Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32.Dumaru.AD@mm

Feb 3, 2004 10:23AM PST

Discovered on: February 03, 2004
Last Updated on: February 03, 2004 04:02:28 PM

W32.Dumaru.AD@mm is a multi-threaded, mass-mailing worm that downloads and runs a file, runs a keylogger, steals personal information, and starts an FTP server on port 10000. This worm is similar to the W32.Dumaru.Z@mm worm.

The worm uses its own SMTP engine to spread to the email addresses it finds on an infected system.

The email has the following characteristics:

From: "Elene" <F**KENSUICIDE@HOTMAIL.COM> (censored)
Subject: Important information for you. Read it immediately !
Attachment: Myphoto.zip

The attachment is a zip file that contains the worm executable as myphoto.jpg <spaces> .exe". (There are numerous spaces between ".jpg" and ".exe".)


Message:
Hi !
Here is my photo, that you asked for yesterday.


--------------------------------------------------------------------------------
Note: The email message contains an IFRAME exploit, so that Microsoft Outlook will download the worm from a hard-coded URL and execute it.
--------------------------------------------------------------------------------


Also Known As: I-Worm.Dumaru.gen [Kaspersky], W32/Dumaru.gen@MM [McAfee]
Variants: W32.Dumaru.Z@mm
Type: Worm

http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ad@mm.html

Discussion is locked