Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Port 1070, Dumaru Worm, Email Disguised as Microsoft Patch - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Port 1070, Dumaru Worm, Email Disguised as Microsoft Patch
Port 1070

We received a report that there is an increase scan on port 1070.

If you see any unusual activities or have any sample logs, please let us know.

Dumaru Worm

There is a new variant of worm that sends an attachment as a zip file which contains the worm executable, myphoto.jpg<56 spaces>.exe.

On infected system, it may open a backdoor on port 10000 which allow the attacker to connect and perform malicious actions.

If you have a copy of the worm, please let us know.

Email Disguised as Microsoft Patch

We also received a report on an email disguising as Microsoft Security Patch. According to Microsoft, they will not send patches via email. If you receive such emails, be wary as most likely it is attempting to trick you to execute some malware.

32 Posts
Jan 24th 2004

Sign Up for Free or Log In to start participating in the conversation!