Your Peace of Mind is our Commitment

Contact Us English Recent Articles

June Hong Kong honeypot Report

First published: 04th July 2013

First, an apology for the late publication of this report. This is the eighteenth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks remains at a low level.

Average Time To Infect: 57 hours 14 minutes

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.

Summary

Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.

2United_States
2China
2India
1Latvia
1Thailand
1France
1Brazil
1Sri_Lanka
1Pakistan
1Taiwan

Malware

Checksum (md5)This monthPrevious countDetection*
052494f76e3a1f7b998c56e07062f53522Y (w32/genbl.052494f7!o lympus , Trojan-Spy.Win32.Zbot.lrjw , , )
d827af7f090a488019622c87fcaa3dd320 ***NEWY (w32/hll-sysdlrsharer!eldorado , Trojan-Downloader.Win32.Agent.drun , , )
e6d5b370ecd87702e43aa2498e0f72d010 ***NEWN (, , , ) no detection
feb643c489c048083554aedac50126a911Y (w32/virut.7116 , Bac kdoor.Win32.Rbot.adqd , , )
c4af6e846c046ae87f4be59685405f4910 ***NEWY (w32/trojan.mex , Backdoor.Win32.Rbot.bni , , )
a276921e5dc3c0ebfc9e5d45c9be7f3510 ***NEWY (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , )
3875b6257d4d21d51ec13247ee4c1cdb147Y (W32/Sdbot.AEFV W32/Malware!44f4 , Backdoor.Win32.Rbot.bni , W32Rbot!I2663.exe , )
49cccd30a564410d1f9bbce89fa1589013Y (W32/Sdbot.AEFV , Bac kdoor.Win32.Rbot.adqd Backdoor.Win32.Rbot.bni , , )
85e2ab71e6b2729bd83d6f533d8bf78110 ***NEWN (, , , ) script
879008eb69a270d41611b5fbff7acd8510 ***NEWY (w32/emailworm.hqk , Net-Worm.Win32.Allaple.e , , )
1b7379ba141c428b8a33153756dab1e610 ***NEWY (w32/allaple.d , Net-Worm.Win32.Allaple.b , , )

Note:

The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.


More Information