W32.Dumaru.Z@mm is a multi-threaded, mass-mailing worm that downloads and runs a file, runs a keylogger, and attempts to steal personal information. This worm is similar to the W32.Dumaru.Y@mm
The email has the following characteristics:
From: "Elene" <F**KENSUICIDE@HOTMAIL.COM>
Subject: Important information for you. Read it immediately !
The attachment is a zip file that contains the worm executable as myphoto.jpg <spaces> .exe
". (There are numerous spaces between ".jpg" and ".exe".)
A large number of email messages were sent purporting to be from Microsoft, with a link to a Web page. This email exploits a bug in Microsoft Internet Explorer so that, although the link appears to be to www.microsoft.com, it is actually a link to a Web page that contains a Visual Basic script, which drops W32.Dumaru.Z@mm onto your computer under the name C:\2.exe.
The email that was sent is an HTML email message with the following characteristics -
: This is not the email that the worm sent itself, but it is rather an email sent to deceive people into downloading the worm:
From: "Security-center" [email@example.com]
Warning: a new virus, W32.Swen.A@mm, can infect your computer.
this is the latest version of security update, the "January 2004, Cumulative Patch" udate which eliminates all known security vulnerabilities afecting MS Internet Explorer, MS Outlook and MS Outlook Express. Install now to maintain the security of your computer from these vulnerabilities. This update includes the functionality of all previously released patches.
[end of email text].
The message includes two links named "Go to Download page."
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.