Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

WORM_DUMARU.AC

Feb 10, 2004 2:33PM PST

Virus type: Worm

Destructive: No

Description:

TrendLabs HQ received several reports of this polymorphic mass-mailing worm spreading via email.

This polymorphic, memory-resident worm drops and executes a copy of itself as NLOAD.EXE in the root directory. It employs several autostart techniques so that it runs at every system startup.

This worm uses SMTP (simple Mail Transfer Protocol) to send email to target users. It searches for its email recipients from files with the following extensions:


HTM
WAB
HTM
DBX
TBB
This worm spoofs the email address of the sender. It also includes an attachment (DOCUMENT.ZIP). As of this writing, this malware's propagation routine does not appear to be functioning properly.

It steals critical system and user information and sends all gathered data to a remote user.

It runs on Windows 95, 98, ME and XP.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DUMARU.AC

Discussion is locked