|
June
2005
Select
the links for detailed information and removal tools for the latest viruses
Looking
for a better AntiVirus / Spyware solution?
We use AVG Professional. Download it here
W32.Mytob.GP 6/30/05 2
W32.Toxbot.C 6/30/05 2
W32.Mytob.GN 6/29/05 2
W32.Kelvir.DU 6/29/05 2
W32.Mytob.GM 6/29/05 2
W32.Spybot.RDW 6/29/05 2
W32.Mydoom.CF 6/28/05 2
W32.Kelvir.DT 6/28/05 2
W32.Mytob.GK 6/28/05 2
W32.Mytob.GJ 6/28/05 2
W32.Spybot.RBY 6/27/05 2
W32.Alcra.B 6/27/05 2
W32.Kelvir.DR 6/27/05 2
W32.Filukin.A 6/27/05 2
W32.Mytob.GG 6/26/05 2
W32.Kelvir.DQ 6/26/05 2
Trojan.Tooso.J 6/26/05 2
W32.Mytob.GC 6/24/05 2
W32.Mytob.GB 6/24/05 2
W32.Mytob.GA 6/24/05 2
W32.Mytob.FW 6/23/05 2
W32.Mytob.FX 6/23/05 2
W32.Mytob.FU 6/22/05 2
W32.Mytob.FT 6/21/05 2
W32.Mytob.FS 6/21/05 2
W32.Mytob.FP 6/20/05 2
W32.Mytob.FO 6/19/05 2
W32.Femot.O 6/18/05 2
W32.Beagle.BT 6/18/05 2
VBS.Ypsan.G 6/17/05 2
W32.Mytob.FI 6/17/05 2
W32.Mytob.FA 6/16/05 2
W32.Mytob.EY 6/16/05 2
W32.Mytob.EZ 6/16/05 2
W32.Opanki.B 6/15/05 2
W32.Mytob.EV 6/15/05 2
W32.Mytob.ET 6/15/05 2
W32.Mytob.ES 6/15/05 2
W32.Kelvir.DD 6/14/05 2
W32.Mytob.ER 6/14/05 2
W32.Mytob.EQ 6/14/05 2
W32.Mytob.EP 6/14/05 2
W32.Kelvir.DE 6/14/05 2
W32.Mytob.EO 6/14/05 2
W32.Mytob.EK 6/13/05 2
W32.Mytob.EH 6/13/05 2
W32.Kelvir.DA 6/13/05 2
W32.Mytob.EJ 6/13/05 2
W32.Mytob.EI 6/13/05 2
W32.Kedebe.D 6/12/05 2
W32.Mytob.EG 6/12/05 2
W32.Mytob.EF 6/12/05 2
W32.Mytob.EE 6/11/05 2
W32.Mytob.ED 6/11/05 2
W32.Mytob.EC 6/10/05 2
W32.Mytob.EB 6/10/05 2
W32.Mytob.EA 6/10/05 2
W32.Mytob.DY 6/09/05 2
W32.Mytob.DV 6/08/05 2
W32.Mytob.DP 6/08/05 2
W32.Mytob.DO 6/07/05 2
W32.Mytob.DL 6/07/05 2
W32.Mytob.DJ 6/06/05 2
W32.Spybot.PKC 6/06/05 2
W32.Mytob.DH 6/05/05 2
W32.Mytob.DG 6/05/05 2
W32.Nopir.C 6/04/05 2
W32.Mytob.DF 6/03/05 2
W32.Mytob.DD 6/03/05 2
W32.Mytob.DC 6/03/05 2
W32.Bobax.Z 6/03/05 2
W32.Appflet.A 6/02/05 2
W32.Mytob.DB 6/02/05 2
W32.Mytob.DA 6/02/05 2
W32.Mytob.CZ 6/01/05 2
W32.Mytob.CY 6/01/05 2
VBS.Ypsan.F 6/01/05 2
VBS.Ypsan.F
Discovered June 01, 2005
Systems Affected: All Windows32 Systems
VBS.Ypsan.F@mm
is a mass-mailing worm that sends itself to all email addresses gathered
from the Windows Address Book and also spreads through file-sharing networks.
The worm deletes several files, folders, and registry entries, and attempts
to shut down the compromised computer.
Payload
Trigger: n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to all email addresses in
the Windows Address Book.
Deletes files: Deletes files, folders, and registry entries.
Modifies files: Modifies the autoexec.bat and hosts file.
Degrades performance: Deletes files, folders, and registry entries, which
may degrade performance.
Causes system instability: Deletes files, folders, and registry entries,
which may cause system instability.
Compromises security settings: Ends security-related processes and blocks
access to security-related Web sites.
Distribution
Subject of email: Your Microsoft Infomarion
Name of attachment: All user.vbs
Read
the full Symantec report here
W32.Mytob.CY@mm
Discovered June 01, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.CY@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Modifies files: Modifies the Hosts files to block access to several security-related
Web sites.
Compromises security settings: Lowers security settings by ending security-related
processes and blocking access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: Varies
Ports: TCP port 4512
Read
the full Symantec report here
W32.Mytob.CZ@mm
Discovered June 01, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.CZ@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends a mass-mailing of itself.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends security-related processes and blocks
access to security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Size of attachment: 42,135 bytes
Ports: TCP port 3030.
Read
the full Symantec report here
W32.Mytob.DA@mm
Discovered June 02, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DA@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends a copy of itself.
Modifies files: Modifies the hosts files.
Compromises security settings: Blocks access to security-related Web sites
and blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: 62,464 bytes
Ports: TCP Port 4512
Read
the full Symantec report here
Download
the Removal Tool here
W32.Mytob.DB@mm
Discovered June 02, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DB@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Modifies files: Modifies the hosts files to block access to several security-related
Web sites.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: 62,464 bytes
Ports: TCP Port 4512
Read
the full Symantec report here
W32.Appflet.A@mm
Discovered June 02, 2005
Systems Affected: All Windows32 Systems
W32.Appflet.A@mm
is a mass-mailing worm that uses its own SMTP engine to send itself to
all email addresses that it finds on the compromised computer.
Payload Trigger:
n/a
Payload: Displays a fake message.
Large scale e-mailing: Distributes mass-mails using its own SMTP engine.
Degrades performance: Creates a mass mailing of itself which may clog
mail servers or degrade network performance.
Distribution
Subject of email: Actors Sexy Pictures! (Axe Sexye Bazigarhaye Cinema)
Name of attachment: ActorsGallery.zip
Size of attachment: 230,912 bytes
Read
the full Symantec report here
W32.Bobax.Z
Discovered June 03, 2005
Systems Affected: All Windows32 Systems
W32.Bobax.Z
is a mass-mailing worm that lowers security settings and allows a compromised
computer to be used as a covert proxy. The worm also sends an email to
addresses gathered from the compromised computer.
The worm
propagates by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability
(described in Microsoft Security Bulletin MS04-011).
Note: W32.Bobax.Z
is a minor variant of W32.Bobax.N.
Payload Trigger:
n/a
Payload: Modifies registry entries to lower security settings.
Large scale e-mailing: Creates a mass-mailing of itself.
Modifies files: Modifies the Hosts file.
Degrades performance: Creates a mass-mailing of itself, which may clog
mail servers or degrade network performance.
Compromises security settings: Lowers security settings by blocking access
to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: 31,232 bytes
Target of infection: Unpatched systems vulnerable to LSASS exploit - MS04-011.
Read
the full Symantec report here
W32.Mytob.DC@mm
Discovered June 03, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DC@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send email to addresses that it gathers from the compromised
computer. The worm also spreads by exploiting the Microsoft Windows DCOM
RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security
Bulletin MS03-026) and the Microsoft Windows Local Security Authority
Service Remote Buffer Overflow (as described in Microsoft Security Bulletin
MS04-011).
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Yes
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Read
the full Symantec report here
W32.Mytob.DD@mm
Discovered June 03, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DD@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer. The worm spreads
through the network by exploiting the Microsoft Windows DCOM RPC Interface
Buffer Overrun Vulnerability (described in Microsoft Security Bulletin
MS03-026) and the Microsoft Windows Local Security Authority Service Remote
Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Yes
Modifies files: Modifies the hosts file.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Ports: TCP port 10087
Read
the full Symantec report here
W32.Mytob.DF@mm
Discovered June 03, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DF@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
Opens a back door and downloads remote files.
Payload: n/a
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Modifies files: Modifies the hosts files to block access to several security-related
Web sites.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: Varies
Ports: TCP Port 7000
Read
the full Symantec report here
W32.Nopir.C
Discovered June 04, 2005
Systems Affected: All Windows32 Systems
W32.Nopir.C
is a worm that attempts to replicate itself through peer to peer applications
such as eMule, Kazaa, Morpheus, Gnucleus and to delete .MP3, .AVI, .MPG,
.MPEG and .RAR files.
