Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

How dumaru?

Peter Ferrie
Virus Bulletin, March 2004, pp.4-9
ISSN 0956-9979
March 2004

PDFDownload PDF (449.22Kb) (You need to be registered on forum)
[Back to index] [Comments]

Abstract

Take the SMTP client engine from W32/Mimail (see VB, September 2003, p.4), add some primitive social engineering in the email and some alternative-stream support from W2K/Stream (see VB, October 2000, p.6). Share the code freely so that others can add some backdoor capabilities and disable and/or remove other features. The resulting mess could be the W32/Dumaru family.

While Dumaru is classified as a virus family, the only variants that infect files are .A, .B, .D, .J, .Q and .T. Variants .F, .O, .S, .U and .AA do not even replicate, since their email replication code is disabled; these are simply backdoor programs.

[Read the article]

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org
deenesitfrplruua