Name: I-WORM.Dumaru.Y - I-WORM.Dumaru.Z
AKA:
Type: Internet Worm Backdoor
Size: 17370 byte
Platform: Win 95/98/ME/NT/2000/XP
Description:
This worm comes from an email message sent from ELENE (FUCKENSUICIDE@HOTMAIL.COM)
with MYPHOTO.ZIP as an attachment (above 17,8 Kb).
The infected message has the following subject:
Important information for you. Read it immediately !
and this body:
Hi !
Here is my photo, that you asked for yesterday.
If executed, Dumaru.Y creates the following files:
l32x.exe
vxd32v.exe
dllxw.exe
and edits windows' registry to execute them at windows startup.
Dumaru.Y also activates a BACKDOOR component that opens, and listens to, TCP ports n. 2283 and 10000.
Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”