Discovered: May 18, 2009
Updated: May 19, 2009 2:50:02 AM
Type: Trojan
Infection Length: Varies
Systems Affected: Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Infostealer.Daonol is a Trojan horse that redirects network traffic and attempts to steal FTP account information from the compromised computer.
Infostealer.Daonol is downloaded from gumblar.cn or martuz.cn as a result of successful exploit attempts. For more information, please refer to the following blogs:
Viral Web Infections using Malware? Gumblar is, Unfortunately, Just Another Day on the WebMalware Whac-a-Mole: Gumblar is down, Martuz is up. Next?! Detection has been added for the injected scripts that point to gumblar.cn and martuz.cn as
Trojan.Malscript!html.
Protection
-
Initial Rapid Release version May 18, 2009 revision 040
-
Latest Rapid Release version January 24, 2010 revision 039
-
Initial Daily Certified version May 19, 2009 revision 002
-
Latest Daily Certified version January 25, 2010 revision 003
-
Initial Weekly Certified release date May 20, 2009
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Threat Assessment
Wild
-
Wild Level: Low
-
Number of Infections: 0 - 49
-
Number of Sites: 0 - 2
-
Geographical Distribution: Low
-
Threat Containment: Easy
-
Removal: Easy
Damage
-
Damage Level: Low
-
Releases Confidential Info: Steals FTP account information
-
Compromises Security Settings: Redirects network traffic
Distribution
Writeup By: Mircea Ciubotariu
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
