It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it’s a trojan from the Dumaru family that is contentedly logging the infromation and promise more details.
They did get a hold of the trojan and passed it through virustotal to see what it was. Very FEW antivirus vendors have definitions for it at this point. The file in question is winldra.exe
Here’s the summary they got.
This is a report processed by VirusTotal on 08/19/2005 at 23:45:42 (CET) after scanning the file “winldra.exe” file.
Antivirus Version Update Result
AntiVir 188.8.131.52 08.19.2005 no virus found
Avast 4.6.695.0 08.19.2005 no virus found
AVG 718 08.19.2005 no virus found
Avira 184.108.40.206 08.19.2005 no virus found
BitDefender 7.0 08.19.2005 no virus found
CAT-QuickHeal 7.03 08.19.2005 no virus found
ClamAV devel-20050725 08.18.2005 no virus found
DrWeb 4.32b 08.19.2005 no virus found
eTrust-Iris 220.127.116.11 08.18.2005 no virus found
eTrust-Vet 18.104.22.168 08.19.2005 Win32.Bambo
Fortinet 22.214.171.124 08.18.2005 suspicious
F-Prot 3.16c 08.19.2005 no virus found
Ikarus 0.2.59.0 08.19.2005 no virus found
Kaspersky 126.96.36.199 08.19.2005 no virus found
McAfee 4563 08.19.2005 BackDoor-CCT
NOD32v2 1.1198 08.19.2005 no virus found
Norman 5.70.10 08.18.2005 no virus found
Panda 8.02.00 08.19.2005 no virus found
Sophos 3.96.0 08.19.2005 no virus found
Sybari 7.5.1314 08.19.2005 no virus found
Symantec 8.0 08.19.2005 no virus found
TheHacker 5.8.2.091 08.18.2005 no virus found
VBA32 3.10.4 08.19.2005 suspected of Embedded.Backdoor.Win32.Dumador.dd
(It looks as though 3 of the antivirus vendors recognize this so far.)
They’re working with the vendors to get signature updates.
Related PostsRelated Posts
- Disinfecting a PC… part 8 All right, now it's time to give ad-aware a spin. I like being able to use several spyware scanners to get full coverage and cleaning. Ad-aware and spybot s&d are usually my first two choices. Realize that I've already taken a pass at this machine with AVG, BHODemon (for the......
- Windows Metafile zeroday exploit There's more on the WMF 0-day exploit... According to f-secure it's being used to distribute the following nasties.... Trojan-Downloader.Win32.Agent.abs Trojan-Dropper.Win32.Small.zp Trojan.Win32.Small.ga Trojan.Win32.Small.ev. It's also installing the wolf in sheeps clothing... Avgold. Sunbeltblog is reporting that the exploit is now on 50 sites.... Here is a list to block.... m.cpa4 [dot]......
- Clamav 0.88.1 for Mandrake 10.0 Since, I've still got a few older Mandrake 10 installs that I'm maintaining as mailservers, there aren't supported security fixes for various things anymore... Friday there was news of a new clamantivirus to fix some security flaws with 0.88, new version is 0.88.1 I've taken the cooker srpm and recompiled......
- Who wrote 1 Kings? Who wrote 1 Kings: Originally 1 and 2 Kings were one book titled Kings. When the book was translated from Hebrew (a language using almost no vowels) to Greek (a language using vowels) the length of the translation could not fit on a single scroll. The book of Kings was divided into......
- Never been so disappointed in a sub-3 hour 20 mile long run #running #twit2fit I tried to repeat the workout that I pulled off last week--5-4-3-2-1 @ MP on a long run. Last week, that run made me feel that I had a shot at 3:20 for a marathon. This week, my run made me feel I would struggle to hit my PR. While......
- Prosper IRR Lender “Game” July 07 Update It is time for the July 2007 update of the IRR Lender âGame.â This is going to be more about accomplishments during the last month rather than pure calculations.Â The actual numbers are at Prosper.com IRR Lender âGameâ Tracking Page So without further ado: Highest IRR Model:Â leporello 2.61% Largest IRR......
- New Beagle/Bagle variant?
- Clickbot – new bot tactic…
- The Blackworm, Nyxem, KamaSutra Worm…
- Zotob details
- Microsoft Security Bulletin Email