Your Peace of Mind is our Commitment

Contact Us English Recent Articles

October Honeypot Report

First published: 31st October 2013

This is the twenty-first monthly report from West Coast Labs's honeypot in Hong Kong, providing some indication of the type and level of malware threat in Hong Kong, but it is only based on a single honeypot, so the conclusions should be treated with caution. The number of attacks has dropped.

Average Time To Infect: 45 hours

The average time to infect is an indication of how long it would be before a vulnerable computer connected to the internet in Hong Kong became infected.


Source of Attacks

The following breaks down where these attacks have come from by use of IP geolocation.

5United States
2South Korea


Checksum (md5)This monthPrevious countDetection*
3875b6257d4d21d51ec13247ee4c1cdb 2 53Y W32Rbot!I2663.exe ,Backdoor.Win32.Rbot.bni ,W32/Malware!44f4 W32/Sdbot.AEFV ,
0f51974913a4f5be110ab1069c93e13f 2 0 *** NEWY Backdoor.Win32.Rbot.adqd ,w32/ ,
d41d8cd98f00b204e9800998ecf8427e 1 14N ,,, invalid file download interrupted.
0e2f2731b85c5371466ed04aba18127b 1 0 *** NEWY UDS:DangerousObject.Multi.Generic ,w32/ceg.a ,
b0ad1e3989d4b080d79014789809e97f 1 0 *** NEWY net-worm.win32.allaple.e ,w32/rahack.a.gen!eldorado ,
c8a08205dacb271dddebf9ed0e9f775a 1 0 *** NEWY net-worm.win32.allaple.b ,w32/rahack.a.gen!eldorado ,
eb5acf217ed919dfcd7bb5a8d90fe280 1 0 *** NEWY net-worm.win32.allaple.e ,w32/emailworm.hqk ,
50631acf7cd8f79cd8f9b62feb5ea7c5 1 0 *** NEWY Backdoor.Win32.Rbot.adqd ,w32/virut.7116 ,
57e6d8bed32bfa4a775045fe8363ddec 1 0 *** NEWY net-worm.win32.allaple.b ,w32/allaple.c ,
74473505ef968e2f8cd764d9af12adb2 1 XY Net-Worm.Win32.Allaple.e ,W32/Allaple.H ,
a650c67e14cfb27879999036741478d5 1 0 *** NEWY backdoor.win32.ircbot.jwy ,w32/backdoor2.dstk ,
094e157abbf4858fa343a41021c2de1d 1 0 *** NEWY Net-Worm.Win32.Allaple.e ,w32/emailworm.hqk ,
117b19c5fc5fc6fcee86d0d9901aa5c9 1 0 *** NEWN ,,, new file, no details available
37e6f78986dd46c92d06195334c32b24 1 0 *** NEWY Backdoor.Win32.Rbot.adqd ,w32/ ,


The parameter 'Detection' here relates to whether one or more scanners was able to associate a name with this checksum.

Where an X is shown under Previous, the file has been seen before in this honeypot but the relevant logs are not available

More Information