x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Encyclopedia GetVirusCard True 0

Dumaru.Z

 
Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:Dumaru.Z
Technical name:W32/Dumaru.Z.worm
Threat level:Low
Alias:W32.Dumaru.K@mm, W32/Dumaru.Z
Type:Worm
Effects:  It steals confidential information, opens several ports and downloads a worm to the affected computer.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Jan. 26, 2004
Detection updated on:June 24, 2005
StatisticsNo
Proactive protection:
Yes, using TruPrevent Technologies
Country of origin:RUSSIA

Brief Description 

    

Dumaru.Z is a worm that spreads via e-mail in a message with the subject Important information for you. Read it immediatly ! and an attached file called MYPHOTO.ZIP.

Dumaru.Z steals information referred to e-gold accounts. It opens the communication ports 2,283 and 10,000 and listens to them, acting as a backdoor.

In addition, Dumaru.Z downloads the worm Spybot.FC to the affected computer. This worm attempts to connect to an IRC server in the domain egold-hosting.com, and disables several administrative tools, such as the Task manager and the Windows Registry editor, making it difficult to eliminate it from the computer.

The messages sent by Dumaru.Z include the Exploit/Iframe code, which allows it to be activated if the message is viewed through Outlook's Preview pane.

Visible Symptoms 

    

Dumaru.Z is easy to recognize, as it reaches the computer in an e-mail message with the subject Important information for you. Read it immediatly ! and an attached file called MYPHOTO.ZIP.