Mumu (computer worm)
Encyclopedia
Mumu is a computer worm
that was isolated in June 2003.
The "standard" Mumu package consists of the following:
As previously mentioned, this varies by version. Mumu spreads by scanning IP addresses for open administrative network shares. It then attempts to guess the password to gain access and copy itself over.
Heavy correlation of Mumu infections with infections of the Valla virus have been observed. It is suspected that Mumu caused a resurgence in Valla infections after Valla infected one of the .exe files included in the Mumu package. Previous to this, Valla was considered obsolete. It now ranks among the most-reported viruses on the WildList.
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
that was isolated in June 2003.
Description
Mumu consists of a mix of malicious files and actual utilities. Because of the easily customised nature of this worm, many variants have been discovered, but most are generically detected under the Mumu. A name. The lone exception is Mumu.B, which is detected separately by most antivirus programs.The "standard" Mumu package consists of the following:
- A range of malicious batch fileBatch fileIn DOS, OS/2, and Microsoft Windows, batch file is the name given to a type of script file, a text file containing a series of commands to be executed by the command interpreter....
s - A number of "grey area" batch files, which use the utilities included in the Mumu package in a malicious way
- pcGhost and/or an nVidiaNVIDIANvidia is an American global technology company based in Santa Clara, California. Nvidia is best known for its graphics processors . Nvidia and chief rival AMD Graphics Techonologies have dominated the high performance GPU market, pushing other manufacturers to smaller, niche roles...
utility, both of which are legitimate utilities - Other various legitimate utilities
- A number of text files
As previously mentioned, this varies by version. Mumu spreads by scanning IP addresses for open administrative network shares. It then attempts to guess the password to gain access and copy itself over.
Heavy correlation of Mumu infections with infections of the Valla virus have been observed. It is suspected that Mumu caused a resurgence in Valla infections after Valla infected one of the .exe files included in the Mumu package. Previous to this, Valla was considered obsolete. It now ranks among the most-reported viruses on the WildList.