New Dumaru virus, it's a new variant of Elene

Two new variants, Dumaru.Y and .Z, are now circulating in the net. The "Y" variant attach a 17.5KB MYPHOTO.ZIP file, the "Z" one attach a 14.5KB one.

Name: I-WORM.Dumaru.Y - I-WORM.Dumaru.Z


Type: Internet Worm Backdoor

Size: 17370 byte 

Platform: Win 95/98/ME/NT/2000/XP 


This worm comes from an email message sent from ELENE (FUCKENSUICIDE@HOTMAIL.COM)
with MYPHOTO.ZIP as an attachment (above 17,8 Kb).
The infected message has the following subject:
Important information for you. Read it immediately !

and this body:

Hi !

Here is my photo, that you asked for yesterday.

If executed, Dumaru.Y creates the following files: 


and edits windows' registry to execute them at windows startup.

Dumaru.Y also activates a BACKDOOR component that opens, and listens to, TCP ports n. 2283 and 10000.
Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: