If you came to this page directly, click the icon at the left to be taken to our Home Page| If you came to this page directly, click the icon at the left to be taken to our Home Page |
||||
|
|
||||
|
|
July 2004 Select the links for detailed information and removal tools for the latest viruses
|
|
|
W32.Lovgate.X@mm W32.Lovgate.X@mm is a variant of W32.Lovgate@mm. This mass-mailing worm attempts to email itself to all the email addresses that it finds on a computer. The "sender"
of the email is spoofed, and the subject line and message body of the
email vary. Large scale
e-mailing: Attempts to reply to incoming email messages Read the full Symantec report here W32.Lovgate.Y@mm W32.Lovgate.Y@mm is a mass-mailing worm that also propagates through open network shares. It allows an attacker to access your computer. The email will have a variable subject and a file attachment with a .bat, .cmd, .exe, .pif, .scr, or .zip file extension. Large scale e-mailing: Sends itself to all the contacts of the Windows Address Book and the Outlook Address Book, and to the email addresses that it finds from the files with extension .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php, .sht, and .htm.Modifies files: Renames .exe files to .zmx. Compromises security settings: Terminates processes belonging to various antivirus programs. Name of attachment: Varies with .bat, .cmd, .exe, .pif, .scr, or .zip as the extension. Ports: TCP 6000 Shared drives: Copies itself to network-shared folders. Target of infection: Copies itself to KaZaA-shared folder. Read the full Symantec report here Download the removal tool here W32.Korgo.W W32.Korgo.W is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. This variant also attempts to download and execute a file from a remote Web site. Degrades
performance: Network propagation routines may degrade overall network
performance. Read the full Symantec report here W32.Evaman@mm
W32.Evaman@mm is a mass-mailing worm that spreads to addresses found at the website email.people.yahoo.com. This worm arrives as an attachment with a .exe or .scr extension. Note: Symantec Consumer products that support Worm Blocking functionality automatically detect this threat as it attempts to spread. Read the full Symantec report here W32.Mota.A W32.Mota.A is a worm that propagates by sending itself to email addresses gathered from the computer. Large scale e-mailing: Mails itself to addresses gathered from an infected system.Degrades performance: Mass-mailing may degrade system and network performance. Ports: Attempts to connect to IRC servers using port 6667 Read the full Symantec report here W32.Beagle.Y@mm W32.Beagle.Y@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1234. Degrades performance: Mass-mailing of itself may clog mail servers or degrade network performance.Causes system instability: Mass-mailing may impact system performance. Compromises security settings: Allows unauthorized remote access to a compromised host. Ports: Opens backdoor on TCP port 1234 Read the full Symantec report here W32.Beagle.Z@mm W32.Beagle.Z@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1234. Degrades performance: Mass-mailing may clog mail servers or degrade network performance.Causes system instability: Mass-mailing may impact system performance. Compromises security settings: Allows unauthorized remote access to a compromised host. Ports: Opens backdoor on TCP port 1234 Read the full Symantec report here W32.Lovgate.Z@mm W32.Lovgate.Z@mm is a mass-mailing worm that also spreads through open network shares. The email will have a variable subject and file attachment name, with a .bat, .exe, .pif, or .scr file extension. Large scale
e-mailing: Attempts to reply to incoming email messages Read the full Symantec report here W32.Lovgate.AB@mm W32.Lovgate.AB@mm is mass-mailing worm that also spreads through open network shares. Once a system is infected, it can be accessed by a remote attacker. The email will have a variable subject and a file attachment with an .exe, .pif, .scr,.com,. rar or .zip file extension.The worm also infects other Windows executable(.exe) files Large scale
e-mailing: Attempts to reply to incoming email messages Read
the full Symantec report here
VBS.Gaggle.E@mm VBS.Gaggle.E is a variant of VBS.Gaggle.D. It is a mass-mailing worm that overwrites several files. This worm can infect the following file types: .vbs
The From
field of the email is spoofed, the subject line and message vary, and
the attachment is Filezip.zip. Read the full Symantec report here W32.Korgo.X W32.Korgo.X is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. This variant
also attempts to download and execute a file from a remote Web site. Releases confidential info: Backdoor functionality allows unauthorized access. Compromises security settings: Backdoor functionality may compromise security settings. Ports: TCP port 445 and a random port. Target of infection: Unpatched computers vulnerable to the Microsoft LSASS Windows exploit. Read the full Symantec report here W32.Hardoc@mm W32.Hardoc@mm is a mass-mailing worm that sends itself to email addresses found in .html files and the Windows address book on the infected computer. This worm uses the Incorrect MIME Header vulnerability (described in Microsoft Security Bulletin MS01-020) to allow the automatic execution of the attachment on an unpatched computer. The email has the following characteristics: Subject: (One of the following) Re: Read
the full Symantec report here
W32.Lemoor.A W32.Lemoor.A
is a worm that spreads by exploiting a vulnerability in the FTP server
component of the W32.Sasser family of worms. Degrades
performance: Network propagation routines may degrade overall network
performance. Read the full Symantec report here W32.Beagle.AA@mm W32.Beagle.AA@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1234. The worm is functionally similar to W32.Beagle.X@mm and is packed with FSG. Degrades
performance: Mass-mailing may clog mail servers or degrade network performance.
