|
July
2005
Select
the links for detailed information and removal tools for the latest viruses
Looking
for a better AntiVirus / Spyware solution?
We use AVG Professional. Download it here
W32.Bratle.A 7/31/05 2
W32.Mytob.IM 7/31/05 2
W32.Mytob.IK 7/29/05 2
W32.Rants.C 7/25/05 2
W32.Mytob.IH 7/25/05 2
W32.Mytob.IG 7/25/05 2
W32.Opanki.D 7/21/05 2
W32.Mytob.IE 7/21/05 2
W32.Gavgent.A 7/20/05 2
Trojan.Kirvo.B 7/20/05 2
W32.Mytob.IC 7/19/05 2
W32.Mytob.IA 7/18/05 2
W32.Beagle.BW 7/16/05 2
W32.Reatle.C 7/15/05 2
W32.Kelvir.FK 7/15/05 2
W32.Kelvir.FJ 7/15/05 2
W32.Looked.E 7/15/05 2
W32.Rants.B 7/15/05 2
W32.Reatle 7/15/05 2
W32.Mytob.HM 7/14/05 2
W32.Kelvir.ER 7/13/05 2
W32.Kedebe.E 7/12/05 2
W32.Mytob.HI 7/11/05 2
W32.Mytob.HG 7/11/05 2
W32.Rants.A 7/10/05 2
W32.Mytob.GU 7/07/05 2
W32.Mytob.GT 7/06/05 2
W32.Netsky.AL 7/06/05 2
W32.Alcra.C 7/04/05 2
W32.Bobax.AA 7/04/05 2
W32.Kelvir.DY 7/02/05 2
W32.Kelvir.DY
Discovered July 02,
2005
Systems Affected: All Windows32 Systems
W32.Kelvir.DY
is a worm that spreads through MSN Messenger and downloads a variant of
W32.Randex.
Payload Trigger:
n/a
Payload: Drops a variant of W32.Randex.
Read
the full Symantec report here
W32.Bobax.AA
Discovered
July 04, 2005
Systems Affected: All Windows32 Systems
W32.Bobax.AA
is a mass-mailing worm that sends itself to addresses gathered from the
compromised computer as well as from search results on Google and Accoona.
It also operates as a covert proxy.
Payload Trigger:
n/a
Payload: Opens a back door.
Large scale e-mailing: Sends email.
Compromises security settings: Ends processes, some of which may be security-related.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: Random port numbers.
Read
the full Symantec report here
W32.Alcra.C
Discovered
July 04, 2005
Systems Affected: All Windows32 Systems
W32.Alcra.C
is a worm that spreads through file-share networks and attempts to disable
several programs on the compromised computer.
Payload Trigger:
n/a
Payload: n/a
Degrades performance: Disables several programs.
Compromises security settings: n/a
Distribution
Target of infection: Spreads through file-share networks.
Read
the full Symantec report here
W32.Netsky.AL@mm
Discovered
July 06, 2005
Systems Affected: All Windows32 Systems
W32.Netsky.AL@mm
is a mass-mailing worm that sends itself to email addresses it gathers
from the compromised computer. The worm also ends some security-related
processes.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Sends emails.
Compromises security settings: Ends processes of some security-related
programs.
Distribution
Subject of email: Varies
Name of attachment: Varies
Read
the full Symantec report here
W32.Mytob.GT@mm
Discovered
July 06, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GT@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Yes
Compromises security settings: Ends processes and blocks access to security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies
Read
the full Symantec report here
W32.Mytob.GU@mm
Discovered
July 06, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.GU@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads and executes remote files.
Large scale e-mailing: Sends email to addresses gathered from the compromised
computer.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP port 8080.
Read
the full Symantec report here
W32.Rants.A@mm
Discovered
July 10, 2005
Systems Affected: All Windows32 Systems
W32.Rants.A@mm
is a mass-mailing worm that spreads using Microsoft Outlook and America
Online user interface. It also lowers security settings by ending security-related
processes and by disabling several Windows security features
Payload Trigger:
n/a
Payload: n/a
Large scale e-mailing: Sends a copy of itself to all email addresses in
Microsoft Outlook address book.
