| W32/Dumaru.a@MM (W32/Dumaru@MM, WORM_DUMARU.A) is a Medium
Risk mass-mailing worm. It arrives as an email attachment with
an .exe extension. When run, it infects the host computer, then
emails itself (using its own SMTP engine) to harvested email
addresses from the victim's machine.
The worm searches the hard disk for files with the following
extensions: .htm .wab .html .dbx .tbb .abd and then sends
itself to email addresses from the host computer, via its
own SMTP engine. These email addresses are written to the
winload.log file. |
|
|
The worm can also infect .exe files on NTFS volumes using streams,
taking the place of the host file. Occasionally, the virus misinfects
such files. The original content of these mis-infected files is
not salvageable.
Additionally, a password stealer component is dropped by this worm, which is detected as PWS-Narod.
Because it sends so many emails, a worm like Dumaru also saps bandwidth and slows network performance. Worse, it can also open up a user's computer port, making it vulnerable to hackers, who can plant dangerous Trojans. These malicious programs often let unauthorized users remotely take over a system, steal personal information or use the infected PC to send spam. |
|
| What are the common subject lines, attachment names and message content associated with W32/Dumaru.a@MM emails? |
|
Subject:
Use this patch immediately !
Attachment:
patch.exe
From:
"Microsoft" security@microsoft.com
Body:
Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected! |
|
| How do you know if you've been infected? |
|
The worm copies itself onto an infected machine as:
- C:\WINNT\dllreg.exe
- C:\WINNT\SYSTEM\load32.exe
- C:\ WINNT\SYSTEM\vxdmgr32.exe
The PWS-Narod Trojan is copied to the Windows directory as windrv.exe |
|
| How do you clean your system if it’s already infected? |
|
| Download McAfee Stinger. A stand-alone utility used to detect and remove specific viruses, it is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. |
|
| How do you prevent future attacks? |
|
| Update your anti-virus software. Always ensure your virus definition DAT files are current. If you do not own anti-virus software, order McAfee VirusScan here. |
|
| Looking for more information about the worm? |
|
| For a more detailed description of Dumaru and its characteristics, visit the Virus Profile page. |
|
| New Users: Get Protected Now |
|
|
|
 |
| Existing Users: Make Sure Your Protection Is Up to Date |
|
|
|
|
|
