Full Disclosure mailing list archives
FW: Dumador-Varianten gesucht / looking for variants of Dumador
From: "Soderland, Craig" <craig.soderland () sap com>
Date: Wed, 24 Aug 2005 13:35:53 -0400
Hello List, Let me come out of lurking for a bit in hopes that some one here can perhaps help me out. One of my colleagues, is looking for (and bear with me my German is a bit rusty) An example of a variant of the Dumador worm, on behalf of one of the people from the German Cert Team. I suspect we are trying to obtain examples to send off to MacAfee. Why the come to me I don't know, Just because I'm on one of the internal security teams I suppose. Anyway I'm not really looking for anyone to send me this thing, but perhaps point me in the right direction where I could point my colleague towards and he could ultimately pass on to the Guy who was originally Asking. And before you flame me (which I suspect you'll all do anyway.) I've included the mails sent to me asking about this. Names removed to protect the innocent. Ok Begin flame fest. :) Oh and to anyone who tries to help, Thank you very much. -----Original Message----- From: xxxxxx, xxxxxx Sent: Tuesday, August 23, 2005 7:48 AM To: Subject: FW: Dumador-Varianten gesucht / looking for variants of Dumador Good day, this is a request from one of the members of the German CERT association "if anybody could provide variants of Dumador differing from the ones in the list below..." Do we have ways to support this kind of thing? And here's an intersting article on the workings of other Trojans (Dumaru, Nibu): http://news.bbc.co.uk/2/hi/technology/4173218.stm Cheers, xxxx -----Original Message----- From: xxxxxx [mailto:xxxxxx () login-ng cert uni-stuttgart de] On Behalf Of xxxxxx Sent: 19 August 2005 14:14 To: cert-ag () pre-secure de Subject: Dumador-Varianten gesucht Hallo, falls jemand Dumador-Varianten zur Verfuegung stellen kann, die sich von den nachfolgenden (in der Md5summe) unterscheiden, wuerde ich mich ueber eine Kopie freuen ;) malware (md5sum) | kaspersky ----------------------------------+------------------------------------ 15ad2f3a70e52c35aa4f899831405ed5 | found [Backdoor.Win32.Dumador.da] 27d902c5d81bc610290d29523ea2f847 | found [Backdoor.Win32.Dumador.cx] 2ac153e76d0bea993a19ac1644ee0b9e | found [Backdoor.Win32.Dumador.dj] 3c1b37fdd2faab2b003ba37352a89420 | found [Backdoor.Win32.Dumador.de] 469f06b6de1994341604008f9e7a81d8 | found [Backdoor.Win32.Dumador.dg] 6fdbbefce68a039a9ab56925d76d9265 | found [Backdoor.Win32.Dumador.cx] 71c22653b198c5b74b518ce1260cd9a3 | found [Backdoor.Win32.Dumador.dh] a0fe4b4f3e430c476528dee6afb367bb | found [Backdoor.Win32.Dumador.cx] a68f0789cfeadcb3510278b4933b2a9e | found [Backdoor.Win32.Dumador.cx] e5bf5e14b28a771f6c985ebd343c0b51 | found [Backdoor.Win32.Dumador.do] f53308cb5512a1e22c5cb9ed7386f4ae | found [Backdoor.Win32.Dumador.dk] McAfee nennt dies manchmal auch BackDoor-CCT, Symantec Nibu und eTrust-Vet kommt manchmal auf Namen wie Win32.DlWreck.K oder Win32.Bambo. Allgemein beliebt ist jedoch "found nothing" ... MfG, xxxxx,xxxxxx -- Dipl. Phys. xxx xxxxxxx xxxxxx () cert uni-stuttgart de RUS-CERT Universitaet Stuttgart Tel:+49 711 121-xxxx / -xxxx (fax) Breitscheidstr. 2, D-70174 Stuttgart http://cert.uni-stuttgart.de/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FW: Dumador-Varianten gesucht / looking for variants of Dumador Soderland, Craig (Aug 24)