It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it’s a trojan from the Dumaru family that is contentedly logging the infromation and promise more details.
They did get a hold of the trojan and passed it through virustotal to see what it was. Very FEW antivirus vendors have definitions for it at this point. The file in question is winldra.exe
Here’s the summary they got.
This is a report processed by VirusTotal on 08/19/2005 at 23:45:42 (CET) after scanning the file “winldra.exe” file.
Antivirus Version Update Result
AntiVir 18.104.22.168 08.19.2005 no virus found
Avast 4.6.695.0 08.19.2005 no virus found
AVG 718 08.19.2005 no virus found
Avira 22.214.171.124 08.19.2005 no virus found
BitDefender 7.0 08.19.2005 no virus found
CAT-QuickHeal 7.03 08.19.2005 no virus found
ClamAV devel-20050725 08.18.2005 no virus found
DrWeb 4.32b 08.19.2005 no virus found
eTrust-Iris 126.96.36.199 08.18.2005 no virus found
eTrust-Vet 188.8.131.52 08.19.2005 Win32.Bambo
Fortinet 184.108.40.206 08.18.2005 suspicious
F-Prot 3.16c 08.19.2005 no virus found
Ikarus 0.2.59.0 08.19.2005 no virus found
Kaspersky 220.127.116.11 08.19.2005 no virus found
McAfee 4563 08.19.2005 BackDoor-CCT
NOD32v2 1.1198 08.19.2005 no virus found
Norman 5.70.10 08.18.2005 no virus found
Panda 8.02.00 08.19.2005 no virus found
Sophos 3.96.0 08.19.2005 no virus found
Sybari 7.5.1314 08.19.2005 no virus found
Symantec 8.0 08.19.2005 no virus found
TheHacker 5.8.2.091 08.18.2005 no virus found
VBA32 3.10.4 08.19.2005 suspected of Embedded.Backdoor.Win32.Dumador.dd
(It looks as though 3 of the antivirus vendors recognize this so far.)
They’re working with the vendors to get signature updates.
Related PostsRelated Posts
- Disinfecting a PC... part 1 This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par with some of the broadband connected pc's I've seen. It's also an interesting......
- Windows Metafile zeroday exploit There's more on the WMF 0-day exploit... According to f-secure it's being used to distribute the following nasties.... Trojan-Downloader.Win32.Agent.abs Trojan-Dropper.Win32.Small.zp Trojan.Win32.Small.ga Trojan.Win32.Small.ev. It's also installing the wolf in sheeps clothing... Avgold. Sunbeltblog is reporting that the exploit is now on 50 sites.... Here is a list to block.... m.cpa4 [dot]......
- How to Remove Antivirus System Pro | Antivirus System Pro Removal Guide Last week I had the opportunity to remove Antivirus System Pro from not one, but two machines. Given that I was seeing it a bit more frequently I thought it might be a new rogue antivirus application, but I quickly found out that it's been out at least since June......
- McMillan Speed Workouts based on 21:41 5k From McMillan Running Calculator: Speed Workouts Long Distance Runners 400m 1:35.2 to 1:40.7 - 9.44 mph to 8.93 mph 800m 3:18.9 to 3:28.2 - 9.04 mph to 8.64 mph 1200m 5:05.8 to 5:21.3 - 8.64 mph to 8.33 mph 1600m 6:56.4 to 7:11.7 - 8.64 mph to 8.33 mph I'm......
- Using 1 Month or Worse Curves with Exponential Decay For Predictive Analysis on Prosper The 1 month or worse curves that I published over the weekend have many potential uses in determining the interest rate required to make a certain return.Â When the curves are complete we can simply solve the Markov Model since the vehicle is a fairly straight forward 3 year fully......
- Weight Tracking (Last Attempt) Total Weight Lost: 58lbs Here is my weight tracking page... It will evolve as I get more accustomed to my new lifestyle, but for starters if you want to know about the Jumpstart Medicine weight loss program that I am following read this post WeightLadder Reset — 390lbs and Starting......
- New Beagle/Bagle variant?
- Clickbot – new bot tactic…
- The Blackworm, Nyxem, KamaSutra Worm…
- Zotob details
- Microsoft Security Bulletin Email