|
April
2006
Select
the links for detailed information and removal tools for the latest viruses
For
a Superior AntiVirus/Internet Security solution
Use AVG. Read about it here
W32.Haytap 04/30/06 2
W32.Nugache.A 04/30/06 2
W32.Kidala.D 04/28/06 2
W32.Kidala.C 04/28/06 2
W32.Olmi.A 04/26/06 2
W32.Mydoom.FS 04/25/06 2
W32.Kidala.B 04/25/06 2
W32.Beagle.EC 04/24/06 2
W32.Kidala.A 04/22/06 2
W32.Polip 04/21/06 2
W32.Antinny.BF 04/19/06 2
W32.Mytob.PJ 04/19/06 2
W32.Mytob.PI 04/19/06 2
W32.Mytob.PE 04/15/06 2
MSIL.Lupar.A 04/15/06 2
W32.Beagle.EA 04/14/06 2
W32.Kedebe.I 04/13/06 2
MSIL.Letum.A 04/08/06 2
W32.Areses.A 04/04/06 2
W32.Spybot.AGEN 04/03/06 2
W32.Spybot.AGEN
Discovered
April 3, 2006
Systems Affected: All Windows32 Systems
W32.Spybot.AGEN
is a worm that has distributed denial of service, back door and rootkit
capabilities. The worm spreads by exploiting vulnerabilities and through
AOL instant messenger. It also lowers the security settings of the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Degrades performance: Denial of Service attacks may degrade performance.
Compromises security settings: Ends security-related services and modifies
registry entries to lower security settings.
Distribution
Ports: TCP Ports 135, 445 and 1863
Read
the full Symantec report here
W32.Areses.A@mm
Discovered
April 4, 2006
Systems Affected: All Windows32 Systems
W32.Areses.A@mm
is a mass-mailing worm that opens a back door on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends copies of itself by email to addresses gathered
from the compromised computer.
Degrades performance: Ends Internet Explorer instances.
Causes system instability: Attempts to inject its code into processes.
Distribution
Subject of email: [RANDOM]
Name of attachment: [RANDOM]
Ports: Random TCP Ports
Read
the full Symantec report here
MSIL.Letum.A@mm
Discovered
April 8, 2006
Systems Affected: All Windows32 Systems
MSIL.Letum.A@mm
is a worm written in Microsoft .NET's Microsoft Intermediate Language
(MSIL) that can affect both Windows PC and Windows Mobile powered devices
that have the .NET framework installed. The worm arrives as an attachment
to a spoofed email that pretends to come from Symantec and also spreads
through Usenet servers.
Payload Trigger:
n/a
Payload: n/a
Distribution
Subject of email: Varies
Name of attachment: test.exe
Size of attachment: Varies
The email
has the following characteristics:
From:
Symantec Security Response
Subject:
One of the following:
- Warning!
- Virus
Alert
- Customer
Support
- Re:
- Re:Warning
- Letum
- Virus
Report
Message
body:
One of the following:
Due to the
high increase of the Letum worm, we have upgraded it to Category B. Please
use our attached removal tool to scan and disinfect your computer from
the malware.
Regards
Security Response
I've found
this tool a couple of weeks ago, and after using it i was surprised on
how good [REMOVED] malware. The engine it uses isnt to bad, but the searching
speed is very fast for such a small size
Attachment:
test.exe
May display
the following message:
Title: Name
Entry Error
Text:
Dear [REMOVED]
[REMOVED]
is a person not a [REMOVED] genetically modified food product. \nShe's
not happy you called her that!
Regards
Read
the full Symantec report here
W32.Kedebe.I@mm
Discovered
April 13, 2006
Systems Affected: All Windows32 Systems
W32.Kedebe.I@mm
is a mass-mailing worm that lowers security settings by deleting files,
ending processes, and preventing access to security-related Web sites.
Payload Trigger:
n/a
Payload: Attempts to download remote files.
Large scale e-mailing: Uses its own SMTP engine to mass-mail copies of
itself to addresses gathered on the compromised computer.
