February 2006

Select the links for detailed information and removal tools for the latest viruses

For a Superior AntiVirus/Internet Security solution
Use AVG. Read about it here

W32.Beagle.DS 02/15/06 2
W32.Exvid.A 02/13/06 2
W32.Kedebe.H 02/13/06 2
W32.Beagle.DO 02/10/06 2
W32.Jalabed 02/09/06 2
W32.Kiman.B 02/08/06 2
W32.Beagle.DN 02/04/06 2
W32.Beagle.DM 02/02/06 2
W32.Beagle.DL 02/02/06 2
W32.Kiman.A 02/02/06 2
W32.Loxbot.F 02/01/06 2

W32.Loxbot.F
Discovered February 01, 2006
Systems Affected: All Windows32 Systems

W32.Loxbot.F is a worm that opens a back door on the compromised computer allowing a remote attacker to issue various commands, and spreads using AOL, MSN and Yahoo Instant Messenger. The worm also lowers security on the compromised computer by disabling security related services.

Payload Trigger: n/a
Payload: Opens a back door.
Compromises security settings: Lowers security settings by disabling security-related settings.
Distribution
Target of infection: AOL, MSN and Yahoo Instant Messenger

Read the full Symantec report here

W32.Kiman.A
Discovered February 02, 2006
Systems Affected: All Windows32 Systems

W32.Kiman.A is a worm that has distributed denial of service and back door capabilities. The worm spreads by copying itself to network shares protected by weak passwords or by exploiting computer vulnerabilities.

Payload Trigger: n/a
Payload: Opens a back door.
Causes system instability: Modifies registry entries to change system configurations.
Distribution
Ports: TCP port 443

Read the full Symantec report here

Download the Removal Tool here

W32.Beagle.DL@mm
Discovered February 02, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.DL@mm is a mass-mailing worm that uses its own SMTP engine to spread to peer-to-peer and file sharing networks. It opens a back door on the compromised computer and attempts to lower security settings. The worm may also download and execute remote files.

Payload Trigger: n/a
Payload: Opens a back door and attempts to download a remote file.
Large scale e-mailing: Mass-mails itself to addresses gathered from the compromised computer.
Degrades performance: Propagation may degrade performance.
Compromises security settings: Attempts to delete processes and blocks access to Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies

Read the full Symantec report here

W32.Beagle.DM@mm
Discovered February 02, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.DM@mm is a mass-mailing worm that uses its own SMTP engine to spread to peer-to-peer and file-sharing networks. It attempts to lower security settings and may also download and execute remote files.

Payload Trigger: n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered form the compromised computer.
Compromises security settings: Ends security-related processes and blocks access to security related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies

Read the full Symantec report here

W32.Beagle.DN@mm
Discovered February 04, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.DN@mm is a mass-mailing worm that uses its own SMTP engine and file-sharing networks to spread. It opens a back door on the compromised computer and attempts to lower security settings. The worm also tries to download and execute remote files.

Payload Trigger: n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered form the compromised computer.
Compromises security settings: Prevents security-related processes from starting.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies

Read the full Symantec report here

W32.Kiman.B
Discovered February 08, 2006
Systems Affected: All Windows32 Systems

W32.Kiman.B is a worm that has distributed denial of service and back door capabilities. The worm spreads by copying itself to network shares protected by weak passwords or by exploiting computer vulnerabilities.

Payload Trigger: n/a
Payload: Opens a back door on the compromised computer.
Causes system instability: Spreads by exploiting vulnerabilities, which may impact system performance.
Compromises security settings: Modifies registry entries in order to lower security settings.
Distribution
Ports: TCP ports 135, 139, 443, 445, 1025 and UDP port 1434.

Read the full Symantec report here

Download the Removal Tool here

W32.Jalabed@mm
Discovered February 09, 2006
Systems Affected: All Windows32 Systems

W32.Jalabed@mm a mass-mailing worm with back door capabilities that sends a copy of itself to email addresses gathered from the compromised computer. It also spreads via mIRC.

Payload Trigger: n/a
Payload: Opens a back door on the compromised computer.
Modifies files: hosts file
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with .exe file attachment
Size of attachment: 50,023 bytes
Ports: TCP port 2006
Shared drives: Copies itself to network drives.

Read the full Symantec report here

W32.Beagle.DO@mm
Discovered February 10, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.DO@mm is a mass-mailing worm that uses its own SMTP engine and file-sharing networks to spread. It opens a back door on the compromised computer and attempts to lower security settings. The worm also tries to download and execute remote files.

Payload Trigger: n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered form the compromised computer.
Compromises security settings: Prevents security-related processes from starting.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies

Read the full Symantec report here

W32.Kedebe.H@mm
Discovered February 13, 2006
Systems Affected: All Windows32 Systems

W32.Kedebe.H@mm is a mass-mailing worm that lowers security settings by deleting files, ending processes, and preventing access to security-related Web sites.

Payload Trigger: n/a
Payload: Attempts to download remote files.
Large scale e-mailing: Uses its own SMTP engine to mass-mail copies of itself to addresses gathered on the compromised computer.
Deletes files: Deletes specific files on the compromised computer.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies

Read the full Symantec report here

W32.Exvid.A@mm
Discovered February 13, 2006
Systems Affected: All Windows32 Systems

W32.Exvid.A@mm is a virus with keylogging capabilities that spreads using its mass-mailing functionality and through network shares.

Payload Trigger: n/a
Payload: Steals sensitive information from the compromised computer.
Modifies files: Appends a copy of itself to all executable files it finds.
Distribution
Subject of email: Varies.

Read the full Symantec report here

W32.Beagle.DS@mm
Discovered February 15, 2006
Systems Affected: All Windows32 Systems

W32.Beagle.DS@mm is a mass-mailing worm that uses its own SMTP engine and file sharing networks to spread. It opens a back door on the compromised computer and attempts to lower security settings. The worm also tries to download and execute remote files.

Payload Trigger: n/a
Payload: Attempts to download remote files.
Large scale e-mailing: Mass-mails itself to addresses gathered on the compromised computer.
Compromises security settings: Attempts to disable security-related applications.
Distribution
Subject of email: Varies
Name of attachment: Varies with exe file extension
Size of attachment: 28,503 bytes

Read the full Symantec report here