PDA

Visualizza versione completa : W32.Dumaru.M@mm - Rischio 3 - Update


Giorgius
25-09-2003, 09.20.24
La solita Mail con allegato Patch MS fasulla... :rolleyes:


Effetti:
W32.Dumaru.M@mm is a mass-mailing worm that drops an IRC Trojan onto an infected computer. The worm gathers email addresses from certain file types and uses its own SMTP engine to email itself.

The email has the following characteristics:

From: "Microsoft" <security@microsoft.com>
Subject: Use this patch immediately !
Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: Patch.exe

W32.Dumaru.M@mm will also infect the .exe files on NTFS partitions.

The worm will listen on ports:

TCP 10000
TCP 1001
TCP 2283

Also, the worm logs the keystrokes and sends the data to a specified email address.


Info:
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.m@mm.html


Aggiornamento AntiVirus al 24.09.03 ;)(Y)

Giorgius
25-09-2003, 09.40.27
http://vil.nai.com/vil/images/logo_main.gif

E' stata rilasciata la nuova Release Stinger v1.8.6

Download:
Mirror: http://download.nai.com/products/mcafee-avert/stinger.exe

Rileva:
This version of Stinger includes detection for all known variants, as of September 19, 2003:

BackDoor-AQJ
Bat/Mumu.worm
Exploit-DcomRpc
IPCScan IRC/Flood.ap
IRC/Flood.bi
IRC/Flood.cd
NTServiceLoader
PWS-Narod
PWS-Sincom
W32/Bugbear@MM
W32/Deborm.worm.gen
W32/Dumaru@MM
W32/Elkern.cav
W32/Fizzer.gen@MM
W32/FunLove W32/Klez
W32/Lirva
W32/Lovgate
W32/Lovsan.worm
W32/Mimail@MM
W32/MoFei.worm
W32/Mumu.b.worm
W32/Nachi.worm
W32/Nimda
W32/Sdbot.worm.gen
W32/SirCam@MM
W32/Sobig
W32/SQLSlammer.worm
W32/Swen@MM
W32/Yaha@MM