| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50154B1431FF344A93E9F356F77B6849B34160@usphle12.phl.sap.corp>
Date: Wed Aug 24 18:36:01 2005
From: craig.soderland at sap.com (Soderland, Craig)
Subject: FW: Dumador-Varianten gesucht / looking for
variants of Dumador
Hello List,
Let me come out of lurking for a bit in hopes that some one here
can perhaps help me out. One of my colleagues, is looking for (and bear
with me my German is a bit rusty) An example of a variant of the Dumador
worm, on behalf of one of the people from the German Cert Team. I
suspect we are trying to obtain examples to send off to MacAfee. Why the
come to me I don't know, Just because I'm on one of the internal
security teams I suppose.
Anyway I'm not really looking for anyone to send me this thing,
but perhaps point me in the right direction where I could point my
colleague towards and he could ultimately pass on to the Guy who was
originally Asking.
And before you flame me (which I suspect you'll all do anyway.)
I've included the mails sent to me asking about this. Names removed to
protect the innocent.
Ok Begin flame fest. :)
Oh and to anyone who tries to help, Thank you very much.
-----Original Message-----
From: xxxxxx, xxxxxx
Sent: Tuesday, August 23, 2005 7:48 AM
To:
Subject: FW: Dumador-Varianten gesucht / looking for variants of Dumador
Good day,
this is a request from one of the members of the German CERT association
"if anybody could provide variants of Dumador differing from the ones in
the list below..."
Do we have ways to support this kind of thing?
And here's an intersting article on the workings of other Trojans
(Dumaru, Nibu):
http://news.bbc.co.uk/2/hi/technology/4173218.stm
Cheers,
xxxx
-----Original Message-----
From: xxxxxx [mailto:xxxxxx@...in-ng.cert.uni-stuttgart.de] On Behalf Of
xxxxxx
Sent: 19 August 2005 14:14
To: cert-ag@...-secure.de
Subject: Dumador-Varianten gesucht
Hallo,
falls jemand Dumador-Varianten zur Verfuegung stellen kann, die sich von
den nachfolgenden (in der Md5summe) unterscheiden, wuerde ich mich ueber
eine Kopie freuen ;)
malware (md5sum) | kaspersky
----------------------------------+------------------------------------
15ad2f3a70e52c35aa4f899831405ed5 | found [Backdoor.Win32.Dumador.da]
27d902c5d81bc610290d29523ea2f847 | found [Backdoor.Win32.Dumador.cx]
2ac153e76d0bea993a19ac1644ee0b9e | found [Backdoor.Win32.Dumador.dj]
3c1b37fdd2faab2b003ba37352a89420 | found [Backdoor.Win32.Dumador.de]
469f06b6de1994341604008f9e7a81d8 | found [Backdoor.Win32.Dumador.dg]
6fdbbefce68a039a9ab56925d76d9265 | found [Backdoor.Win32.Dumador.cx]
71c22653b198c5b74b518ce1260cd9a3 | found [Backdoor.Win32.Dumador.dh]
a0fe4b4f3e430c476528dee6afb367bb | found [Backdoor.Win32.Dumador.cx]
a68f0789cfeadcb3510278b4933b2a9e | found [Backdoor.Win32.Dumador.cx]
e5bf5e14b28a771f6c985ebd343c0b51 | found [Backdoor.Win32.Dumador.do]
f53308cb5512a1e22c5cb9ed7386f4ae | found [Backdoor.Win32.Dumador.dk]
McAfee nennt dies manchmal auch BackDoor-CCT, Symantec Nibu und
eTrust-Vet kommt manchmal auf Namen wie Win32.DlWreck.K oder
Win32.Bambo.
Allgemein beliebt ist jedoch "found nothing" ...
MfG, xxxxx,xxxxxx
--
Dipl. Phys. xxx xxxxxxx xxxxxx@...t.uni-stuttgart.de
RUS-CERT Universitaet Stuttgart Tel:+49 711 121-xxxx / -xxxx
(fax)
Breitscheidstr. 2, D-70174 Stuttgart
http://cert.uni-stuttgart.de/
Powered by blists - more mailing lists