Dumador.IK

Download VIRUSfighter NOW
Dumador.IK Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 8/11/2005 • Type: Backdoor
• Virus characteristics first published: 8/11/2005 • Spreading mechanism: Other
• Virus characteristics latest update: 11/28/2005 • Overall risk: Medium
• Alias: Dumador.DG, Win32.Bambo, W32/Dumador.AG@bd, W32/Dumador.J-bdr, BKDR_DUMADOR.AX, Backdoor.Nibu • Payload: Keylogger

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
Dumador.IK will attempt to send keystrokes, and other sensitive information back to the virus author. This backdoor will specifically target the Windows clipboard, and the protected storage area of the registry, which contains auto-complete data for IE. Also, Dumador.IK attempts to steal information from browser Windows with the following strings in their title:

  • gold
  • Storm
  • e-metal
  • Money
  • money
  • WM Keeper
  • Keeper
  • Fethard
  • fethard
  • bull
  • Bull
  • mull
  • PayPal
  • Bank
  • bank
  • cash
  • anz
  • ANZ
  • shop
  • Shop
  • ebay
  • invest
  • casino
  • bookmak
  • pay
  • member
  • fund
  • Invest
  • Casino
  • Bookmak
  • Pay
  • Member
  • Fund
  • bet
  • Bet
  • bill
  • Bill
  • login
  • Login
  • eqw

The backdoor also attempts to prevent access to certain AV vendors sites, by appending the following entries to the \drivers\etc\hosts file:

  • www.trendmicro.com
  • trendmicro.com
  • rads.mcafee.com
  • customer.symantec.com
  • liveupdate.symantec.com
  • us.mcafee.com
  • updates.symantec.com
  • update.symantec.com
  • www.nai.com
  • nai.com
  • secure.nai.com
  • dispatch.mcafee.com
  • download.mcafee.com
  • www.my-etrust.com
  • my-etrust.com
  • mast.mcafee.com
  • ca.com
  • www.ca.com
  • networkassociates.com
  • www.networkassociates.com
  • avp.com
  • www.kaspersky.com
  • www.avp.com
  • kaspersky.com
  • www.f-secure.com
  • f-secure.com
  • viruslist.com
  • www.viruslist.com
  • liveupdate.symantecliveupdate.com
  • mcafee.com
  • www.mcafee.com
  • sophos.com
  • www.sophos.com
  • symantec.com
  • securityresponse.symantec.com
  • us.mcafee.com/root/
  • www.symantec.com

Dumador.IK contains multiple backdoors, which listen on ports 9125 and 64972.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter