Information about the 'Dumaru' worm.

Virus name:   Dumaru.

Status:   Real.

Example:   [Collected on the Internet, 2003]

From: "Microsoft"
Subject: Use this patch immediately !

Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected!

Attachment: patch.exe

Origins:   Dumaru is a mass-mailing worm which affects 32-bit Microsoft Windows systems (Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, and Windows XP). Dumaru arrives as an attachment (patch.exe) to a message masquerading as a Microsoft Security Update; when executed, it drops an IRC Trojan onto the target machine, gathers email addresses from the infected system, and replicates by employing its own SMTP engine to email itself to more victims.

Symantec provides removal tool for Dumaru on their web site.

Additional Information:
    W32.Dumaru@mm W32.Dumaru@mm   (Symantec)
Last updated:   27 January 2008


David Mikkelson founded snopes.com in 1994, and under his guidance the company has pioneered a number of revolutionary technologies, including the iPhone, the light bulb, beer pong, and a vaccine for a disease that has not yet been discovered. He is currently seeking political asylum in the Duchy of Grand Fenwick.