Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search
Programming LanguageVisual Basic Script
PlatformMicrosoft Windows
File TypeWin32 PE executable (.EXE)
This box: view  talk  edit

Bumerang is a destructive, non-mass-mailing network worm. It spreads between vulnerable computers in a network, and was designed to work on Microsoft Windows 9x machines.


Upon running the Bumerang.exe file that contains the worm, the Bumerang worm gets to work, spreading to each computer in the network, which normally takes around 3-4 minutes. Once the worm starts spreading, it deletes its key from the registry, although it can still be aborted by using Task Manager.

Once all the PCs are infected, the worm goes 'dormant', and remains this way for a random amount of time. After this time has passed (usually between a month and a year after initial infection), the worm triggers its payload.

Before launching the payload, the worm sends a signal from the lead computer in the network to all the other copies of the worm present in the network to do the same, which normally takes around ten minutes to be completed. Once the worm receives a return signal from each and every infected PC in the network, it launches its payload.

Bumerang behaves like a worm version of the infamous CIH, destroying the user's hard drive and, if possible, attacking the user's BIOS chip, corrupting it and rendering the PC completely unusable. The behavior of the worm immediately before the payload means that normally all of the computers' data and BIOS systems are destroyed within quick succession of each other.

See Also


File:400th Video Special - Bumerang Windows Worm Virus
Bumerang Windows worm in action on a virtual network (Credit: danooct1)