Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Don't Believe Your Browser - It Could Be Dumaru

  • 27 January, 2004 08:36

<p>Kaspersky Labs warns users about three new modifications of Dumaru, an email worm: versions j, .k and .l. The unusual propagation techniques and high dissemination rate have resulted in infections worldwide, causing a new global outbreak.</p>
<p>Dumaru was first detected in September 2003 and has remained among the most active malicious programs ever since. The original worm was written in Russia, but subsequent versions appears to come from Germany.</p>
<p>The latest versions of Dumaru contain only minor modifications. However, the multi-tier propogation method used to disseminate the malicious program has caused a worldwide outbreak within a matter of days.</p>
<p>Initial propagation was assured by the mass mailing of a message purportedly originating from Microsoft in which users were offered updates to their virus protection.</p>
<p>In reality, the message contains the Trojan program UrlSpoof. Once the link in the letter is activated, a new Internet window opens onto a Microsoft look-alike web site. Moreover, "UrlSpoof" utilizes a vulnerability in Internet Explorer, which allows the worm to display www.microsoft.com in the address bar, even though the user is actually on another site.</p>
<p>While the user is browsing this site, the victim machine is transformed into a Dumaru carrier and the worm then initiates the mailing process from the new computer.</p>
<p>"This outbreak has once again demonstrated that virus writers and spammers are joining forces," comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs. "Viruses are using spamming techniques more and more in order to increase propagation speed, whereas spammers are using viruses to create networks of infected machines for use in mass mailing campaigns".</p>
<p>Kaspersky Labs anti-virus databases have already been updated with protection against the new versions of Dumaru. A detailed description of these versions of Dumaru can be found in the Kaspersky Virus Encyclopedia.</p>
<p>For further information on Kaspersky Labs and products, please contact Raelen Forbes 02 9672 4222, or by email sales@kaspersky.com.au.</p>

Most Popular

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release