Modifies files: Disables the Windows task manager and registry editing
tools.
Causes system instability: Ending many processes may cause system instability.
Compromises security settings: Lowers security settings by ending security-related
processes and disabling several Windows security fearures.
Distribution
Subject of email: Fwd: Microsoft SP2 Update
Name of attachment: SP2 UPDATE.EXE
Read
the full Symantec report here
W32.Mytob.HG@mm
Discovered
July 11, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.HG@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door that allows a remote attacker to have unauthorized
access to the compromised computer.
Large scale e-mailing: Sends emails.
Modifies files: Modifies the hosts file.
Compromises security settings: Blocks access to security-related Web sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP Port 7745
Read
the full Symantec report here
W32.Mytob.HH@mm
Discovered
July 11, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.HH@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads remote files.
Large scale e-mailing: Sends a copy of itself as an attachment to email
addresses gathered from the compromised computer.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
Ports: TCP ports 26418 and 5000.
Read
the full Symantec report here
W32.Mytob.HI@mm
Discovered
July 11, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.HI@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads remote files.
Large scale e-mailing: Sends a copy of itself as an attachment to email
addresses gathered from the compromised computer.
Modifies files: Modifies the hosts file to block access security-related
Web sites.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies.
Name of attachment: Varies with a .bat, .cmd, .exe, .pif, .scr, or .zip
extension.
Ports: TCP port 8076.
Read
the full Symantec report here
W32.Kedebe.E@mm
Discovered
July 12, 2005
Systems Affected: All Windows32 Systems
W32.Kedebe.E@mm
is a mass-mailing worm that lowers security settings by deleting files,
ending processes, and preventing access to security-related Web sites.
Payload Trigger:
n/a
Payload: Deletes files, which may degrade performance.
Large scale e-mailing: Sends email to addresses gathered from the compromised
computer.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: 53,567 bytes
Read
the full Symantec report here
W32.Kelvir.ER
Discovered July 13,
2005
Systems Affected: All Windows32 Systems
W32.Kelvir.ER
is a worm that attempts to spread through MSN Messenger.
Payload Trigger:
n/a
Payload: Attempts to download and execute remote files.
Distribution
Target of infection: Spreads through MSN Messenger.
When W32.Kelvir.ER
is executed, it performs the following actions:
The worm
sends the following message to all the MSN Messenger contacts on the compromised
computer:
i think you'll
need to see this funny clip of me and my mother
[http://]www.transmissiondirectory.com/[REMOVED]/shows.php?dir=media&clip=471
Note:
If the recipient clicks on the URL above, a file named gtN.exe, a copy
of the virus, may be downloaded and executed.
At the time of writing, the above URL generated a 404 File not found error.
Read
the full Symantec report here
W32.Mytob.HM@mm
Discovered
July 14, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.HM@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads and executes remote files.
Large scale e-mailing: Sends email to addresses gathered from the compromised
computer.
Compromises security settings: Blocks access to security-related Web sites
and ends security-related processes.
Distribution
Subject of email: Varies.
Name of attachment: Varies with a .pif, .scr, .exe, .cmd, .bat or .zip
extension.
Ports: TCP port 6663.
Read
the full Symantec report here
W32.Reatle@mm
Discovered
July 15,
2005
Systems Affected: All Windows32 Systems
W32.Reatle@mm
is a mass-mailing worm that opens a back door and attempts to propagate
by exploiting the Microsoft Windows Local Security Authority Service Remote
Buffer Overflow (as described in Microsoft Security Bulletin MS04-011)
on TCP port 445.
Payload Trigger:
n/a
Payload: Lowers security settings.
Large scale e-mailing: Uses its own SMTP engine to send itself to the
email addresses that it finds.