Read
the full Symantec report here
W32.Lovgate.AD@mm W32.Lovgate.AD@mm is a mass-mailing worm that spreads using the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026), and through open network shares. The email has a variable subject and attachment. The attachment will have a .bat, .exe, .pif, or .scr file extension. The worm infects executable files and allows unauthorized remote access to an infected computer. Read
the full Symantec report here
W32.Lovgate.AC@mm W32.Lovgate.AC@mm is a mass-mailing worm that spreads using the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026), and through open network shares. The email has a variable subject and attachment name. The attachment will have a .bat, .exe, .pif, or .scr file extension. The worm infects executable files and allows unauthorized remote access to the infected computer. Read
the full Symantec report here W32.Atak@mm W32.Atak@mm is a mass-mailing worm that spreads by sending itself to email addresses gathered from the infected computer.
Subject: Read the
Result! Attachment:
Read
the full Symantec report here W32.Beagle.AB@mm W32.Beagle.AB@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1234. The email will have a variable subject and a file attachment. The attachment will have a .com, .cpl, .exe, .hta, .scr, .vbs, or .zip file extension. The worm is functionally similar to W32.Beagle.X@mm and is packed with UPX. Large scale
e-mailing: Sends email to addresses collected from the compromised host.
Read the full Symantec report here W32.Beagle.AC@mm W32.Beagle.AC@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1080. The email's subject line, body, and attachment name vary. The attachment will have a .com, .cpl, .exe, .hta, .scr, .vbs, or .zip file extension. Large scale e-mailing: Sends email to addresses collected from the infected computer.Degrades performance: Mass-mailing may clog mail servers or degrade network performance. Compromises security settings: Terminates processes associated with various security related programs. Allows unauthorized remote access to a compromised host. Subject of email: Varies Name of attachment: Varies, with a .com, .cpl, .exe, .scr, or .zip file extension. Size of attachment: Varies Ports: TCP port 1080 Read
the full Symantec report here W32.Gaobot.AZT W32.Gaobot.AZT is repacked variant of W32.Gaobot.WO. It attempts to spread through network shares that have weak passwords. It also allows attackers to access an infected computer through a predetermined IRC channel. The worm uses multiple vulnerabilities to spread, including:
Compromises
security settings: Terminates processes associated with security software.
Allows unauthorized remote access. Read the full Symantec report here W32.Mydoom.L@mm W32.Mydoom.L@mm is mass-mailing worm that uses its own SMTP engine to send itself to all the email addresses that it finds from the infected system. The email has an attachment with a .bat, .cmd, .com, .exe, .pif, or .scr extension. The worm also contains keylogging capabilities. The From field of the email is spoofed. It also acts as a backdoor on infected systems. Large scale
e-mailing: Uses its own SMTP engine to send itself to the email addresses
found in files with certain extensions. Read
the full Symantec report here
W32.Beagle.AG@mm W32.Beagle.AG@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1080. The subject line, body, and attachment name of the email vary. The attachment will have a .com, .cpl, .exe, .scr, or .zip file extension. If the file attachment is a .zip file, it will be password protected. Large scale
e-mailing: Sends email to the addresses collected from an infected computer.
Read the full Symantec report here W32.Agist.A@mm
The W32.Agist.A@mm mass-mailing worm: Scans fixed
and RAM drives. Large scale
e-mailing: Sends email to the addresses collected from an infected computer.