Payload Trigger:
Upon execution
Payload: n/a
Deletes files: Deletes .MP3, .AVI, .MPG, .MPEG and .RAR files
Compromises security settings: Disables Task Manager, Registry Editor,
Control Panel, Windows Firewall, and Windows AutoUpdate
Distribution
Target of infection: Attempts to spread via file-sharing applications.
Read
the full Symantec report here
W32.Mytob.DG@mm
Discovered June 05, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DG@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Read
the full Symantec report here
W32.Mytob.DH@mm
Discovered June 05, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DH@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer.
The worm
spreads by exploiting the Microsoft Windows Local Security Authority Service
Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011)
and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
(described in Microsoft Security Bulletin MS03-026).
Payload Trigger:
n/a
Payload: Allows unauthorized remote access.
Large scale e-mailing: Sends email to addresses collected from the infected
computer.
Modifies files: Modifies the Hosts file.
Compromises security settings: Blocks access to various security related
web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: 52,224 bytes
Ports: TCP port 6667.
Read
the full Symantec report here
W32.Spybot.PKC
Discovered June 06, 2005
Systems Affected: All Windows32 Systems
W32.Spybot.PKC
is a network-aware worm that has distributed denial of service and back
door capabilities. The worm spreads through network shares protected by
weak passwords and by exploiting vulnerabilities.
Payload Trigger:
n/a
Payload: Opens a back door.
Deletes files: May delete network shares.
Releases confidential info: Installed keylogger may steal confidential
information.
Distribution
Ports: TCP ports 6394 and 445; UDP port 1433.
Target of infection: Exploits vulnerabilities.
Read
the full Symantec report here
W32.Mytob.DJ@mm
Discovered June 06, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DJ@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Uses it's own SMTP engine to send an email with
an embedded link.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends processes and stops services, some
of which may be security related.
Distribution
Subject of email: Varies
Name of attachment: There is no email attachment
Ports: TCP Port 7000
Read
the full Symantec report here
Download
the Removal Tool here
W32.Mytob.DL@mm
Discovered June 07, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DL@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends a copy of itself to addresses gathered from
the compromised computer.
Degrades performance: Downloads remote files, which may degrade performance.
Compromises security settings: Lowers security settings by ending processes
and blocking access to several Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP Port 4512.
Read
the full Symantec report here
Download
the Removal Tool here
W32.Mytob.DO@mm
Discovered June 07, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DO@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends a copy of itself to addresses gathered from
the compromised computer.
Compromises security settings: Lowers security settings by ending processes
and blocking access to several Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Read
the full Symantec report here
W32.Mytob.DP@mm
Discovered June 08, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DP@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to addresses gathered from
the compromised computer.
Modifies files: Modifies the hosts file.
Compromises security settings: Lowers security settings by ending processes
and blocking access to several Web sites.
Distribution
Name of attachment: Varies
Size of attachment: Varies
Time stamp of attachment: Varies
Read
the full Symantec report here
W32.Mytob.DV@mm
Discovered June 08, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DV@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Uses it's own SMTP engine to send an email with
an embedded link.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends processes and stops services, some
of which may be security related.
Distribution
Subject of email: Varies
Name of attachment: There is no email attachment
Ports: TCP port 6667
Read
the full Symantec report here
W32.Mytob.DY@mm
Discovered June 09, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.DY@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer.
The worm
spreads through the network by exploiting the Microsoft Windows Local
Security Authority Service Remote Buffer Overflow (as described in Microsoft
Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface
Buffer Overrun Vulnerability (described in Microsoft Security Bulletin
MS03-026).
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Sends a copy of itself to addresses gathered from
the compromised computer.
Modifies files: Modifies the hosts file.
Compromises security settings: Lowers security settings by ending processes
and blocking access to several Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: 385,024 bytes
Ports: TCP port 10087.
Read
the full Symantec report here
W32.Mytob.EB@mm
Discovered June 10, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EB@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to addresses gathered from
the compromised computer.
Modifies files: Modifies the hosts file.
Compromises security settings: Lowers security settings by ending processes
and blocking access to several Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Read
the full Symantec report here
W32.Mytob.EA@mm
Discovered June 10, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EA@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends processes and stops services, some
of which may be security related. Blocks access to security-related Web
sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP Port 4512
Read
the full Symantec report here
W32.Mytob.EC@mm
Discovered June 10, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EC@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts files.
