dumador keylogger protection?

Discussion in 'NOD32 version 2 Forum' started by webyourbusiness, Aug 12, 2005.

Thread Status:
Not open for further replies.
  1. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,661
    Location:
    Throughout the USA and Canada
    Last edited: Aug 12, 2005
  2. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    thanks for the info, greg.

    to quote from the abcnews article:

    The Srv.SSA-KeyLogger is so new, says Sunbelt, that few antivirus vendors have developed definitions to remove the threat from infected machines. Srv.SSA-KeyLogger appears to be a variant of existing forms of keystroke-stealing Trojan Horses, called Dumador or Nibu.

    if nod32 detects dumador, will it definately detect srv.ssa-keylogger?
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,390
    Checking the Trend Micro Whatsnew files for PC-Cillin updates I have received, it appears that PC-Cillin Internet Security 2005 has had dumador protection since Aug 7th.

    -- Tom

    P.S. Went back to check earlier files and Trend Micro has been protected since 11/26/2003 in update 690 from BKDR_DUMADOR.A, and up to 8/8/2005 for update 2-763 from BKDR_DUMADOR.AN, BKDR_DUMADOR.AX.
     
  4. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    but the threat in the article is Srv.SSA-KeyLogger, just because the variants are in the signature database does that mean this one is definately protected against?
     
  5. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    That's nice, but I'm pretty certain that the post is about Srv.SSA-KeyLogger - which is a new variant of the older "dumador" threats you are posting about.
     
  6. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    Hm I had read the first post incorrectly myself :oops:

    I see tons of "dumador" entries but can't find an SSk - but then Eset might have called it dumador.something like the other older versions o_O I dunno.
     
  7. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,661
    Location:
    Throughout the USA and Canada
    it's actually a good point - that ssa.keylogger MIGHT not be detected explicitly in signatures, but heuristics should (yes - should), detect it as unknown pe. Perhaps someone in Eset can confirm...

    if you think you mis-read my OP - you might not have - I did have it posed as a question, as I was mis-typing dumador when I was searching at first... ;)
     
  8. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    yeah i'd really like to know the answer to this too :)
     
  9. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    hiya, anyone have an answer to this? :) thanks, lee
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.