West Coast Labs' Sydney honeypots continued to attract high levels of malware this week, even as globally the total number of threats eased during the Christmas and New Year period.
The Sydney honeypots attracted a strand of the polymorphic Virut family of viruses, which as explained in our first Threat Report, infects files with encrypted code and spreads itself further whenever the files are executed.West Coast Labs noted that it was precisely the same variant of Virut that attacked its German honeypots in May and Taiwanese honeypots in September - the former attack being launched from Japan and the latter from Romania.The attack came from Romania on this occasion.This revealed that the attackers either persisted with the same malware after achieving good results, or innocent end-users continue to be affected by the virus months after its initial release, spreading the threat further afield.West Coast Labs noted that most IT security vendors now have a fix, even if it took some two months to introduce.Further information on this piece of malware can be gained from:
Asia on the attack
Whilst the Virut variant was sourced to an address in Romania, West Coast Labs also noted that an unusually high number of malware detected by the Sydney honeypots came from addresses in Asia.
Of the 119 attacks detected this week (65 unique, 56 new to Sydney), 28 came from Japan, 18 from Taiwan and 7 from Hong Kong.
One new variant to the Sydney honeypots, detected in Europe as far back as 2008, has been detected in seven Asian countries - primarily sourced to Japan and Taiwan.
It was believed to be a Poly Cript-packed bot, and depending on which vendor you ask is named Ircbot, Mybot, Rbot, Sdbot or Spybot. Equally, it's described as a virus, worm, backdoor or Trojan, but its main aim is to infect the user's machine and add it to a botnet.More info on this malware is available at:
Copyright © iTnews.com.au . All rights reserved.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.