|Programming Language||Visual Basic Script|
|File Type||Win32 PE executable (.EXE)|
Upon running the Bumerang.exe file that contains the worm, the Bumerang worm gets to work, spreading to each computer in the network, which normally takes around 3-4 minutes. Once the worm starts spreading, it deletes its key from the registry, although it can still be aborted by using Task Manager.
Once all the PCs are infected, the worm goes 'dormant', and remains this way for a random amount of time. After this time has passed (usually between a month and a year after initial infection), the worm triggers its payload.
Before launching the payload, the worm sends a signal from the lead computer in the network to all the other copies of the worm present in the network to do the same, which normally takes around ten minutes to be completed. Once the worm receives a return signal from each and every infected PC in the network, it launches its payload.
Bumerang behaves like a worm version of the infamous CIH, destroying the user's hard drive and, if possible, attacking the user's BIOS chip, corrupting it and rendering the PC completely unusable. The behavior of the worm immediately before the payload means that normally all of the computers' data and BIOS systems are destroyed within quick succession of each other.