1. Symantec/
  2. Security Response/
  3. W32.Dumaru.B@mm


Risk Level 2: Low

August 20, 2003
February 13, 2007 12:05:21 PM
Systems Affected:

W32.Dumaru.B@mm is a mass-mailing worm that drops an IRC Trojan onto an infected computer. The worm gathers email addresses from certain file types and uses its own SMTP engine to email itself.

The email has the following characteristics:

From: "Microsoft" <security@microsoft.com>
Subject: Use this patch immediately !
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!

Attachment: Patch.exe

W32.Dumaru.B@mm will also infect the .exe files on NTFS partitions.

The worm will listen on ports:
  • TCP 10000
  • TCP 1001
  • TCP 2283

And, the worm logs the keystrokes and sends the data to a specified email address.

On September 2, 2003, virus definitions were updated to detect minor variants of this worm.

Antivirus Protection Dates

  • Initial Rapid Release version August 21, 2003
  • Latest Rapid Release version May 31, 2016 revision 036
  • Initial Daily Certified version August 21, 2003
  • Latest Daily Certified version June 1, 2016 revision 005
  • Initial Weekly Certified release date August 21, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Douglas Knowles

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube