Hi Guys

Get more info on this (Currently) Cat 3 Worm and IRC Trojan from Symantec

Another case of social engineering..

Wild: Medium
Damage: Low
Distribution: Medium
W32.Dumaru@mm is a mass-mailing worm that drops an IRC Trojan onto the infected machine. The worm gathers email addresses from certain file types and uses its own SMTP engine to email itself.

The email has the following characteristics:

From: "Microsoft" <[email protected]>
Subject: Use this patch immediately !
Message:
Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: patch.exe

This threat is written in the Microsoft C++ programming language and is compressed with UPX.

Symantec Security Response has created a tool to remove W32.Dumaru@mm.
Cheers