Deletes files: Deletes specific files on the compromised computer.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
The email
has the following characteristics:
Subject:
One of the following:
• Delivery Status Notification(failure)
• Internal Mail Server Error
• Mail Error: Server unavailable
• **MAIL ERROR**
From:
One of the following:
• Server Administrator <administrator@[DOMAIN]>
• Webmaster <webmaster@[DOMAIN]>
• Hostmaster <hostmaster@[DOMAIN]>
• Mail administrator <administrator@[DOMAIN]>
• Postmaster <postmaster@[DOMAIN]>
Message
Body:
One of the following:
• Unexpected
end of header found. As a result, we are unable to decode the message.
Partial decoded message available.
• Unexpected error occured while delivering your message. See the
transcript.
• Error: Server not responding. See the attched printable document.
• Your online experience is logged. See the log file in the attachment.
• [MAIL_ADDRESS] mail session 220334 http:/ /www[RANDOM_DOMAIN]/sessionid.cgi?okssid23234=r
has expiered. Your status is attached.
Attachment:
One the following:
• report.doc.[EXTENSION]
• log.txt.[EXTENSION]
• error.doc.[EXTENSION]
• partial_body.[EXTENSION]
• status.txt.[EXTENSION]
Read
the full Symantec report here
W32.Beagle.EA@mm
Discovered
April 14, 2006
Systems Affected: All Windows32 Systems
W32.Beagle.EA@mm
is a mass-mailing worm that uses its own SMTP engine to spread. The worm
also tries to download and execute remote files.
Payload Trigger:
n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
form the compromised computer.
Degrades performance: Sending mass-mail may degrade system performance.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Read
the full Symantec report here
MSIL.Lupar.A
Discovered
April 15, 2006
Systems Affected: All Windows32 Systems
MSIL.Lupar.A
is a worm that opens a back door and spreads through file sharing networks.
Payload Trigger:
n/a
Payload: Opens a back door.
Releases confidential info: Sends confidential information to a remote
server.
Read
the full Symantec report here
W32.Mytob.PE@mm
Discovered
April 15, 2006
Systems Affected: All Windows32 Systems
W32.Mytob.PE@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer. The worm lowers
security settings and also spreads by exploiting vulnerabilities.
Payload Trigger:
n/a
Payload: Opens a back door and downloads and executes remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Compromises security settings: Disables the firewall and terminates security-related
programs.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 6555
Read
the full Symantec report here
W32.Mytob.PI@mm
Discovered
April 19, 2006
Systems Affected: All Windows32 Systems
W32.Mytob.PI@mm is a mass-mailing worm that uses its own SMTP engine
to send an email to addresses that it gathers from the compromised computer.
The worm also opens a back door and lowers security settings.
Payload Trigger:
n/a
Payload: Opens a back door and lowers security settings.
Large scale e-mailing: Emails itself to addresses gathered from the compromised
computer.
Degrades performance: Ends security related processes.
Distribution
Subject of email: Varies
Name of attachment: Varies
Read
the full Symantec report here
W32.Mytob.PJ@mm
Discovered
April 19, 2006
Systems Affected: All Windows32 Systems
W32.Mytob.PJ@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Compromises security settings: Attempts to end processes and block access
to Web sites, some of which may be security-related.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 1590
Read
the full Symantec report here
W32.Antinny.BF
Discovered
April 19, 2006
Systems Affected: All Windows32 Systems
W32.Antinny.BF
is a worm that spreads through the Winny and Share file-sharing networks
and may transmit sensitive information through these programs.
Payload Trigger:
n/a
Payload: Causes user emails to be accessible in file-sharing networks
Displays
a fake error message:
English translation:
Invalid pointer operation
Read
the full Symantec report here
W32.Polip
Discovered
April 21, 2006
Systems Affected: All Windows32 Systems
W32.Polip
is a polymorphic virus that infects .exe and .scr files when they are
opened or executed on the compromised computer. It hides its presence
on the compromised computer by injecting its code into running processes.
The virus
attempts to spread by sharing infected files on the Gnutella file sharing
network, even if the Gnutella software isn't installed on the compromised
computer. It also tries to lower security settings by deleting certain
files relating to antivirus software.
Payload Trigger:
n/a
Payload: Infects .exe and .scr files and lowers security settings.
Distribution
Target of infection: Infects .exe and .scr files.
Read
the full Symantec report here
W32.Kidala.A@mm
Discovered
April 22, 2006
Systems Affected: All Windows32 Systems
W32.Kidala.A@mm
is a mass-mailing worm that opens a back door on the compromised computer.
It also lowers security settings and exploits remote vulnerabilities.
Payload Trigger:
n/a
Payload: Opens a back door, downloads remote files, and lowers security
settings.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Distribution
Subject of email: Varies
Name of attachment: Varies
The email
has the following characteristics:
Subject:
One of the following:
• [BLANK]
• [RANDOM]
• Error
• Status
• Server Report
• Mail Transaction Failed
• Mail Delivery System
• hello
• hi
Message:
One of the following:
[BLANK]
[RANDOM]
• Mail transaction failed. Partial message is available.
• The message contains Unicode characters and has been sent as a
binary attachment.
• The message cannot be represented in 7-bit ASCII encoding and has
been sent as a binary attachment.
• test
Read
the full Symantec report here
W32.Beagle.EC@mm
Discovered
April 24, 2006
Systems Affected: All Windows32 Systems
W32.Beagle.EC@mm
is a mass-mailing worm that uses its own SMTP engine to spread. The worm
arrives as an email attachment with an .HTA extension.
Payload Trigger:
n/a
Payload: Attempts to download and execute remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
form the compromised computer.
Degrades performance: Sending mass-mail may degrade system performance.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Read
the full Symantec report here
W32.Kidala.B@mm
Discovered
April 25, 2006
Systems Affected: All Windows32 Systems
W32.Kidala.B@mm
is a mass-mailing worm that opens a back door on the compromised computer.
It also lowers security settings and exploits remote vulnerabilities.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Gathers email addresses from the compromised computer
Compromises security settings: Lower security settings.
Distribution
Subject of email: Varies
Name of attachment: Varies
Read
the full Symantec report here
W32.Mydoom.FS@mm
Discovered
April 25, 2006
Systems Affected: All Windows32 Systems
W32.Mydoom.FS@mm
is a mass-mailing worm that gathers email addresses from the compromised
computer and uses its own SMTP engine to spread.
Payload Trigger:
n/a
Payload: Opens a backdoor, listening on TCP port 6666, 6667, 6668, or
6669.
Large scale e-mailing: Gathers addresses from the compromised computer.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Ports: TCP port 6666, 6667, 6668, or 6669.
Read
the full Symantec report here
W32.Olmi.A@mm
Discovered
April 26, 2006
Systems Affected: All Windows32 Systems
W32.Olmi.A@mm
is a mass-mailing worm that opens a back door on the compromised computer.
It also lowers security settings and exploits remote vulnerabilities.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends email to addresses from the compromised computer.
Distribution
Subject of email: Varies
Name of attachment: Varies
Read
the full Symantec report here
W32.Kidala.C@mm
Discovered
April 28, 2006
Systems Affected: All Windows32 Systems
W32.Kidala.C@mm
is a mass-mailing worm that opens a back door on the compromised computer.
It also lowers security settings and exploits remote vulnerabilities.
Read
the full Symantec report here
W32.Kidala.D@mm
Discovered
April 28, 2006
Systems Affected: All Windows32 Systems
W32.Kidala.D@mm
is a mass-mailing worm that opens a back door on the compromised computer.
It also lowers security settings and exploits remote vulnerabilities.
Symantec Security Response is currently investigating this threat and
will post more information as it becomes available.
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Gathers email addresses from the compromised computer.
Compromises security settings: Lowers security settings and exploits remote
vulnerabilities.
Distribution
Subject of email: Varies
Name of attachment: Varies
Target of infection: IRC, Network Shares
Read
the full Symantec report here
W32.Nugache.A@mm
Discovered
April 30, 2006
Systems Affected: All Windows32 Systems
W32.Nugache.A@mm
is a worm that propagates through email, network shares, and instant messages.
It also opens a backdoor on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door on TCP port 8.
Large scale e-mailing: Sends itself out to email addresses gathered from
the compromised computer.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 8
Read
the full Symantec report here
W32.Haytap@mm
Discovered
April 30, 2006
Systems Affected: All Windows32 Systems
W32.Fakepatch@mm
is a mass-mailing worm that sends itself to Yahoo! Messenger contacts.
Payload Trigger:
n/a
Payload: Gathers contact information from Yahoo! Messenger.
Distribution
Subject of email: Important urgent download for yahoo messenger!!
Name of attachment:
email.exe
Read
the full Symantec report here
|
If you came to this page directly, click the icon at the left to be taken to our Home Page 
