Computer Advisory Notification

Home Table of Contents News Archive CANs Subscribe Products Services Promotions Pricing & Policies About Us Contact Us Links Search This Site Employee Intranet

CAN20030820a
Dumaru Worm E-mail Spreading

Fake "Patch" Appears To Be E-mail From Microsoft

Dates & Revisions

  • Original CAN date: August 20, 2003
  • Latest revision: August 20, 2003

Systems Affected

  • Microsoft Windows 95
  • Microsoft Windows 98
  • Microsoft Windows ME
  • Microsoft Windows NT 4.0
  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Microsoft Windows Server 2003

Problem Overview

An e-mail worm is spreading across the Internet and infecting many Windows-based PCs with an attached file which users must open to activate. The message falsely appears to contain a file from Microsoft containing a patch for the Internet Explorer browser program. In reality, the attached file is a worm which causes changes to system files and mass mails itself to most e-mail addresses which it finds on your computer.

The message appears as:

From: "Microsoft" <security@microsoft.com>
Subject: Use this patch immediately !
Message: Dear friend , use this Internet Explorer patch now! There are dangerous virus in the Internet now! More than 500.000 already infected!
Attachment: patch.exe 

The language used in the message should be an obvious clue that the message is not legitimate. It is important to note that this message is NOT from Microsoft and that Microsoft NEVER distributes patches to users in the form of e-mail attachments.

If you open the attachment, you will infect your computer. Once your system is infected, you may notice sluggish Internet response as the worm e-mails itself to the e-mail addresses which it finds on your computer. Additionally, due to the system configuration changes made by the worm, you may experience system instability, lockups, or crashes.

Problem Details

For detailed technical descriptions of the problem, please review the following links:

Please note that the organizations controlling the content of the web sites referenced by these links may periodically update the information on their sites as new details about the severity of the threat become known.

What Should I Do?

You should immediately:

  • review the bulletins listed above, and
  • delete any such e-mail which you receive, and
  • update your anti-virus software with the latest available signature files.

What If I Am Unable To Fix The Problem?

If you are unable to correct these problems yourself or are unsure how to proceed, contact Logical Operators by clicking here and arrange to have one of our service technicians check your system and apply the corrections for you (standard service fees will apply). In addition to correcting the problem(s) listed in this CAN, our technicians can also test your system for thousands of other known threats which may be present on your system, make valuable recommendations on securing your system from future threats, and perform numerous other computing services.

Related Information:
 

Recent CAN Newsletters:
 

Recent CANs:

 

If You Are On A Managed Network...

If your computer is on a managed network, you should contact your network administrator before making any changes to your system to ensure that your changes will not conflict with other network services.

What Is A CAN?

You can read an overview of Computer Advisory Notifications by visiting the CANs home page. Complete instructions on how to subscribe to the CANs mailing list (and how to unsubscribe) are also listed there.

If you know of other computer users who would find this information useful, please forward a link to this page or your original CANs e-mail to them.