Port 1070, Dumaru Worm, Email Disguised as Microsoft Patch
Port 1070
We received a report that there is an increase scan on port 1070.
If you see any unusual activities or have any sample logs, please let us know.
http://isc.sans.org/port_details.html?port=1070
Dumaru Worm
There is a new variant of worm that sends an attachment as a zip file which contains the worm executable, myphoto.jpg<56 spaces>.exe.
On infected system, it may open a backdoor on port 10000 which allow the attacker to connect and perform malicious actions.
If you have a copy of the worm, please let us know.
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.y@mm.html
http://www.f-secure.com/v-descs/dumaru_y.shtml
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DUMARU.Y
http://www.messagelabs.com/viruseye/info/default.asp?frompage=threats+list&fromURL=%2Fviruseye%2Fthreats%2Flist%2Fdefault%2Easp&virusname=W32%2FDumaru%2EY%2Dmm
Email Disguised as Microsoft Patch
We also received a report on an email disguising as Microsoft Security Patch. According to Microsoft, they will not send patches via email. If you receive such emails, be wary as most likely it is attempting to trick you to execute some malware.
We received a report that there is an increase scan on port 1070.
If you see any unusual activities or have any sample logs, please let us know.
http://isc.sans.org/port_details.html?port=1070
Dumaru Worm
There is a new variant of worm that sends an attachment as a zip file which contains the worm executable, myphoto.jpg<56 spaces>.exe.
On infected system, it may open a backdoor on port 10000 which allow the attacker to connect and perform malicious actions.
If you have a copy of the worm, please let us know.
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.y@mm.html
http://www.f-secure.com/v-descs/dumaru_y.shtml
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DUMARU.Y
http://www.messagelabs.com/viruseye/info/default.asp?frompage=threats+list&fromURL=%2Fviruseye%2Fthreats%2Flist%2Fdefault%2Easp&virusname=W32%2FDumaru%2EY%2Dmm
Email Disguised as Microsoft Patch
We also received a report on an email disguising as Microsoft Security Patch. According to Microsoft, they will not send patches via email. If you receive such emails, be wary as most likely it is attempting to trick you to execute some malware.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments