Aliases: W32/Mumo, Win32/Mumo.5135, PE_MUMO.A, W32/Krepper.A, Win32/Mumo.5135 
Variants: Virus.Win32.Krepper.a, Win32.Krepper.a, W32/Delikon.gen, Win32.Crosser.5116 

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 29 Dec 2003
Damage: Low

Characteristics: The W32.Mumo virus is an encrypted and polymorphic virus that tries to infect Windows PE also called Windows portable executable files. When this virus infects a PE file, the size of the file is increased by approximately 8,192 bytes. File viruses like this malware can infect files using 3 different methods; by prepending, overwriting or appending. Prepending viruses inject their code at the host file’s first section, overwriting viruses completely replaces the host file’s code with their own and appending viruses inject their code to the host file’s last section.

More details about W32.Mumo

The W32.Mumo virus will automatically create a thread that is capable of looking for files in the location folder and all its subfolders where it was first executed. In the event that the virus comes across a portable executable file, it will then attempt to infect it. This security risk spreads copies of its code throughout a single computer system in an attempt to carry out malicious tasks. These tasks may include penetrating other resources within the compromised machine and launching its malicious code when a user carries out a designated task. Unlike worms, this malware do not make use of network resources for penetrating other systems. Instead, copies of its code are only capable of penetrating other systems if an infected file is used and the code is executed by a user on the uncompromised system.

This security threat’s successful infection of other machines can only be done when its infected file is on a network resource that other users have access to. Successful infection of other systems is likewise possible when this security risk infects a removable drive that is attached to an uninfected computer system or when a user a attaches the infected file to an email message and then sends it to a clean system. The W32.Mumo virus may also be used by other malware such as worms to serve as an additional payload.