1. Symantec/
  2. Security Response/
  3. W32.Dumaru.AH@mm


Risk Level 2: Low

February 10, 2004
February 13, 2007 12:17:17 PM
Also Known As:
W32/Mimail.u@MM [McAfee], Win32.Mimail.U[Computer Associ
Systems Affected:

W32.Dumaru.AH@mm is a multi-threaded, mass-mailing worm that opens a backdoor, runs a keylogger, and attempts to steal personal information. The worm uses its own SMTP engine to spread to email addresses that it finds in the files on an infected system.

The email has the following characteristics:

From: random characters@<a domain from an email addresses found on the infected computer>
Subject: Unknown
Attachment: document.zip (The attachment is a zip file that contains the worm executable, myphoto.jpg<56 spaces>.exe.)

The worm is similar to the W32.Dumaru.Y@mm worm and arrives as a dropper.

Antivirus Protection Dates

  • Initial Rapid Release version February 11, 2004
  • Latest Rapid Release version December 1, 2016 revision 025
  • Initial Daily Certified version February 11, 2004
  • Latest Daily Certified version December 2, 2016 revision 001
  • Initial Weekly Certified release date February 11, 2004
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube