W32.Dumaru.B@mm is a mass-mailing worm that drops an IRC Trojan onto an infected computer. The worm gathers email addresses from certain file types and uses its own SMTP engine to email itself.
The email has the following characteristics:
From: "Microsoft" <email@example.com>
Subject: Use this patch immediately !
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
W32.Dumaru.B@mm will also infect the .exe files on NTFS partitions.
The worm will listen on ports:
- TCP 10000
- TCP 1001
- TCP 2283
And, the worm logs the keystrokes and sends the data to a specified email address.
On September 2, 2003, virus definitions were updated to detect minor variants of this worm.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.