Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!

Bumerang

From Malware Wiki
Jump to: navigation, search
Bumerang
TypeWorm
Programming LanguageVisual Basic Script
PlatformMicrosoft Windows
File TypeWin32 PE executable (.EXE)
Alias(es)Worm.Win32.Bumerang
MD5db6d187103bf80f73c220eeac3bcb804
SHA-164fc8a64049bb9549496d79b83c9f597b340c763
SHA-256230b57d53ee4612a74fc28a29c00b5b917ba73dd8cd672fec7c55a9f7000397e
This box: view  talk  edit

Bumerang is a destructive, non-mass-mailing network worm. It spreads between vulnerable computers in a network, and was designed to work on Microsoft Windows 9x machines.

Payload

Upon running the Bumerang.exe file that contains the worm, the Bumerang worm gets to work, spreading to each computer in the network, which normally takes around 3-4 minutes. Once the worm starts spreading, it deletes its key from the registry, although it can still be aborted by using Task Manager.

Once all the PCs are infected, the worm goes 'dormant', and remains this way for a random amount of time. After this time has passed (usually between a month and a year after initial infection), the worm triggers its payload.

Before launching the payload, the worm sends a signal from the lead computer in the network to all the other copies of the worm present in the network to do the same, which normally takes around ten minutes to be completed. Once the worm receives a return signal from each and every infected PC in the network, it launches its payload.

Bumerang behaves like a worm version of the infamous CIH, destroying the user's hard drive and, if possible, attacking the user's BIOS chip, corrupting it and rendering the PC completely unusable. The behavior of the worm immediately before the payload means that normally all of the computers' data and BIOS systems are destroyed within quick succession of each other.

See Also

Media

File:400th Video Special - Bumerang Windows Worm Virus
Bumerang Windows worm in action on a virtual network (Credit: danooct1)