It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it’s a trojan from the Dumaru family that is contentedly logging the infromation and promise more details.
They did get a hold of the trojan and passed it through virustotal to see what it was. Very FEW antivirus vendors have definitions for it at this point. The file in question is winldra.exe
Here’s the summary they got.
This is a report processed by VirusTotal on 08/19/2005 at 23:45:42 (CET) after scanning the file “winldra.exe” file.
Antivirus Version Update Result
AntiVir 220.127.116.11 08.19.2005 no virus found
Avast 4.6.695.0 08.19.2005 no virus found
AVG 718 08.19.2005 no virus found
Avira 18.104.22.168 08.19.2005 no virus found
BitDefender 7.0 08.19.2005 no virus found
CAT-QuickHeal 7.03 08.19.2005 no virus found
ClamAV devel-20050725 08.18.2005 no virus found
DrWeb 4.32b 08.19.2005 no virus found
eTrust-Iris 22.214.171.124 08.18.2005 no virus found
eTrust-Vet 126.96.36.199 08.19.2005 Win32.Bambo
Fortinet 188.8.131.52 08.18.2005 suspicious
F-Prot 3.16c 08.19.2005 no virus found
Ikarus 0.2.59.0 08.19.2005 no virus found
Kaspersky 184.108.40.206 08.19.2005 no virus found
McAfee 4563 08.19.2005 BackDoor-CCT
NOD32v2 1.1198 08.19.2005 no virus found
Norman 5.70.10 08.18.2005 no virus found
Panda 8.02.00 08.19.2005 no virus found
Sophos 3.96.0 08.19.2005 no virus found
Sybari 7.5.1314 08.19.2005 no virus found
Symantec 8.0 08.19.2005 no virus found
TheHacker 5.8.2.091 08.18.2005 no virus found
VBA32 3.10.4 08.19.2005 suspected of Embedded.Backdoor.Win32.Dumador.dd
(It looks as though 3 of the antivirus vendors recognize this so far.)
They’re working with the vendors to get signature updates.
Related PostsRelated Posts
- New Beagle/Bagle variant? So, I submitted the suspicious attachment I received to virustotal (firstname.lastname@example.org with SCAN in the subject and suspicious file as attachment.) What follows below is the report I received. It looks like some of the big names (Symantec, McAfee are not finding anything wrong with it at this point, with......
- Qemu 0.8.1 (with kqemu 1.3.0pre7) While I was testing out the "single cut and paste" linux vnc remote desktop sharing script and x11vnc binary.... I spent a fair amount of time booting up livecd's n qemu to test various distributions/ages of linux setups to see how compatible things were. I had not checked in at......
- Running UltraVNC viewer under wine I talked in the last entry about using UltraVNC and UltraVNC Single Click (ultravnc sc) as a means of doing remote desktop support. The idea is that you (the technical support person), setup vncviewer to listen for connections, then the end user with pc problems can download your customized ultravnc......
- Never been so disappointed in a sub-3 hour 20 mile long run #running #twit2fit I tried to repeat the workout that I pulled off last week--5-4-3-2-1 @ MP on a long run. Last week, that run made me feel that I had a shot at 3:20 for a marathon. This week, my run made me feel I would struggle to hit my PR. While......
- Prosper.com Lender Game — LazyMan Initial Update — (0.93%) to 20.75% LazyMan of popular personal finance blog Lazy Man and MoneyÂ (one of my favorites) and Lazy Man and HealthÂ has joined the "game".Â He has been a Prosperite (aka TechnologyGuy) for over a year.Â Which also makes him the first oldtimer to join the game.Â You can see from his cashflow that......
- Using 1 Month or Worse Curves with Exponential Decay For Predictive Analysis on Prosper The 1 month or worse curves that I published over the weekend have many potential uses in determining the interest rate required to make a certain return.Â When the curves are complete we can simply solve the Markov Model since the vehicle is a fairly straight forward 3 year fully......
- New Beagle/Bagle variant?
- Clickbot – new bot tactic…
- The Blackworm, Nyxem, KamaSutra Worm…
- Zotob details
- Microsoft Security Bulletin Email