Your Peace of Mind is our Commitment

Contact Us English Recent Articles

March Hong Kong Honeypot Report

First published: 31st March 2013

This is the fifteenth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks has risen since February.

Average Time To Infect: 18 hours ten minutes

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.

Summary

Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.

18Japan
5China
4Taiwan
3United States
1Hong Kong
1Bangladesh
1Russia
1India
1New Zealand
1France
1South Korea

Malware

Checksum (md5)This monthPrevious countDetection*
14a09a48ad23fe0ea5a180bee8cb750a414Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.bqj Backdoor.Win32.Rbot.aftu Backdoor.Win32.DsBot.v d , , )
15965bb88165d1eb06851d8f076130ba421Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
98eb0fdadf8a403c013a8b1882ec986d2 2Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.kez Backdoor.Win32.Rbot.aftu , , )
e3d75d2a41a99c84cacfd926b42ee1791 0 ***NEWY (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , )
ec513abb61c99fce74072789bb61bc721 1Y (w32/genbl.ec513abb!olympus , , , )
b82698a30e07fc71349f06750cae26641 8Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
f56dd5d433de134162f9e1a4feb468fb1 0 ***NEWY (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
865915650a85e7c27cdd11850a13f86e117Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
74e2f7eda0031b1a0e157bebaab3f84f1 0 ***NEWY (w32/virut.7116 w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
3875b6257d4d21d51ec13247ee4c1cdb242Y (W32/Sdbot.AEFV W32/Malware!44f4 , Backdoor.Win32.Rbot.bni , W32Rbot!I2663.exe , )
6e2fa9031a05b9649da062c550d14a3d2 6Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , WL-dc1ca4287875927725689f45b31ba338-0 , )
d0fe93eceb4a8a0235c7f9721dd1773a1 0 ***NEWY (W32/Allaple.H , Net-Worm.Win32.Allaple.e , , )
f9dc3945bdd7406bd8db06a47963ec14225Y (W32/Sdbot.OTR , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
ed60aa83836ba6691817a6d8a8b9ae451 0 ***NEWN (w32/virut.7116 , Virus.Win32.Virut.av , , )
bbb5034e33568e100dd3dadabb5a57e9126Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
33fdb683c37fe3d87a403a5db0cbe8211 2Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , )
27e0cb71d5229bf0290590dc9eef70ba1 3Y (w32/allaple.h , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , )
f8815cdca238ad5ab566f05f5a6335a41 5Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.voe Backdoor.Win32.Rbot.aftu , , )
9b175f5f727bcf1153e1aaf99798556a1 1Y (w32/trojan-sml-sdcw!eldorado , Email-Worm.Win32.Updater.j , , )
1d419d615dbe5a238bbaa569b3829a23112Y (W32/Trojan5.DCW w32/backdoor.zzr , Backdoor.Win32.Rbot.bqj Backdoor.Win32.Rbot.aftu Backdoor.Win32.DsBot.v d , , )
5719dfeb7839ee13b41cb8eb99d311251 0 ***NEWN (, , , ) no details available
0a278f8d72e4d3d2d44485764398c84d1 0 ***NEWY (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
971fc83bef2c493ba22e650fc6fe790d1 0 ***NEWN (, , , ) script
b4d9dd3a19e7fdd2211d81983f8e4d751 5Y (w32/allaple.h , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , )
b429bc5ce3bcd6bfe443fd9f9a0ec6251 0 ***NEWY (, Net-Worm.Win32.Allaple.a , , )
3a70fc79a5813f04ae415273acacf6611 0 ***NEWY (, Net-Worm.Win32.Allaple.e Virus.Win32.Virut.av , , )
0f052cf643ba0c3be1dbe3319652516e1 0 ***NEWY (, Net-Worm.Win32.Allaple.b , , )

Note:

The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.


More Information