Dumaru worm twists again
By Alun Williams
Posted on 29 Sep 2003 at 11:27
The Dumaru worm is continuing to evolve. First appearing only in mid-August, it has now reached its fifth generation in the wild with the Dumaru-E variant.
Purporting to come from 'security@microsoft.com', the virus email will have a subject line of 'Use this patch immediately !' and a patch.exe attachment.
As we always repeat, Microsoft does not send security updates by email so this message should be easily identifiable as a rogue mailing. Do not execute the patch attachment!
As well as carrying its own SMTP engine (to spread itself further by email) and attempting to infect all executables with copies of itself, the worm will monitor your computer activities.
It creates the file guid32.dll in the Windows folder to monitor running programs and keystrokes, and these will be logged into the files vxdload.log and winload.log in the Windows folder. These logs may later be uploaded to a remote FTP server.
More information can be found at the Sophos website.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
