- February 10, 2004
- February 13, 2007 12:17:17 PM
Also Known As:
- W32/Mimail.u@MM [McAfee], Win32.Mimail.U[Computer Associ
W32.Dumaru.AH@mm is a multi-threaded, mass-mailing worm that opens a backdoor, runs a keylogger, and attempts to steal personal information. The worm uses its own SMTP engine to spread to email addresses that it finds in the files on an infected system.
The email has the following characteristics:
From: random characters@<a domain from an email addresses found on the infected computer>
Attachment: document.zip (The attachment is a zip file that contains the worm executable, myphoto.jpg<56 spaces>.exe.)
The worm is similar to the W32.Dumaru.Y@mm worm and arrives as a dropper.
Antivirus Protection Dates
Initial Rapid Release version February 11, 2004
Latest Rapid Release version December 1, 2016 revision 025
Initial Daily Certified version February 11, 2004
Latest Daily Certified version December 2, 2016 revision 001
Initial Weekly Certified release date February 11, 2004
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu