Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Dumador-Varianten gesucht / looking for variants of Dumador

From: "Soderland, Craig" <craig.soderland () sap com>
Date: Wed, 24 Aug 2005 13:35:53 -0400
Hello List, 

        Let me come out of lurking for a bit in hopes that some one here
can perhaps help me out. One of my colleagues, is looking for (and bear
with me my German is a bit rusty) An example of a variant of the Dumador
worm, on behalf of one of the people from the German Cert Team. I
suspect we are trying to obtain examples to send off to MacAfee. Why the
come to me I don't know, Just because I'm on one of the internal
security teams I suppose. 

        Anyway I'm not really looking for anyone to send me this thing,
but perhaps point me in the right direction where I could point my
colleague towards and he could ultimately pass on to the Guy who was
originally Asking. 

        And before you flame me (which I suspect you'll all do anyway.)
I've included the mails sent to me asking about this. Names removed to
protect the innocent.

        Ok Begin flame fest. :) 


        Oh and to anyone who tries to help, Thank you very much. 

-----Original Message-----
From: xxxxxx, xxxxxx 
Sent: Tuesday, August 23, 2005 7:48 AM
To: 
Subject: FW: Dumador-Varianten gesucht / looking for variants of Dumador

Good day,
this is a request from one of the members of the German CERT association
"if anybody could provide variants of Dumador differing from the ones in
the list below..."
Do we have ways to support this kind of thing?

And here's an intersting article on the workings of other Trojans
(Dumaru, Nibu):
http://news.bbc.co.uk/2/hi/technology/4173218.stm

Cheers,
xxxx


-----Original Message-----
From: xxxxxx [mailto:xxxxxx () login-ng cert uni-stuttgart de] On Behalf Of
xxxxxx
Sent: 19 August 2005 14:14
To: cert-ag () pre-secure de
Subject: Dumador-Varianten gesucht

Hallo,

falls jemand Dumador-Varianten zur Verfuegung stellen kann, die sich von
den nachfolgenden (in der Md5summe) unterscheiden, wuerde ich mich ueber
eine Kopie freuen ;)

       malware (md5sum)           |             kaspersky
----------------------------------+------------------------------------
 15ad2f3a70e52c35aa4f899831405ed5 | found [Backdoor.Win32.Dumador.da]
 27d902c5d81bc610290d29523ea2f847 | found [Backdoor.Win32.Dumador.cx]
 2ac153e76d0bea993a19ac1644ee0b9e | found [Backdoor.Win32.Dumador.dj]
 3c1b37fdd2faab2b003ba37352a89420 | found [Backdoor.Win32.Dumador.de]
 469f06b6de1994341604008f9e7a81d8 | found [Backdoor.Win32.Dumador.dg]
 6fdbbefce68a039a9ab56925d76d9265 | found [Backdoor.Win32.Dumador.cx]
 71c22653b198c5b74b518ce1260cd9a3 | found [Backdoor.Win32.Dumador.dh]
 a0fe4b4f3e430c476528dee6afb367bb | found [Backdoor.Win32.Dumador.cx]
 a68f0789cfeadcb3510278b4933b2a9e | found [Backdoor.Win32.Dumador.cx]
 e5bf5e14b28a771f6c985ebd343c0b51 | found [Backdoor.Win32.Dumador.do]
 f53308cb5512a1e22c5cb9ed7386f4ae | found [Backdoor.Win32.Dumador.dk]

McAfee nennt dies manchmal auch BackDoor-CCT, Symantec Nibu und 
eTrust-Vet kommt manchmal auf Namen wie Win32.DlWreck.K oder
Win32.Bambo. 
Allgemein beliebt ist jedoch "found nothing" ...

MfG, xxxxx,xxxxxx
-- 
Dipl. Phys. xxx xxxxxxx                     xxxxxx () cert uni-stuttgart de
RUS-CERT Universitaet Stuttgart        Tel:+49 711 121-xxxx / -xxxx
(fax)
Breitscheidstr. 2, D-70174 Stuttgart
http://cert.uni-stuttgart.de/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: