First published: 30th September 2013
This is the twentieth monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks has shown a slight increase.
Average Time To Infect: 21 hours 15 minutes
The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.
Summary
- Total number of attacks : 35
- 13 are brand new to this honeypot.
Source of Attacks
The following breaks down where these attacks have come from by use of IP geolocation.
| 8 | United_States |
| 6 | Japan |
| 4 | China |
| 3 | Ukraine |
| 2 | France |
| 1 | Hong Kong |
| 1 | Puerto Rico |
| 1 | Taiwan |
| 1 | Canada |
| 1 | Argentina |
| 1 | Mexico |
| 1 | Venezuela |
| 1 | Russia |
| 1 | Thailand |
| 1 | Italy |
| 1 | Germany |
| 1 | Colombia |
Malware
| Checksum (md5) | This month | Previous count | Detection* |
|---|---|---|---|
| 576368ad34669938fd2f23afd619c26d | 1 | 0 ***NEW | Y (w32/allaple.d , Net-Worm.Win32.Allaple.b , , ) |
| fd28c5e1c38caa35bf5e1987e6167f4c | 1 | 1 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Net-Worm.Win32.Kolabc.dls Backdoor.Win32.Rbot.aftu , , ) |
| 93486e1d652b2325312fb732760da445 | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , ) |
| bbb5034e33568e100dd3dadabb5a57e9 | 1 | 27 | Y (w32/sdbot.otr , Net-Worm.Win32.Kolab.aefe Backdoor.Win32.Rbot.bqj , , ) |
| 62c6067eba03fe066984817f2ef1d5a2 | 1 | 0 ***NEW | Y (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , ) |
| 2fa0e36b36382b74e6e6a437ad664a80 | 1 | 2 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Backdoor.Win32.Rbot.yqj Backdoor.Win32.Rbot.yol Backdoor.Win32.Rbot.wjd Backdoor.Win32.Rbot.sds Backdoor.Win32.Rbot.aftu , , ) |
| d2c403b6a11627267af5415ef1819c0f | 1 | 0 ***NEW | Y (w32/rahack.a.gen!eldorado , Net-Worm.Win32.Allaple.b , , ) |
| 3228f8bc721572422c268f244476dbb8 | 1 | 2 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Backdoor.Win32.Rbot.bqj Backdoor.Win32.Rbot.aftu Backdoor.Win32.Rbot.abpn , , ) |
| df51e3310ef609e908a6b487a28ac068 | 1 | 15 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Backdoor.Win32.Rbot.rgk Backdoor.Win32.Rbot.aftu , , ) |
| bb39f29fad85db12d9cf7195da0e1bfe | 1 | 9 | Y (w32/backdoor.zzr W32/Trojan5.DCW , Net-Worm.Win32.Kolabc.eia Backdoor.Win32.Rbot.aftu , , ) |
| 4c3123dbfeaed4baeff53436e9c48dba | 1 | 1 | Y (w32/virut.ag , Backdoor.Win32.Rbot.adqd , , ) |
| 57d8a1d90b8e40c6325c55655f900cef | 1 | X | Y (W32/Sdbot.AEFV W32/Malware!44f4 , Backdoor.Win32.Rbot.bni , , ) |
| f42243f3f5b2b68be2f480bc3f5f146e | 5 | 0 ***NEW | Y (w32/genbl.f42243f3!olympus , Trojan.Win32.VBKrypt.ubmz , , ) |
| cf7ac5aced5de80b8e336e5866571617 | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , ) |
| 49fe29f09b7c232451dc339696f7cb9c | 1 | 0 ***NEW | Y (w32/virut.7116 , Virus.Win32.Virut.av Net-Worm.Win32.Allaple.e , , ) |
| 33959bb2c48363ddd3637ea78c048b6c | 1 | 3 | Y (W32/Sdbot.AEFV , Virus.Win32.Suspic.gen Virus.Win32.Virut.n Type_Win32 , , ) |
| 617335b4b1f0fd67b2ea418fe8a15001 | 1 | 0 ***NEW | Y (w32/allaple.j , Net-Worm.Win32.Allaple.e , , ) |
| 9b175f5f727bcf1153e1aaf99798556a | 1 | 2 | Y (w32/trojan-sml-sdcw!eldorado , Email-Worm.Win32.Updater.j , , ) |
| 3a438aa17b291c9b445ebeeed65a286b | 1 | 0 ***NEW | Y (W32/Sdbot.AEFV , Virus.Win32.Suspic.gen Type_Win32 , , ) |
| cbf11a3a71081784ae85cb53095b44e7 | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , ) |
| 6fec7d509c2f494a506e3f22851de2ff | 1 | 0 ***NEW | N (, , , ) script file |
| c4af6e846c046ae87f4be59685405f49 | 1 | 1 | Y (w32/trojan.mex , Backdoor.Win32.Rbot.bni , , ) |
| d41d8cd98f00b204e9800998ecf8427e | 1 | 13 | N (, , , ) invalid file - download interrupted. |
| b0b39f058a958778b15a5c4589a2938d | 1 | 2 | Y (W32/Sdbot.AEFV W32/Backdoor2.AJVO , Backdoor.Win32.Rbot.bni , , ) |
| 306e5a5f9cc19380ae646964939da82a | 1 | 0 ***NEW | Y (w32/allaple.a.gen!eldorado , Net-Worm.Win32.Allaple.e , , ) |
| 539a1db8a5adcc1f9a6ccde90e4c5ebc | 4 | 0 ***NEW | N (, , , ) an old file with little detection |
| 1e8d20c9638fdb165514f557bb20fbc3 | 1 | 1 | Y (w32/virut.7116 , Backdoor.Win32.Rbot.adqd , , ) |
| f5fbd1189db83db22d7e6cdb55eed193 | 1 | 2 | Y (w32/downloader.n.gen!eldorado w32/injector.a.gen!eldorado W32/Backdoor!d75d , Net-Worm.Win32.Allaple.e Backdoor.Win32.Rbot.bni , , ) |
Notes:
The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.
Where an X is shown under Previous, the file has been seen before in this honeypot but the relevant logs are not available