x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Dumaru

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Dumaru
Technical name:W32/Dumaru
Threat level:Low
Alias:Worm_Dumaru.A, W32.dumaru@mm
Type:Worm
Effects:  It installs a Trojan type backdoor, which attempts to connect to an IRC channel and waits for commands

Affected platforms:

Windows XP/2000/NT/ME/98/95

First detected on:Aug. 21, 2003
Detection updated on:Dec. 9, 2003
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies

Brief Description 

    

Dumaru is a worm that spreads via e-mail in a message with the subject Use this patch immediately ! and an attachment called PATCH.EXE .

Dumaru drops a Trojan type backdoor into the affected computer, which attempts to connect to an IRC   channel and waits for commands.

Dumaru sends itself out to all the addresses it finds in files with a WAB, DBX, TBB or ABD extension, or whose extension starts with HTM.

Visible Symptoms 

    

A clear indication that you have receive Dumaru is a message with the following characteristics:

  • Subject:
    Use this patch immediately !
  • Message:
    Dear friend , use this Internet Explorer patch now!
    There are dangerous virus in the Internet now!
    More than 500.000 already infected!
  • Attachments:
    PATCH.EXE