New virus intercepted
Denis Beauchemin
Denis.Beauchemin at USHERBROOKE.CA
Thu Aug 18 16:03:40 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Denis Beauchemin wrote:
> Denis Beauchemin wrote:
>
>> Hello All,
>>
>> Last night we received many hundreds EXE files infected by
>> Backdoor.Win32.Dumador.dk, according to Kaspersky. No other virus
>> scanner I have detected anything suspicious: McAfee, Bitdefender and
>> ClamAV all said there was nothing wrong in the files.
>>
>> All files seem to be the same length (26112 bytes) and came from many
>> different IPs. They all have strange names (looks like random
>> characters) ending in .exe.
>>
>> I'm glad I don't let EXE/BAT/PIF/... files through!
>>
>> Denis
>>
> Overall we blocked 512 EXE on one of our external servers yesterday
> and no more than 3 came from the same IP. On the other external
> server, we blocked 525 EXE and no more than 4 came from the same IP...
>
> Funny thing: we received them from midnight to 1:35 and then nothing
> until 17:36 (5:36PM). It stopped at about 19:36 (7:36PM) to not be
> seen again...
>
> Still nothing detected by McAfee, Bitdefender or ClamAV...
>
The new DAT file (4562) detects them as BackDoor-CCT trojan.
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x2252 F: 819.821.8045
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list