July 2006

Select the links for detailed information and removal tools for the latest viruses

For a Superior AntiVirus/Internet Security solution
Use AVG. Read about it here

W32.Amirecivel.H 07/25/06 2
W32.Looked.O 07/11/06 2
W32.Jalabed.B 07/07/06 2
W32.Banwarum.G 07/06/06 2
W32.Sixem.C 07/02/06 2
W32.Amirecivel.F 07/02/06 2

W32.Amirecivel.F@mm
Discovered July 2, 2006
Systems Affected: All Windows32 Systems

W32.Amirecivel.F@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm requires Microsoft .Net Framework 2.0 in order to run.

Payload Trigger: n/a
Payload: Gathers email addresses from the compromised computer.
Large scale e-mailing: Sends itself to the email addresses it gathers.
Degrades performance: Mass-mailing a copy of itself may degrade network performance.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies

Sends a copy of itself in an email with the following characteristics:

Read the full Symantec report here

W32.Sixem.C@mm
Discovered July 2, 2006
Systems Affected: All Windows32 Systems

W32.Sixem.C@mm is a mass-mailing worm that sends email messages regarding the World Cup.

Payload Trigger: n/a
Payload: Downloads and executes a file.
Large scale e-mailing: Sends a copy of itself to email addresses gathered from the compromised computer.
Compromises security settings: Lowers security settings by ending security-related processes.
Distribution
Subject of email: Varies
Name of attachment: Varies
Size of attachment: Varies

Read the full Symantec report here

W32.Banwarum.G@mm
Discovered July 6, 2006
Systems Affected: All Windows32 Systems

W32.Banwarum.G@mm is a worm that spreads through file-sharing networks such as KaZaa, Morpheus, eDonkey2000, LimeWire, and iMesh. It also downloads a .zip file from a predefined Web site and sends it as an email attachment to addresses that it gathers from the compromised computer.

Payload Trigger: n/a
Payload: Gathers email addresses from the compromised computer
Large scale e-mailing: Sends an email with a .zip file to the addresses it gathers
Distribution
Subject of email: Antivirus project
Name of attachment: util_v2_5.zip

Read the full Symantec report here

W32.Jalabed.B@mm
Discovered July 7, 2006
Systems Affected: All Windows32 Systems

W32.Jalabed.B@mm a mass-mailing worm that sends a copy of itself to email addresses gathered from the compromised computer. The worm also spreads through mIRC.

Payload Trigger: n/a
Payload: n/a
Modifies files: Overwrites the C:\inetpub\wwwroot\index.html file.
Distribution
Subject of email: Im the winner of 2 FIFA tickets
Name of attachment: FIFA 2006 Ticket.doc.exe

Read the full Symantec report here

W32.Looked.O
Discovered July 11, 2006
Systems Affected: All Windows32 Systems

W32.Looked.O is a worm that spreads through network shares and attempts to infect .exe files. It also lowers security settings, and downloads and executes a remote file.

Damage Level: Medium
Payload: infects .exe files
Compromises Security Settings: Ends security-related processes
DistributionDistribution Level: Medium

Read the full Symantec report here

W32.Amirecivel.H@mm
Discovered July 25, 2006
Systems Affected: All Windows32 Systems

W32.Amirecivel.H@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm requires Microsoft .Net Framework 2.0 in order to run.

Payload Trigger: n/a
Payload: Opens a back door.
Compromises Security Settings: Lowers security settings by disables processes and blocks access to Web sites.
Distribution
Subject of email: Varies
Ports: Opens random ports

Read the full Symantec report here