Fact Check

Dumaru Virus

Information about the 'Dumaru' worm.

David Mikkelson

Published Aug 23, 2003

Virus name:   Dumaru.


Status:   Real.

Example:   [Collected on the Internet, 2003]




From: "Microsoft"
Subject: Use this patch immediately !

Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now!
More than 500.000 already infected!

Attachment: patch.exe



Origins:   Dumaru is a mass-mailing worm which affects 32-bit Microsoft Windows systems (Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, and Windows XP). Dumaru arrives as an attachment (patch.exe) to a message masquerading as a Microsoft Security Update; when executed, it drops an IRC Trojan onto the target machine, gathers email addresses from the infected system, and replicates by employing its own SMTP engine to email itself to more victims.

Symantec provides removal tool for Dumaru on their web site.

Additional Information:




    W32.Dumaru@mm W32.Dumaru@mm   (Symantec)

Last updated:   27 January 2008

 

By David Mikkelson

David Mikkelson founded the site now known as snopes.com back in 1994.

Read More

Become
a Member

Your membership is the foundation of our sustainability and resilience.

Perks

Ad-Free Browsing on Snopes.com
Members-Only Newsletter
Cancel Anytime
$50.00 per year
$12.50 every 3 months
$5.00 per month
Choose your membership, or see other ways to help
default
Most Searched

Is Morgan Freeman Really Jimi Hendrix?
Cat, Pet, Mammal

Did a Michigan School District Install Litter Boxes in Bathrooms?
In early June 2022, we received reader mail that asked us to look into whether former US President Donald Trump tweeted to his supporters on January 6, 2021, the day of the US Capitol riot, to remain peaceful with no violence and to support our Capitol Police and law enforcement.

Did Trump Tweet ‘Stay Peaceful’ on Day of Capitol Riot?