On 23rd January 2004, MessageLabs, the email security company, intercepted a large number of copies of another variant of the Dumaru email worm – W32/Dumaru.Y.
The initial copy of this new variant originated from the USA. To date, the majority of infected emails that MessageLabs have intercepted were sent from the UK - 42% of the total number of emails seen.
Number of copies intercepted so far: 5,027
Time & Date first Captured: 23rd Jan 2004, 20.56 GMT
Origin of first intercepted copy: United States
The worm arrives as an attachment to an email called myphoto.zip (17Kb). The sender’s email address may be forged, and therefore does not indicate the true identity of the sender.
The worm spreads by emailing copies of itself to email addresses harvested from the infected computer, using its own email engine. The worm appears to contain a password-stealing or key-logging trojan component that may also leave a backdoor open on any infected computer connected to the Internet, allowing remote access to the recipient’s PC.
Note that many companies employing content filtering systems on their Internet email gateway may not prevent executable attachments contained inside a ZIP file.