Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

How festive - the dasher worm...

The securityfix is reporting on a new worm that exploits an older Windows vulnerability. The worm is called dasher and is in at least it's second iteration. Sans noticed an odd increase in port 1025 …

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

The securityfix is reporting on a new worm that exploits an older Windows vulnerability. The worm is called dasher and is in at least it's second iteration. Sans noticed an odd increase in port 1025 scans on the tenth of the month which was early activity of this worm. It looks like the first version of the worm didn't work fully, but this second one does. It installs a keylogger.


The traditional view of a keylogger is a rather dumb logging device recording everything typed in on a given computer. Those are out there, but it's speculated that this one (along with other viral keyloggers) specifically target financial sites and only log when a browser is visiting those sites. (which is a clever way to filter out the noise...)

If you've got all current windows updates and are running a firewall, this worm shouldn't have a big impact for you. Make sure that you keep your antivirus updated though just the same.

It looks like this Christmas present comes from servers based in China...

Sans has an update here.