Degrades performance: System performance may be degraded when a denial
of service attack is taking place.
Compromises security settings: Disables several Windows security features.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .scr, .bat, .exe, .cpl or .pif extension.
Ports: TCP port 8885 and port 1052.
Read
the full Symantec report here
W32.Rants.B@mm
Discovered
July 15,
2005
Systems Affected: All Windows32 Systems
W32.Rants.B@mm
is a mass-mailing worm that spreads using Microsoft Outlook, MSN Messenger
and the America Online user interface. It also ends security-related processes
and disables Windows security features.
Payload Trigger:
n/a
Payload: Lowers security settings.
Large scale e-mailing: Uses Microsoft Outlook to send a copy of itself
to all email addresses gathered.
Degrades performance: Spreads through emails which may degrade performance.
Compromises security settings: Disables processes and blocks access to
security-relatedWeb sites
Distribution
Subject of email: Varies
Name of attachment: Varies
Target of infection: MSN Messenger or America Online user interface
Read
the full Symantec report here
W32.Looked.E
Discovered
July 15,
2005
Systems Affected: All Windows32 Systems
W32.Looked.E
is a worm that spreads through network shares and attempts to infect .exe
files. It also lowers security settings and downloads and executes a remote
file.
Payload Trigger:
n/a
Payload: Downloads a remote file.
Modifies files: Prepends itself to .exe files.
Compromises security settings: Ends security-related processes.
Distribution
Target of infection: Spreads through network shares.
Read
the full Symantec report here
W32.Kelvir.FJ
Discovered July 15,
2005
Systems Affected: All Windows32 Systems
W32.Kelvir.FJ
is a worm that spreads through MSN Messenger.
Payload:
Redirects a user to a potentially malicious Web site.
Distribution
Target of infection: Attempts to spread via MSN Messenger.
When W32.Kelvir.FJ
is executed, it performs the following actions:
Sends the
following message to all the MSN Messenger contacts on the compromised
computer:
[http://]chatpr.org/[REMOVED]msn.php?email=[EMAIL
ADDRESS]
hey, come chat with all of us, k?
If a user
clicks on the above link, the worm will download a remote file and save
it as [EMAIL ADDRESS]. At the time of writing, the above URL was unavailable.
Note: [EMAIL ADDRESS] is the address of the recipient from their MSN
profile.
Read
the full Symantec report here
W32.Kelvir.FK
Discovered July 15,
2005
Systems Affected: All Windows32 Systems
W32.Kelvir.FK
is a worm that spreads through MSN Messenger and drops a copy of W32.Spybot.Worm.
Payload Trigger:
n/a
Payload: Drops and executes a variant of W32.Spybot.Worm.
Distribution
Target of infection: MSN Messenger
When W32.Kelvir.FJ
is executed, it performs the following actions:
Sends the
following message to all the MSN Messenger contacts on the compromised
computer:
[http://]www.a11serv.com/[REMOVED]/pics.php?data=[EMAIL
ADDRESS]
Is this your picture?
Note: [EMAIL
ADDRESS] is the email address of the recipient taken from their MSN profile.
If a recipient clicks on the URL above a copy of W32.Kelvir.FK will be
downloaded and executed on the compromised computer.
Read
the full Symantec report here
W32.Reatle.C@mm
Discovered
July 15,
2005
Systems Affected: All Windows32 Systems
W32.Reatle.C@mm
is a variant of W32.Reatle@mm, and is a mass-mailing worm that opens a
back door and attempts to spread by exploiting the Microsoft Windows LSASS
Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011) on
TCP port 445.
It also downloads a copy W32.Rants.B@mm and a variant of W32.Spybot.Worm.
Payload Trigger:
n/a
Payload:
Large scale e-mailing: Sends emails to email addresses gathered from the
compromised computer.
Degrades performance: System performance may be degraded when a denial
of service attack is taking place.
Compromises security settings: Disables various Windows security features.
Distribution
Subject of email: Varies.
