How festive – the dasher worm…



The securityfix is reporting on a new worm that exploits an older Windows vulnerability. The worm is called dasher and is in at least it’s second iteration. Sans noticed an odd increase in port 1025 scans on the tenth of the month which was early activity of this worm. It looks like the first version of the worm didn’t work fully, but this second one does. It installs a keylogger.


The traditional view of a keylogger is a rather dumb logging device recording everything typed in on a given computer. Those are out there, but it’s speculated that this one (along with other viral keyloggers) specifically target financial sites and only log when a browser is visiting those sites. (which is a clever way to filter out the noise…)

If you’ve got all current windows updates and are running a firewall, this worm shouldn’t have a big impact for you. Make sure that you keep your antivirus updated though just the same.

It looks like this Christmas present comes from servers based in China…

Sans has an update here.

   Send article as PDF   

Similar Posts