Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: XML RPC worm - New Variant - ELF_LUPPER.B - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
XML RPC worm - New Variant - ELF_LUPPER.B
We are receiving reports of malware that's an apparent relative of the lupii worm. The reported variant is named "listen".

Ivan Macalintal, Senior Threat Analyst, Trend Micro Inc., sent us the following information;

"LISTEN has a size of 443,364 bytes, but basically it still does the same thing.
MD5 Hashes (as compared with the previous LUPII variants):
5b1176a690feaa128bc83ad278b19ba8 *listen
df0e169930103b504081aa1994be870d *lupii
c9cd7949a358434bfdd8d8f002c7996b *lupii2

Trend has identified this variant as ELF_LUPPER.B, details of their analysis will be posted there shortly.

Additional information on "listen" has been submitted us by a contributors who wishes to remain anonymous. "Listen" is retrieved from 24.224.2.174 and 24.224.174.18

Thanks very much both of you!

We'll post other details as they develop.
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!