Name of attachment: Varies with a .scr, .bat, .exe, .cpl or .pif extension.
Ports: Port 8885.
Target of infection: Spreads to other computers by exploiting a vulnerability.
Read
the full Symantec report here
W32.Beagle.BW@mm
Discovered
July 16, 2005
Systems Affected: All Windows32 Systems
W32.Beagle.BW@mm
is a mass-mailing worm that uses its own SMTP engine to send out copies
of Trojan.Tooso.J. The worm also opens a back door on the compromised
computer on TCP port 80.
Payload Trigger:
n/a
Payload: Opens a back door, which may allow the compromised computer to
act as a proxy server.
Large scale e-mailing: Sends email using its own SMTP engine.
Degrades performance: Mass-mailing may clog mail servers or degrade system
and network performance.
Distribution
Subject of email: The subject line is blank.
Name of attachment: Varies with a .zip extension.
Ports: TCP Port 80.
Read
the full Symantec report here
W32.Mytob.IA@mm
Discovered
July 18, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.IA@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door
Large scale e-mailing: Sends email using its own SMTP engine. .
Degrades performance: Mass-mailing may clog mail servers or degrade system
and network performance.
Compromises security settings: Lowers security settings by terminating
security-related processes and blocking access to security-related Web
sites.
Distribution
Subject of email: Varies.
Name of attachment: Varies.
The email
will have the following characteristics:
From:
The From address is spoofed and may be an address gathered from the compromised
computer.
Subject:
One of the following:
You have
successfully updated your password
Your new account password is approved
Your password has been successfully updated
Your password has been updated.
Security measures
WARNING MESSAGE: YOUR SERVICES NEAR TO BE CLOSED
YOUR ACCOUNT IS SUSPENDED FOR SECURITY REASONS
Read
the full Symantec report here
W32.Mytob.IC@mm
Discovered
July 19, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.IC@mm
is a mass-mailing worm that opens a back door and lowers security settings.
Payload Trigger:
Opens a back door
Payload: n/a
Large scale e-mailing: Sends email using its own SMTP engine
Degrades performance: Mass-mailing may clog mail servers or degrade system
and network performance.
Compromises security settings: Lowers security settings
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 6667
Read
the full Symantec report here
Trojan.Kirvo.B
Discovered
July 20, 2005
Systems Affected: All Windows32 Systems
Trojan.Kirvo.B
is a Trojan that sends a malicious URL to MSN Messenger contacts.
Payload Trigger:
n/a
Payload: Sends a malicious URL to MSN Messenger contacts
Distribution
Target of infection: Sends a link to contacts in MSN Messenger.
When Trojan.Kirvo.B
is executed, it performs the following actions:
Sends the
following message and URL to all MSN Messenger contacts on the compromised
computer:
thats life
day for you and the rest of days on you hehe
[http://]KillingTime.dynu.net/[REMOVED]Images.php?pic=0017&sec=badluck
Downloads
a variant of Backdoor.Sdbot onto the compromised computer, if the recipient
clicks the URL.
Read
the full Symantec report here
W32.Gavgent.A
Discovered
July 20, 2005
Systems Affected: All Windows32 Systems
W32.Gavgent.A
is a network-aware worm that frequently restarts the compromised computer.
Payload Trigger:
n/a
Payload: Disables several Windows security features.
Compromises security settings: Ends security-related processes.
Read
the full Symantec report here
W32.Mytob.IE@mm
Discovered
July 21, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.IE@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Downloads and executes files.
Large scale e-mailing: Sends emails to addresses gathered from the compromised
computer.
Compromises security settings: Ends processes and blocks access to security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: 35,603 bytes
Ports: TCP port 1863
Read
the full Symantec report here
Download
the Removal Tool here
W32.Opanki.D
Discovered
July 21, 2005
Systems Affected: All Windows32 Systems
W32.Opanki.D
is a worm that connects to a remote server and sends a malicious URL through
AOL Instant Messenger.
