Fact Check

Dumaru Virus

Information about the 'Dumaru' worm.

Published Aug 23, 2003


Virus name:   Dumaru.

Status:   Real.

Example:   [Collected on the Internet, 2003]

From: "Microsoft"
Subject: Use this patch immediately !

Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now!
More than 500.000 already infected!

Attachment: patch.exe

Origins:   Dumaru is a mass-mailing worm which affects 32-bit Microsoft Windows systems (Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, and Windows XP). Dumaru arrives as an attachment (patch.exe) to a message masquerading as a Microsoft Security Update; when executed, it drops an IRC Trojan onto the target machine, gathers email addresses from the infected system, and replicates by employing its own SMTP engine to email itself to more victims.

Symantec provides removal tool for Dumaru on their web site.

Additional Information:

    W32.Dumaru@mm W32.Dumaru@mm   (Symantec)

Last updated:   27 January 2008

David Mikkelson founded the site now known as snopes.com back in 1994.