Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It steals confidential information, opens several ports and downloads a worm to the affected computer.|
|First detected on:||Jan. 26, 2004|
|Detection updated on:||June 24, 2005|
|Yes, using TruPrevent Technologies
|Country of origin:||RUSSIA|
Dumaru.Z is a worm that spreads via e-mail in a message with the subject Important information for you. Read it immediatly ! and an attached file called MYPHOTO.ZIP.
Dumaru.Z steals information referred to e-gold accounts. It opens the communication ports 2,283 and 10,000 and listens to them, acting as a backdoor.
In addition, Dumaru.Z downloads the worm Spybot.FC to the affected computer. This worm attempts to connect to an IRC server in the domain egold-hosting.com, and disables several administrative tools, such as the Task manager and the Windows Registry editor, making it difficult to eliminate it from the computer.
The messages sent by Dumaru.Z include the Exploit/Iframe code, which allows it to be activated if the message is viewed through Outlook's Preview pane.
Dumaru.Z is easy to recognize, as it reaches the computer in an e-mail message with the subject Important information for you. Read it immediatly ! and an attached file called MYPHOTO.ZIP.