Compromises security settings: Ends processes and stops services, some
of which may be security related. Blocks access to security-related Web
sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Read
the full Symantec report here
W32.Mytob.ED@mm
Discovered June 11, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.ED@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends processes and stops services, some
of which may be security related. Blocks access to security-related Web
sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 4512.
Read
the full Symantec report here
W32.Mytob.EE@mm
Discovered June 11, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EE@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends processes and stops services, some
of which may be security related. Blocks access to security-related Web
sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 9832.
Read
the full Symantec report here
W32.Mytob.EF@mm
Discovered June 12, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EF@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer. The worm spreads
through the network by exploiting the Microsoft Windows LSASS Buffer Overrun
Vulnerability (as described in Microsoft Security Bulletin MS04-011) and
the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
(as described in Microsoft Security Bulletin MS03-026).
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 10086 and 6667.
Read
the full Symantec report here
W32.Mytob.EG@mm
Discovered June 12, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EG@mm
is a mass-mailing worm that opens an IRC back door and lowers security
settings on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends processes and stops services, some
of which may be security related. Blocks access to security-related Web
sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 3030.
Read
the full Symantec report here
W32.Kedebe.D@mm
Discovered June 12, 2005
Systems Affected: All Windows32 Systems
W32.Kedebe.D@mm
is a mass-mailing worm that lowers security settings by ending processes
and preventing access to security-related Web sites.
Payload
Trigger: n/a
Payload: Lowers security settings.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Blocks access to security-related Web sites
and terminates processes.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: 64,000 bytes
Read
the full Symantec report here
W32.Mytob.EI@mm
Discovered June 13, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EI@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer.
The worm
spreads through the network by exploiting the Microsoft Windows Local
Security Authority Service Remote Buffer Overflow (as described in Microsoft
Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface
Buffer Overrun Vulnerability (described in Microsoft Security Bulletin
MS03-026).
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Uses its own SMTP engine to send emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: 47,680 bytes
Ports: TCP Port 7000
Read
the full Symantec report here
W32.Mytob.EJ@mm
Discovered June 13, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EJ@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer.
The worm
spreads through the network by exploiting the Microsoft Windows Local
Security Authority Service Remote Buffer Overflow (as described in Microsoft
Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface
Buffer Overrun Vulnerability (described in Microsoft Security Bulletin
MS03-026).
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Uses its own SMTP engine to send emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: 50,862 bytes
Ports: TCP Port 6667.
Read
the full Symantec report here
W32.Kelvir.DA
Discovered June 13, 2005
Systems Affected: All Windows32 Systems
W32.Kelvir.DA
is a worm that spreads a variant of W32.Randex through MSN Messenger.
Payload Trigger:
n/a
Payload: Downloads and executes a remote file.
Distribution
Target of infection: Spreads via MSN Messenger.
Read
the full Symantec report here
W32.Mytob.EH@mm
Discovered June 13, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EH@mm
is a mass-mailing worm that opens an IRC back door and lowers security
settings on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends a copy of itself as an email attachment.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends security-related processes and blocks
access to security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 5232.
Read
the full Symantec report here
W32.Mytob.EK@mm
Discovered June 13, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EK@mm
is a mass-mailing worm that opens an IRC back door and lowers security
settings on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends processes and stops services, some
of which may be security related. Blocks access to security-related Web
sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .pif, .scr, .exe, .bat, .cmd or .zip
extension.
Ports: TCP Port 5232
Read
the full Symantec report here
W32.Mytob.EO@mm
Discovered June 14, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EO@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Yes
Modifies files: Modifies the hosts file.
Compromises security settings: Ends the SharedAccess service in Windows
2000/XP.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Ports: TCP port 6667
Read
the full Symantec report here
W32.Kelvir.DE
Discovered June 14, 2005
Systems Affected: All Windows32 Systems
W32.Kelvir.DE
is a worm that spreads a variant of W32.Randex through MSN Messenger.
Payload Trigger:
n/a
Payload: Downloads and executes a variant of W32.Randex.
