Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 1070, Dumaru Worm, Email Disguised as Microsoft Patch

Published: 2004-01-24
Last Updated: 2004-01-24 18:06:31 UTC
by Kevin Hong (Version: 1)
0 comment(s)
Port 1070

We received a report that there is an increase scan on port 1070.

If you see any unusual activities or have any sample logs, please let us know.

http://isc.sans.org/port_details.html?port=1070

Dumaru Worm

There is a new variant of worm that sends an attachment as a zip file which contains the worm executable, myphoto.jpg<56 spaces>.exe.

On infected system, it may open a backdoor on port 10000 which allow the attacker to connect and perform malicious actions.

If you have a copy of the worm, please let us know.

http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.y@mm.html

http://www.f-secure.com/v-descs/dumaru_y.shtml

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DUMARU.Y

http://www.messagelabs.com/viruseye/info/default.asp?frompage=threats+list&fromURL=%2Fviruseye%2Fthreats%2Flist%2Fdefault%2Easp&virusname=W32%2FDumaru%2EY%2Dmm

Email Disguised as Microsoft Patch

We also received a report on an email disguising as Microsoft Security Patch. According to Microsoft, they will not send patches via email. If you receive such emails, be wary as most likely it is attempting to trick you to execute some malware.
Keywords:
0 comment(s)
Diary Archives