926b42ee179	1	0 ***NEW	Y (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , )
ec513abb61c99fce74072789bb61bc72	1	1	Y (w32/genbl.ec513abb!olympus , , , )
b82698a30e07fc71349f06750cae2664	1	8	Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
f56dd5d433de134162f9e1a4feb468fb	1	0 ***NEW	Y (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
865915650a85e7c27cdd11850a13f86e	1	17	Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
74e2f7eda0031b1a0e157bebaab3f84f	1	0 ***NEW	Y (w32/virut.7116 w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
3875b6257d4d21d51ec13247ee4c1cdb	2	42	Y (W32/Sdbot.AEFV W32/Malware!44f4 , Backdoor.Win32.Rbot.bni , W32Rbot!I2663.exe , )
6e2fa9031a05b9649da062c550d14a3d	2	6	Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , WL-dc1ca4287875927725689f45b31ba338-0 , )
d0fe93eceb4a8a0235c7f9721dd1773a	1	0 ***NEW	Y (W32/Allaple.H , Net-Worm.Win32.Allaple.e , , )
f9dc3945bdd7406bd8db06a47963ec14	2	25	Y (W32/Sdbot.OTR , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
ed60aa83836ba6691817a6d8a8b9ae45	1	0 ***NEW	N (w32/virut.7116 , Virus.Win32.Virut.av , , )
bbb5034e33568e100dd3dadabb5a57e9	1	26	Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
33fdb683c37fe3d87a403a5db0cbe821	1	2	Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
27e0cb71d5229bf0290590dc9eef70ba	1	3	Y (w32/allaple.h , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , )
f8815cdca238ad5ab566f05f5a6335a4	1	5	Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.voe Backdoor.Win32.Rbot.aftu , , )
9b175f5f727bcf1153e1aaf99798556a	1	1	Y (w32/trojan-sml-sdcw!eldorado , Email-Worm.Win32.Updater.j , , )
1d419d615dbe5a238bbaa569b3829a23	1	12	Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.bqj Backdoor.Win32.Rbot.aftu Backdoor.Win32.DsBot.v d , , )
5719dfeb7839ee13b41cb8eb99d31125	1	0 ***NEW	N (, , , ) no details available
0a278f8d72e4d3d2d44485764398c84d	1	0 ***NEW	Y (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
971fc83bef2c493ba22e650fc6fe790d	1	0 ***NEW	N (, , , ) script
b4d9dd3a19e7fdd2211d81983f8e4d75	1	5	Y (w32/allaple.h , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , )
b429bc5ce3bcd6bfe443fd9f9a0ec625	1	0 ***NEW	Y (, Net-Worm.Win32.Allaple.a , , )
3a70fc79a5813f04ae415273acacf661	1	0 ***NEW	Y (, Net-Worm.Win32.Allaple.e Virus.Win32.Virut.av , , )
0f052cf643ba0c3be1dbe3319652516e	1	0 ***NEW	Y (, Net-Worm.Win32.Allaple.b , , )

Note:

The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.