Distribution
Target of infection: MSN Messenger
Read
the full Symantec report here
W32.Mytob.EP@mm
Discovered June 14, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EP@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Yes
Modifies files: Adds entries to the hosts file.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Ports: TCP port 5232
Read
the full Symantec report here
W32.Mytob.EQ@mm
Discovered June 14, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EQ@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Yes
Modifies files: Modifies the hosts file.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Ports: TCP port 3030
Read
the full Symantec report here
W32.Mytob.ER@mm
Discovered June 14, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.ER@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Causes system instability: Ends processes.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 7000
Read
the full Symantec report here
W32.Kelvir.DD
Discovered June 14, 2005
Systems Affected: All Windows32 Systems
W32.Kelvir.DD
is a worm that spreads through MSN Messenger and drops a variant of W32.Randex.
Payload Trigger:
n/a
Payload: Downloads and executes a copy of W32.Randex.
Distribution
Ports: TCP port 8080
Target of infection: Spreads via MSN Messenger.
Read
the full Symantec report here
W32.Mytob.ES@mm
Discovered June 15, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.ES@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Uses it's own SMTP engine to send an email with
an email attachment.
Modifies files: Modifies the hosts file.
Compromises security settings: Ends processes and stops services, some
of which may be security related. Blocks access to security-related Web
sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Read
the full Symantec report here
W32.Mytob.ET@mm
Discovered June 15, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.ET@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Yes
Modifies files: Adds entries to the hosts file.
Compromises security settings: Ends processes and blocks access to security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: Varies
Ports: TCP port 3030
Read
the full Symantec report here
W32.Mytob.EV@mm
Discovered June 15, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EV@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Modifies files: Adds entries to the hosts file.
Compromises security settings: Ends processes and blocks access to security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Ports: TCP Port 8900
Read
the full Symantec report here
W32.Opanki.B
Discovered June 15, 2005
Systems Affected: All Windows32 Systems
W32.Opanki.B
is an IRC threat that may spread through AOL Instant Messenger.
Payload Trigger:
n/a
Payload: May download and execute arbitrary file.
Distribution
Ports: TCP port 8080
Target of infection: AOL Instant Messenger
Read
the full Symantec report here
W32.Mytob.EZ@mm
Discovered June 16, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EZ@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer. The worm spreads
through the network by exploiting the Microsoft Windows Local Security
Authority Service Remote Buffer Overflow (as described in Microsoft Security
Bulletin MS04-011).
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Modifies files: Modifies the hosts file.
Degrades performance: Downloads remote files, which may degrade performance.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 10087.
Read
the full Symantec report here
W32.Mytob.EY@mm
Discovered June 16, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.EY@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and executes remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Compromises security settings: Ends security-related processes and blocks
access to security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 6667.
Read
the full Symantec report here
W32.Mytob.FA@mm
Discovered June 16, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FA@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads and executes remote files.
Large scale e-mailing: Sends a copy of itself as an email attachment to
addresses gathered from the compromised computer.
Compromises security settings: Ends security-related processes and blocks
access to security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 6667.
Read
the full Symantec report here
W32.Mytob.FI@mm
Discovered June 17, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FI@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Compromises security settings: Ends processes and blocks access to security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 2817
Read
the full Symantec report here
VBS.Ypsan.G@mm
Discovered June 17, 2005
Systems Affected: All Windows32 Systems
VBS.Ypsan.G@mm
is a mass-mailing worm that sends itself to email addresses gathered from
the Windows Address Book and also spreads through file-sharing networks.
The worm deletes several files, folders, and registry entries, and attempts
to shut down the compromised computer.
Payload Trigger:
n/a
Payload: Lowers security settings and deletes files, folders, and registry
entries.
Distribution
Subject of email: Your Microsoft Firewall Help
Name of attachment: WINLOGON.vbs
Read
the full Symantec report here
W32.Beagle.BT@mm
Discovered June 18, 2005
Systems Affected: All Windows32 Systems
W32.Beagle.BT@mm
is a mass-mailing worm that uses its own SMTP engine to send out copies
of a Trojan.Tooso variant. The worm also opens a back door on the compromised
computer on TCP port 80.
Read
the full Symantec report here
W32.Mytob.FO@mm
Discovered June 19, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FO@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Sends emails.
Compromises security settings: Ends processes and blocks access to security-related
Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP Port 2094
Read
the full Symantec report here
W32.Femot.O
Discovered June 18, 2005
Systems Affected: All Windows32 Systems
W32.Femot.O
is a worm that propagates by copying itself to the ADMIN$ share on remote
systems.
Payload Trigger:
n/a
Payload: Opens a back door.
