dumador keylogger protection?

webyourbusiness · #1 August 12th, 2005, 10:26 AM

In case anyone's interested - NOD32 already has protection from Dumador keylogger- search for dumador here:

http://www.nod32usa.com/nod32-updates/

Dumador info here:

http://abcnews.go.com/Technology/PCW...ory?id=1029067

cheers

Greg

rothko · #2 August 12th, 2005, 10:55 AM

thanks for the info, greg.

to quote from the abcnews article:

The Srv.SSA-KeyLogger is so new, says Sunbelt, that few antivirus vendors have developed definitions to remove the threat from infected machines. Srv.SSA-KeyLogger appears to be a variant of existing forms of keystroke-stealing Trojan Horses, called Dumador or Nibu.

if nod32 detects dumador, will it definately detect srv.ssa-keylogger?

lotuseclat79 · #3 August 12th, 2005, 11:27 AM

Checking the Trend Micro Whatsnew files for PC-Cillin updates I have received, it appears that PC-Cillin Internet Security 2005 has had dumador protection since Aug 7th.

-- Tom

P.S. Went back to check earlier files and Trend Micro has been protected since 11/26/2003 in update 690 from BKDR_DUMADOR.A, and up to 8/8/2005 for update 2-763 from BKDR_DUMADOR.AN, BKDR_DUMADOR.AX.

rothko · #4 August 12th, 2005, 11:52 AM

but the threat in the article is Srv.SSA-KeyLogger, just because the variants are in the signature database does that mean this one is definately protected against?

Detox · #5 August 12th, 2005, 11:58 AM

Quote:

Originally Posted by lotuseclat79

Checking the Trend Micro Whatsnew files for PC-Cillin updates I have received, it appears that PC-Cillin Internet Security 2005 has had dumador protection since Aug 7th.

-- Tom

P.S. Went back to check earlier files and Trend Micro has been protected since 11/26/2003 in update 690 from BKDR_DUMADOR.A, and up to 8/8/2005 for update 2-763 from BKDR_DUMADOR.AN, BKDR_DUMADOR.AX.

That's nice, but I'm pretty certain that the post is about Srv.SSA-KeyLogger - which is a new variant of the older "dumador" threats you are posting about.

Detox · #6 August 12th, 2005, 12:03 PM

Quote:

Originally Posted by rothko

but the threat in the article is Srv.SSA-KeyLogger, just because the variants are in the signature database does that mean this one is definately protected against?

Hm I had read the first post incorrectly myself

I see tons of "dumador" entries but can't find an SSk - but then Eset might have called it dumador.something like the other older versions

I dunno.

webyourbusiness · #7 August 12th, 2005, 12:42 PM

it's actually a good point - that ssa.keylogger MIGHT not be detected explicitly in signatures, but heuristics should (yes - should), detect it as unknown pe. Perhaps someone in Eset can confirm...

if you think you mis-read my OP - you might not have - I did have it posed as a question, as I was mis-typing dumador when I was searching at first...

rothko · #8 August 12th, 2005, 04:24 PM

Quote:

Originally Posted by webyourbusiness

it's actually a good point - that ssa.keylogger MIGHT not be detected explicitly in signatures, but heuristics should (yes - should), detect it as unknown pe. Perhaps someone in Eset can confirm...

yeah i'd really like to know the answer to this too

rothko · #9 August 17th, 2005, 05:51 AM

hiya, anyone have an answer to this?

thanks, lee

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search