[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Backdoor, Virus, Dialer? More information.
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Backdoor, Virus, Dialer? More information.
- From: Oliver Ritter <oliver.ritter@aor-consult.de>
- Date: Thu, 28 Aug 2003 14:13:55 +0200
Hi all
Kaspersky also recognized the binary as I.-Worm.Dumaru.a
Michael Renzmann wrote:
> Hi all.
>
> Valdis.Kletnieks@vt.edu wrote:
>
>>> Recently I received some mails in english language. The writer (who
>>> pretends being security@microsoft.com, but the header says "Sender:
>>> admin@duma.gov.ru") generously sends a patch along with his mail
>>> which should be applied in order to fix a security bug... ha ha.
>>
>> Most likely a known virus, W32/Dumaru-A. If what you have there
>> *doesnt*
>> match that one, give us another buzz....
>
>
> As Vladis pointed out, the mail seems to be result of a
> W32/Dumaru@mm-variant. Another fd-reader pointed to W32/Dumaru.B@mm as
> well.
>
> Symantec currently lists two variants of W32/Dumaru:
>
> 1. W32/Dumaru@mm, having an attachment with 9216 bytes
> 2. W32/Dumaru.b@mm, having an attachment with 34304 bytes
>
> However, the mails I received (at least five of them) have an
> attachment with 9276 byte. Either Symantec has a typo at their site,
> or this could be a new variant.
>
> As there were many people asking me to send them the binary, I decided
> to put the file and a copy of the mail on my webserver. To be found at
> http://www.otaku42.de/download/dumaru/index.html
>
> Bye, Mike
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html