Compromises security settings: Allows unathorized remote access to a compromised
machine.
Distribution
Shared drives: Attempts to copy itself to the ADMIN$ share on remote systems.
Read
the full Symantec report here
W32.Mytob.FP@mm
Discovered June 20, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FP@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer.
The worm
spreads through the network by exploiting the Microsoft Windows Local
Security Authority Service Remote Buffer Overflow (as described in Microsoft
Security Bulletin MS04-011).
Payload Trigger:
n/a
Payload: Opens a back door and downloads remote files.
Large scale e-mailing: Sends email to addresses collected from the infected
computer.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: 51,200 bytes
Ports: TCP port 10087 and 12347.
Read
the full Symantec report here
W32.Mytob.FS@mm
Discovered June 21, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FS@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails
Compromises security settings: Ends processes and blocks security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 6667
Read
the full Symantec report here
W32.Mytob.FT@mm
Discovered June 21, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FT@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails
Compromises security settings: Ends processes and blocks security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 6667
Read
the full Symantec report here
W32.Mytob.FU@mm
Discovered June 22, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FU@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Compromises security settings: Ends security-related processes and blocks
access security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Ports: TCP port 6667.
Read
the full Symantec report here
W32.Mytob.FX@mm
Discovered June 23, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FX@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer. The worm spreads
through the network by exploiting the Microsoft Windows Local Security
Authority Service Remote Buffer Overflow (as described in Microsoft Security
Bulletin MS04-011).
Payload Trigger:
n/a
Payload: Opens a back door and downloads and executes remote files.
Large scale e-mailing: Sends a copy of itself as an email attachment to
addresses gathered from the compromised computer.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP ports 36311 and 10099.
Read
the full Symantec report here
W32.Mytob.FW@mm
Discovered June 23, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.FW@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads and executes remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 6667.
Read
the full Symantec report here
W32.Mytob.GA@mm
Discovered June 24, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GA@mm
is a mass-mailing worm that opens a back door on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails
Degrades performance: Mass-mailing may degrade performance.
Compromises security settings: Disables processes and blocks access to
security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 6663
Read
the full Symantec report here
W32.Mytob.GB@mm
Discovered June 24, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GB@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Sends emails
Compromises security settings: Disables processes and blocks access to
security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 27999
Read
the full Symantec report here
W32.Mytob.GC@mm
Discovered June 24, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GC@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Sends email
Degrades performance: Mass-mailing may degrade performance.
Compromises security settings: Disables processes and blocks access to
security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 7000
Read
the full Symantec report here
Trojan.Tooso.J
Discovered June 26,
2005
Systems Affected: All Windows32 Systems
Trojan.Tooso.J
is a Trojan horse that interferes with the operation of security software
by terminating processes, stopping services, removing registry entries,
and deleting files.
Payload Trigger:
n/a
Payload: May download and execute remote files.
Deletes files: Deletes files associated with security related programs.
Modifies files: Overwrites the hosts file.
Compromises security settings: Terminates processes and deletes files
associated with security related programs.
Distribution
Name of attachment: May arrive in an email with a .zip file attachment.
Read
the full Symantec report here
W32.Kelvir.DQ
Discovered June 26,
2005
Systems Affected: All Windows32 Systems
W32.Kelvir.DQ
is a worm that spreads through MSN Messenger.
Read
the full Symantec report here
W32.Mytob.GG@mm
Discovered June 26, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GG@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer. It also opens
a back door on TCP port 80, which allows the remote attacker to have unauthorized
access to the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends emails.
Compromises security settings: Ends processes and blocks access to security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .bat, .cmd, .exe, .pif or.scr extension.
Ports: TCP Port 6667.
Read
the full Symantec report here
W32.Filukin.A@mm
Discovered June 27, 2005
Systems Affected: All Windows32 Systems
W32.Filukin.A@mm
is a mass-mailing worm that sends a copy of itself to email addresses
gathered from the compromised computer. The worm also attempts to lower
security settings on the compromised computer.
Payload Trigger:
n/a
Payload: Lowers security settings
Large scale e-mailing: Sends emails to gathered addresses.
Compromises security settings: Attempts to close windows that may be security-related.
Distribution
Subject of email: Varies
Name of attachment: Varies
Read
the full Symantec report here
W32.Kelvir.DR
Discovered June 27,
2005
Systems Affected: All Windows32 Systems
W32.Kelvir.DQ
is a worm that spreads through MSN Messenger.
