Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WORM_DUMARU.AB

Feb 2, 2004 11:54PM PST

Virus type: Worm

Destructive: No

Aliases: W32/Dumaru.Ab@mm, Win32/ZHymn, I-Worm.Dumaru

Description:


This memory-resident worm propagates via email. It uses its own Simple Mail Transfer Protocol (SMTP) engine to send out email messages that have the following details:

From: Elene <FU<blocked>ENSUICIDE@hotmail.com>
Subject: Important information for you. Read it immediately !
Message Body:
Hi!
Here is my photo, that you asked for yesterday.
Attachment: myphoto.zip

This email message is sent to all addresses found in the affected machine, which the malware aquires from files with certain extensions.

This worm has backdoor capabilities. It listens on port 10000, where it sets up a remote FTP server that allows full access to all files in the affected machine.

It logs keystrokes and steals system information, including user information related to E-gold bank accounts.

This FSG-compressed malware runs on Windows 95, 98, ME, NT, 2000 and XP.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DUMARU.AB

Discussion is locked