Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: XML RPC worm - New Variant - ELF_LUPPER.B SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
XML RPC worm - New Variant - ELF_LUPPER.B
We are receiving reports of malware that's an apparent relative of the lupii worm. The reported variant is named "listen".

Ivan Macalintal, Senior Threat Analyst, Trend Micro Inc., sent us the following information;

"LISTEN has a size of 443,364 bytes, but basically it still does the same thing.
MD5 Hashes (as compared with the previous LUPII variants):
5b1176a690feaa128bc83ad278b19ba8 *listen
df0e169930103b504081aa1994be870d *lupii
c9cd7949a358434bfdd8d8f002c7996b *lupii2

Trend has identified this variant as ELF_LUPPER.B, details of their analysis will be posted there shortly.

Additional information on "listen" has been submitted us by a contributors who wishes to remain anonymous. "Listen" is retrieved from and

Thanks very much both of you!

We'll post other details as they develop.

193 Posts
Nov 8th 2005

Sign Up for Free or Log In to start participating in the conversation!