Payload Trigger:
n/a
Payload: Attempts to download and execute a remote file.
Distribution
Target of infection: MSN Messenger
Read
the full Symantec report here
W32.Alcra.B
Discovered June 27,
2005
Systems Affected: All Windows32 Systems
W32.Alcra.B
is a worm that propagates through file-share networks and attempts to
disable several programs on the compromised computer.
Payload Trigger:
n/a
Payload: May cause Computer instability.
Causes system instability: Attempts to disable several programs.
Distribution
Target of infection: Spreads through various file-sharing networks.
Read
the full Symantec report here
W32.Spybot.RBY
Discovered June 27,
2005
Systems Affected: All Windows32 Systems
W32.Spybot.RBY
is a worm that opens a back door on the compromised computer. It attempts
to spread by exploiting various vulnerabilities and network shares with
weak passwords.
Payload Trigger:
n/a
Payload: Opens a back door.
Compromises security settings: Modifies the registry and lowers security
settings.
Distribution
Target of infection: Spreads to network shares protected by weak passwords
and by exploiting vulnerabilities.
Read
the full Symantec report here
W32.Mytob.GJ@mm
Discovered June 28, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GJ@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends email.
Compromises security settings: Disables security-related processes and
blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 9000.
Read
the full Symantec report here
W32.Mytob.GK@mm
Discovered June 28, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GK@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends email.
Compromises security settings: Disables security-related processes and
blocks access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 9000.
Read
the full Symantec report here
W32.Kelvir.DT
Discovered June 28,
2005
Systems Affected: All Windows32 Systems
W32.Kelvir.DT
is a worm that spreads through MSN Messenger and drops a W32.Randex variant.
Payload Trigger:
n/a
Payload: Drops a variant of W32.Randex.
Distribution
Target of infection: MSN Messenger
Read
the full Symantec report here
W32.Mydoom.CF@mm
Discovered June 28,
2005
Systems Affected: All Windows32 Systems
W32.Mydoom.CF@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Sends emails.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .pif, .scr, .exe, .cmd, .bat or .zip
extension.
Size of attachment: 32,256 bytes
Read
the full Symantec report here
W32.Spybot.RDW
Discovered June 29,
2005
Systems Affected: All Windows32 Systems
W32.Spybot.RDW
is a worm that has distributed denial of service and back door capabilities.
The worm spreads to network shares protected by weak passwords and by
exploiting computer vulnerabilities.
Payload Trigger:
n/a
Payload: Opens a back door.
Degrades performance: Scans the network for vulnerable hosts by means
of port scanning
Causes system instability: List, stop, and start processes and threads
Distribution
Ports: TCP port 4564
Read
the full Symantec report here
W32.Mytob.GM@mm
Discovered June 29, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GM@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Sends email.
Compromises security settings: Disables processes and blocks access to
security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: There is no attachment. The worm spreads through a
link in the email message.
Ports: TCP port 12000
Read
the full Symantec report here
W32.Kelvir.DU
Discovered June 29,
2005
Systems Affected: All Windows32 Systems
W32.Kelvir.DU
is a worm that spreads through MSN Messenger.
Payload Trigger:
n/a
Payload: Attempts to download a malicious program.
Distribution
Target of infection: MSN Messenger
Read
the full Symantec report here
W32.Mytob.GN@mm
Discovered June 29, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GN@mm
is a mass-mailing worm that has back door capabilities and uses its own
SMTP engine to send an email to addresses that it gathers from the compromised
computer.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends email.
Compromises security settings: Disables processes and blocks access to
security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 12000
Read
the full Symantec report here
W32.Toxbot.C
Discovered June 30, 2005
Systems Affected: All Windows32 Systems
W32.Toxbot.C
is a worm that opens an IRC back door on the compromised computer and
spreads by exploiting vulnerabilities.
Payload Trigger:
n/a
Payload: Allows unauthorized remote access.
Distribution
Ports: TCP port 6556
Target of infection: Targets unsecure systems by exploit common vulnerabilities.
Download
the Removal Tool here
Read
the full Symantec report here
W32.Mytob.GP@mm
Discovered June 30, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GP@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads a copy of Backdoor.Ranky.U.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
file extension.
Size of attachment: 33,411 bytes
Ports: TCP port 3344.
Read
the full Symantec report here
|
If you came to this page directly, click the icon at the left to be taken to our Home Page 