Read
the full Symantec report here
Backdoor.Agent.B Backdoor.Agent.B is a backdoor that installs a DLL (Dynamic Link Library) on the affected computer when a user visits certain malicious web sites. This DLL allows other malicious programs to use the exported functions. Releases confidential info: May be used by a malicious program to export system information from the victim's machine.Read the full Symantec report here W32.Beagle.AH@mm W32.Beagle.AH@mm mass-mailing worm: Uses its own SMTP engine to spread through email. The email will have a variable subject and a file attachment, which will have a .com, .cpl, .exe, .hta, .scr, .vbs, or .zip file extension. Opens a backdoor
on TCP port 1234. Large scale
e-mailing: Sends itself to the email addresses that it finds in the files
on the computer. Read
the full Symantec report here
Backdoor.Zincite.A Backdoor.Zincite.A is a backdoor server program that allows unauthorized remote access to a compromised computer. It runs on TCP port 1034. This Trojan is dropped by W32.Mydoom.M@mm. Read the full Symantec report here W32.Mydoom.M@mm The W32.Mydoom.M@mm
mass-mailing worm: For example, the attachment name could contain fakedomain.com if the address x@fakedomain.com was harvested.
Read the full Symantec report here Download the Removal Tool here W32.Zindos.A W32.Zindos.A is a worm that performs a Denial of Service (DoS) attack against the domain, microsoft.com. The worm spreads through the backdoor that Backdoor.Zincite.A opens on TCP port 1034. Due to bugs in the code, when a system that is infected with Backdoor.Zincite.A becomes infected with W32.Zindos.A, an infinite infection loop is entered, with each infection of W32.Zindos.A re-infecting the system. This may cause the system to become slow and unresponsive. Note: Backdoor.Zincite.A is a backdoor Trojan horse that W32.Mydoom.M@mm drops. Read
the full Symantec report here
W32.Mits.A@mm W32.Mits.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected host. The worm alters many system settings, including registry editing to make it difficult to remove. Read
the full Symantec report here
W32.Korgo.Z W32.Korgo.Z is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. Degrades
performance: Network propagation routines may degrade overall network
performance. Read the full Symantec report here W32.Lovgate.AK@mm W32.Lovgate.AK@mm is a variant of W32.Lovgate.W@mm that: Attempts
to reply to all the email messages in the Microsoft Outlook inbox. The From
line of the email is spoofed and the Subject and the Message vary. The
attachment name also varies, with a .bat, .cmd, .exe, .pif, or .scr file
extension. The worm may also send a .zip file containing the attachment. Large scale
e-mailing: Sends itself to all the contacts of the Windows Address Book
and the Outlook Address Book, and to the email addresses that it finds
in files that have the .txt, .pl, .wab, .adb, .tbb, .dbx, .asp, .php,
.sht, and .htm. extensions. Read
the full Symantec report here
W32.Mota.B@mm W32.Mota.B@mm is a worm that propagates by sending itself to the email addresses gathered from the system. The email has a variable subject and attachment name. The attachment will have a .txt, .scr, or .zip file extension. Large scale e-mailing: Mails itself to the addresses gathered from an infected system.Degrades performance: Mass-mailing may degrade system and network performance. Subject of email: Varies Name of attachment: Varies Size of attachment: 32,768 bytes Ports: Attempts to connect to IRC servers using port 6667. Read
the full Symantec report here
W32.Mydoom.N@mm W32.Mydoom.N@mm is a variant of W32.Mydoom.M@mm. It also is a mass-mailing worm that drops and executes a backdoor detected as Backdoor.Zincite.A, which listens on TCP port 1034. The worm uses its own SMTP engine to send itself to email addresses it finds on the infected computer.
Degrades performance: Mass-mailing may clog mail servers or degrade network performance. Compromises security settings: The dropped Backdoor allows unauthorized remote access. Subject of email: Varies Name of attachment: Varies with .cmd, .bat, .com, .exe, .pif, .scr, or .zip file extension.n/a Size of attachment: Varies Ports: TCP 1034 Read the full Symantec report here W32.Bugbros.C@mm W32.Bugbros.C@mm is a minor variant of W32.Bugbros.B@mm. It is a simple mass-mailing worm that sends itself to all of the addresses in the Microsoft® Outlook® Address Book. The email has the following characteristics: Subject:
New products Creates the following email message: From: support@microsoft.com "Hi, Attachment: Twunk_64.exe Read
the full Symantec report here
|
|
|
©
Copyright 1999 - 2004 The Computer Wizard
|
||||
