Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Dumaru-AE

Mar 5, 2004 1:55AM PST

Aliases
I-Worm.Dumaru.p

Type
Win32 worm

Description
W32/Dumaru-AE is a stealthing polymorphic worm that spreads via email and the KaZaA peer-to-peer network. The worm also has backdoor functionality and will steal password and system information from the victim's computer.
W32/Dumaru-AE arrives as an email with a file attachment named document.zip. Document.zip contains a file named myphoto.jpg<56 spaces>.exe. When this file is executed a file named nload.exe is dropped to the root folder and is executed.

When the worm is first executed it displays garbage text using Notepad.


More: http://www.sophos.com/virusinfo/analyses/w32dumaruae.html

Discussion is locked