TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_DUMARU.Z
Overview
Solution

Malware type: Worm

Aliases: Email-Worm.Win32.Dumaru.o (Kaspersky), Exploit-ObjectData.gen (McAfee), W32/Dumaru-K (Sophos), Worm:Win32/Dumaru.Z@mm (Microsoft)

In the wild: No

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Description: 

This mass-mailing worm propagates by sending copies of itself using its own Simple Mail Transfer Protocol (SMTP) engine.

The email message that it sends out has the following details:

From: Elene <FU<blocked>ENSUICIDE@hotmail.com>
Subject: Important information for you. Read it immediately !
Message Body:
Hi!
Here is my photo, that you asked for yesterday.
Attachment: myphoto.zip

It sends out an email message to all addresses it gathers from files with the following extensions:

  • ABD
  • DBX
  • HTM
  • HTML
  • TBB
  • WAB

This malware also has backdoor capabilities. It downloads a component detected as BKDR_IROFFER12.B.

It logs keystrokes and gathers information from the infected machine, which it saves and sends out to a malicious user through email. It also steals clipboard and protected storage data, as well as user information related to E-gold bank accounts.

It runs on Windows 95, 98, ME, NT, 2000 and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 26, 2004 3:33:15 AM GMT -0800
Description updated: Jan. 26, 2004 3:59:00 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.