Another Massive ID theft ring



It looks like Sunbelt has found ANOTHER massive Identity theft ring. They suspect it’s a trojan from the Dumaru family that is contentedly logging the infromation and promise more details.


They did get a hold of the trojan and passed it through virustotal to see what it was. Very FEW antivirus vendors have definitions for it at this point. The file in question is winldra.exe
Here’s the summary they got.

This is a report processed by VirusTotal on 08/19/2005 at 23:45:42 (CET) after scanning the file “winldra.exe” file.
Antivirus Version Update Result
AntiVir 6.31.1.0 08.19.2005 no virus found
Avast 4.6.695.0 08.19.2005 no virus found
AVG 718 08.19.2005 no virus found
Avira 6.31.1.0 08.19.2005 no virus found
BitDefender 7.0 08.19.2005 no virus found
CAT-QuickHeal 7.03 08.19.2005 no virus found
ClamAV devel-20050725 08.18.2005 no virus found
DrWeb 4.32b 08.19.2005 no virus found
eTrust-Iris 7.1.194.0 08.18.2005 no virus found
eTrust-Vet 11.9.1.0 08.19.2005 Win32.Bambo
Fortinet 2.41.0.0 08.18.2005 suspicious
F-Prot 3.16c 08.19.2005 no virus found
Ikarus 0.2.59.0 08.19.2005 no virus found
Kaspersky 4.0.2.24 08.19.2005 no virus found
McAfee 4563 08.19.2005 BackDoor-CCT
NOD32v2 1.1198 08.19.2005 no virus found
Norman 5.70.10 08.18.2005 no virus found
Panda 8.02.00 08.19.2005 no virus found
Sophos 3.96.0 08.19.2005 no virus found
Sybari 7.5.1314 08.19.2005 no virus found
Symantec 8.0 08.19.2005 no virus found
TheHacker 5.8.2.091 08.18.2005 no virus found
VBA32 3.10.4 08.19.2005 suspected of Embedded.Backdoor.Win32.Dumador.dd

(It looks as though 3 of the antivirus vendors recognize this so far.)

They’re working with the vendors to get signature updates.

Related Posts

Blog Traffic Exchange Related Posts
  • Disinfecting a PC... part 1 This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par with some of the broadband connected pc's I've seen. It's also an interesting......
  • Clamav 0.88.1 for Mandrake 10.0 Since, I've still got a few older Mandrake 10 installs that I'm maintaining as mailservers, there aren't supported security fixes for various things anymore... Friday there was news of a new clamantivirus to fix some security flaws with 0.88, new version is 0.88.1 I've taken the cooker srpm and recompiled......
  • Running UltraVNC viewer under wine I talked in the last entry about using UltraVNC and UltraVNC Single Click (ultravnc sc) as a means of doing remote desktop support. The idea is that you (the technical support person), setup vncviewer to listen for connections, then the end user with pc problems can download your customized ultravnc......
Blog Traffic Exchange Related Websites
  • Who wrote 1 Kings? Who wrote 1 Kings: Originally 1 and 2 Kings were one book titled Kings. When the book was translated from Hebrew (a language using almost no vowels) to Greek (a language using vowels) the length of the translation could not fit on a single scroll. The book of Kings was divided into......
  • Athlete Profiles: Pete Sampras Pete Sampras was born in 1971 and grew up in the Washington DC area of the United States. He is considered to be one of the most gifted male players in the sport and has one numerous titles, medals and cups throughout his long and illustrious career. Although he is......
  • Using 1 Month or Worse Curves with Exponential Decay For Predictive Analysis on Prosper The 1 month or worse curves that I published over the weekend have many potential uses in determining the interest rate required to make a certain return.  When the curves are complete we can simply solve the Markov Model since the vehicle is a fairly straight forward 3 year fully......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “Another Massive ID theft ring”

  1. Avery J. Parker - Web site hosting and computer service Says:


    [...] The other day I did a post about Sunbelt mentioning another big identity theft ring. That post that I referred to has been pulled from their site. [...]


Switch to our mobile site