Your Peace of Mind is our Commitment

Contact Us English Recent Articles

April Hong Kong Honeypot Report

First published: 30th April 2013

This is the sixteenth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks has fallen since February.

Average Time To Infect: 57 hours fourteen minutes

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.

Summary

Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.

2China
2United_States
2Brazil
2Japan
1Latvia
1Belgium
1Russian_Federation
1Panama
1Vietnam

Malware

Checksum (md5)This monthPrevious countDetection*
02a4232d99467318d62791c731bb0b3a1 0 ***NEWY (w32/allaple.h , Net-Worm.Win32.Allaple.e , , )
70ec5c4b3ff662232eacb0192fae42ac1 1Y (w32/ircbot.add , Backdoor.Win32.IRCBot.idc , W32Ircbot!I560.exe , )
a03d41a33e925e9bcc54b6297d8dbfb51 0 ***NEWY (w32/virut.7116 , Net-Worm.Win32.Allaple.e Virus.Win32.Virut.av , , )
9be443d09b25157fcfbccb953f4a2cd42 8Y (W32/HLL-SysDlrSharer!Eldorado, , , ) old file with low detection rate
feb643c489c048083554aedac50126a91 0 ***NEWY (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
952098cf3c65cfcb52282d8959ddffd31 7Y (W32/Allaple.H , Trojan.Win32.Genome.rioo Net-Worm.Win32.Allaple.e , , )
48048cfbf579c73b9587333d8768c2821 0 ***NEWY (W32/Trojan.HNVI-3607, Trojan.Win32.Jorik.Llac.shk , , )
e3bb292eff0a5bfbf768f42dcbea845d1 1Y (W32/WormX.TV W32/Allaple.H , trojan.win32.genome.rioo Net-Worm.Win32.Allaple.e , , )
382fdcff132b058cfe50065b84fd8a4c1 1Y (w32/virut.7116 W32/Sdbot.AEFV , Backdoor.Win32.Rbot.adqd , , )
b7f91029e45e38b9d5530377195b46a11 0 ***NEWY (W32/Trojan.KEZW-6572, Trojan.Win32.StartPage.bclb , , )
88ba6298fc1aa17ae96081667d6a0a651 0 ***NEWY (w32/allaple.h , Virus.Win32.Virut.n Net-Worm.Win32.Allaple.e , , )
3875b6257d4d21d51ec13247ee4c1cdb145Y (W32/Sdbot.AEFV W32/Malware!44f4 , Backdoor.Win32.Rbot.bni , W32Rbot!I2663.exe , )

Note:

The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.


More Information