dumador keylogger protection?

Discussion in 'NOD32 version 2 Forum' started by webyourbusiness, Aug 12, 2005.

Thread Status:
Not open for further replies.
  1. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Last edited: Aug 12, 2005
  2. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    thanks for the info, greg.

    to quote from the abcnews article:

    The Srv.SSA-KeyLogger is so new, says Sunbelt, that few antivirus vendors have developed definitions to remove the threat from infected machines. Srv.SSA-KeyLogger appears to be a variant of existing forms of keystroke-stealing Trojan Horses, called Dumador or Nibu.

    if nod32 detects dumador, will it definately detect srv.ssa-keylogger?
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Checking the Trend Micro Whatsnew files for PC-Cillin updates I have received, it appears that PC-Cillin Internet Security 2005 has had dumador protection since Aug 7th.

    -- Tom

    P.S. Went back to check earlier files and Trend Micro has been protected since 11/26/2003 in update 690 from BKDR_DUMADOR.A, and up to 8/8/2005 for update 2-763 from BKDR_DUMADOR.AN, BKDR_DUMADOR.AX.
     
  4. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    but the threat in the article is Srv.SSA-KeyLogger, just because the variants are in the signature database does that mean this one is definately protected against?
     
  5. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    That's nice, but I'm pretty certain that the post is about Srv.SSA-KeyLogger - which is a new variant of the older "dumador" threats you are posting about.
     
  6. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Hm I had read the first post incorrectly myself :oops:

    I see tons of "dumador" entries but can't find an SSk - but then Eset might have called it dumador.something like the other older versions o_O I dunno.
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    it's actually a good point - that ssa.keylogger MIGHT not be detected explicitly in signatures, but heuristics should (yes - should), detect it as unknown pe. Perhaps someone in Eset can confirm...

    if you think you mis-read my OP - you might not have - I did have it posed as a question, as I was mis-typing dumador when I was searching at first... ;)
     
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    yeah i'd really like to know the answer to this too :)
     
  9. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hiya, anyone have an answer to this? :) thanks, lee
     
Thread Status:
Not open for further replies.