Payload Trigger:
n/a
Payload: The Trojan attempts to download and execute files from a remote
Web site.
Distribution
Ports: TCP port 4888
Read
the full Symantec report here
W32.Mytob.IG@mm
Discovered
July 25, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.IG@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door that allows a remote attacker to have unauthorized
access to the compromised computer.
Large scale e-mailing: Sends emails to addresses gathered from the compromised
computer.
Compromises security settings: Ends processes and blocks access to security-related
Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP Port 6667
Read
the full Symantec report here
W32.Mytob.IH@mm
Discovered
July 25, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.IH@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door and downloads and executes remote files.
Large scale e-mailing: Sends a copy of itself to email addresses gathered
from the compromised computer.
Compromises security settings: Lowers security settings by ending security-related
processes and blocking access to security-related Web sites.
Distribution
Subject of email: Varies
Name of attachment: Varies
Ports: TCP port 31113.
Read
the full Symantec report here
W32.Rants.C@mm
Discovered
July 25, 2005
Systems Affected: All Windows32 Systems
W32.Rants.C@mm
is a mass-mailing worm that spreads using Collaboration Data Objects (CDO)
and the America Online user interface. It also ends security-related processes
and disables Windows security features.
Payload Trigger:
n/a
Payload: Lowers security settings
Large scale e-mailing: Sends emails to addresses gathered from the compromised
computer.
Compromises security settings: Disables Windows security features and
ends processes, some of which may be security-related.
Distribution
Subject of email: Varies
Name of attachment: update32.exe
Target of infection: America Online user interface
Read
the full Symantec report here
W32.Mytob.IK@mm
Discovered
July 29, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.IK@mm
is a mass-mailing worm that opens a back door and lowers security settings
on the compromised computer.
Payload Trigger:
n/a
Payload: Opens a back door that allows a remote attacker to have unauthorized
access to the compromised computer.
Large scale e-mailing: Sends emails to addresses gathered from the compromised
computer.
Modifies files: Modifies the hosts file.
Compromises security settings: Lowers security settings by ending security-related
processes and blocking access to security-related Web sites.
Distribution
Subject of
email: Varies
Name of attachment: Varies
Ports: TCP Port 8881
Read
the full Symantec report here
W32.Mytob.IM@mm
Discovered
July 31, 2005
Systems Affected: All Windows32 Systems
W32.Mytob.IM@mm
is a mass-mailing worm that uses its own SMTP engine to send an email
to addresses that it gathers from the compromised computer. The worm also
spreads through the network by exploiting the Microsoft Windows Local
Security Authority Service Remote Buffer Overflow (as described in Microsoft
Security Bulletin MS04-011).
Payload Trigger:
n/a
Payload: Allows unauthorized remote access.
Large scale e-mailing: Uses its own SMTP engine to send emails.
Distribution
Subject of email: Varies
Name of attachment: Varies with a .zip file extension
Ports: TCP port 6667
Email Subject:
One of the following:
• Notice
of account limitation
• Email Account Suspension
• Security measures
• You are banned!!!
• We have suspended your account
• Members Support
• Important Notification
• Warning Message: Your services near to be closed.
• Your Account is Suspended For Security Reasons
• *DETECTED* Online User Violation
• *WARNING* Your email account is suspended
• Your Account is Suspended
Read
the full Symantec report here
W32.Bratle.A
Discovered
July 31, 2005
Systems Affected: All Windows32 Systems
W32.Bratle.A
is a worm that attempts to propagate by exploiting the Microsoft Windows
LSASS Buffer Overrun Vulnerability (as described in Microsoft Security
Bulletin MS04-011). It also opens a FTP server on the compromised computer.
Payload Trigger:
n/a
Payload: Allows unauthorized remote access.
Distribution
Ports: TCP port 3333.
Target of infection: Attempts to spread to systems unpatched against the
Microsoft Windows LSASS vulnerability.
Read
the full Symantec report here
|
If you came to this page directly, click the icon at the left to be taken to our Home Page 
