New Dasher variant
Shortly after Dasher.A, we got a sample of another variant. This time the whole exploit chain is complete - the remote server where exploited machines connect to is currently up and running. The server instructs infected machines to download two files: a copy of the worm itself and a keylogger. The keylogger hides itself with a rootkit driver.
Both Dasher variants are using the same exploit code, released by "Swan" earlier this month. F-Secure : News from the Lab - December of 2005
Back to: PC Security, privacy news