- 27 January 2004 08:36
Don't Believe Your Browser - It Could Be Dumaru
Kaspersky Labs warns users about three new modifications of Dumaru, an email worm: versions j, .k and .l. The unusual propagation techniques and high dissemination rate have resulted in infections worldwide, causing a new global outbreak.
Dumaru was first detected in September 2003 and has remained among the most active malicious programs ever since. The original worm was written in Russia, but subsequent versions appears to come from Germany.
The latest versions of Dumaru contain only minor modifications. However, the multi-tier propogation method used to disseminate the malicious program has caused a worldwide outbreak within a matter of days.
Initial propagation was assured by the mass mailing of a message purportedly originating from Microsoft in which users were offered updates to their virus protection.
In reality, the message contains the Trojan program UrlSpoof. Once the link in the letter is activated, a new Internet window opens onto a Microsoft look-alike web site. Moreover, "UrlSpoof" utilizes a vulnerability in Internet Explorer, which allows the worm to display www.microsoft.com in the address bar, even though the user is actually on another site.
While the user is browsing this site, the victim machine is transformed into a Dumaru carrier and the worm then initiates the mailing process from the new computer.
"This outbreak has once again demonstrated that virus writers and spammers are joining forces," comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs. "Viruses are using spamming techniques more and more in order to increase propagation speed, whereas spammers are using viruses to create networks of infected machines for use in mass mailing campaigns".
Kaspersky Labs anti-virus databases have already been updated with protection against the new versions of Dumaru. A detailed description of these versions of Dumaru can be found in the Kaspersky Virus Encyclopedia.
For further information on Kaspersky Labs and products, please contact Raelen Forbes 02 9672 4222, or by email sales@kaspersky.com.au.
Get exclusive access to CSO, invitation only events, reports & analysis. - 1
AusCERT 2013: Cloud-based scanner identifies new malware by its ancestry
- 2
Dell targets ANZ security opportunities as SecureWorks debuts locally
- 3
AusCERT 2013: Users, cats more likely hack culprits than cyber-espionage: Trustwave
- 4
AusCERT 2013: Ashley Deuble: Network Security Monitoring with Security Onion
- 5
AusCERT 2013: International cyberwar response more complex than geopolitical treaties: NATO CCD COE analyst
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
Warning: Tips for secure mobile holiday shopping
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.
