If you came to this page directly, click the icon at the left to be taken to our Home Page| If you came to this page directly, click the icon at the left to be taken to our Home Page |
||||
|
|
||||
|
|
August 2004 Select the links for detailed information and removal tools for the latest viruses
|
|
|
W32.Korgo.AD W32.Korgo.AD is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. Degrades
performance: Network propagation routines may degrade overall network
performance. Read the full Symantec report here W32.Gaobot.BAJ
W32.Gaobot.BAJ is a worm that spreads through open network shares and through backdoors that the Mydoom family of worms open. It allows attackers to access an infected computer using a predetermined IRC channel. Releases
confidential info: Steals CD keys from a number of computer games. Read the full Symantec report here W32.Evaman.C@mm W32.Evaman.C@mm is a mass-mailing worm that sends HTTP Get requests to the Web site, email.people.yahoo.com, to obtain email addresses. This worm also retrieves email addresses from Windows Address Book files and from the files with the extensions .adb, .asp, .cfg, .dbx, .dhtm, .eml, .htm, .html, .jse, .jsp, .mmf, .msg, .ods, .php, .sht, .shtm, .shtml, .tbb, .txt, .wab, and .xml. W32.Evaman.C@mm uses its own SMTP engine to send itself to the email addresses that it finds. The email will have one of these subjects: SN: New secure
mail Subject of email: SN: New secure mail Secure delivery failed transaction Re: hello (Secure-Mail) Re: Extended Mail Delivery Status (Secure) Re: Server Reply SN: Server Status Name of attachment: mail message attachment transcript text document file readme followed by one of the following: .exe -txt.exe -htm.exe -txt.scr Size of attachment: 21,504 bytes, vary for zip Read the full Symantec report here W32.Myfip.A W32.Myfip.A is a network-aware worm that steals files from infected computers. Releases confidential info: Gathers and uploads .pdf files to an FTP server.Shared drives: Copies itself to network shares. Read the full Symantec report here W32.Saros@mm
W32.Saros@mm is a worm that propagates through email, MIRC, and file-sharing networks. Large scale
e-mailing: Sends an email to all the addresses in the MS Outlook address
book. Sends an email to all the entries in the Microsoft Outlook Address Book. The email will have the following properties: Subject:
Microsoft Outlook News Title: NonYou Title: Gedzac
Group 2004 Read
the full Symantec report here
W32.Lovgate.AN@mm W32.Lovgate.AN@mm is a mass mailing worm that propagates through open network shares and using the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (BID 8205). It prepends itself to .exe files. Large scale
e-mailing: Yes Read the full Symantec report here W32.Beagle.AO@mm W32.Beagle.AO@mm is a mass mailing worm that uses its own SMTP engine to spread. The email attachment is a Mitglieder-like downloader that brings the worm from external sources. The worm also has a backdoor functionality, opening UDP and TCP port 80. Read the full Symantec report here W32.Mydoom.P@mm W32.Mydoom.P@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer. The email contains a spoofed From address. The subject and message body vary, and the attachment has a .bat, .cmd, .exe, .pif, .scr, or .zip extension. Large scale
e-mailing: Uses its own SMTP engine to send itself to the email addresses
found in the files with certain extensions. Read the full Symantec report here W32.Mydoom.Q@mm W32.Mydoom.Q@mm is a mass-mailing worm that downloads an executable file and uses its own SMTP engine to send itself to the email addresses that it finds on the infected computer. The downloaded file is detected as Backdoor.Nemog.The email has the following characteristics: From: <spoofed> Subject: Photos Attachment: photos_arc.exe Read the full Symantec report here Download
the Removal Tool here Backdoor.Nemog Backdoor.Nemog is a Backdoor Trojan horse that allows an infected computer to be used as an email relay and HTTP proxy. This backdoor is dropped by W32.Mydoom.Q@mm. Modifies
files: Modifies the Hosts file. Read the full Symantec report here W32.Neveg.C@mm W32.Neveg.C@mm is a mass-mailing worm that spreads using its own SMTP engine, and performs a Denial of Service (DoS) attack on various Web design Web sites. The worm replicates through email and shared folders. Read the full Symantec report here W32.Neveg.B@mm
W32.Neveg.B@mm is a mass-mailing worm that performs denial of service (DoS) attacks on various web design Web sites. The worm replicates via email, using its own SMTP engine, and also spreads through shared folders. Read the full Symantec report here W32.Beagle.AP@mm W32.Beagle.AP@mm
is a mass-mailing worm that spreads via email, using its own SMTP engine.
Compromises security settings: Terminates the processes of some security programs. Read the full Symantec report here W32.Sasser.G W32.Sasser.G is a variant of W32.Sasser.Worm that attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011. The worm spreads by scanning random IP addresses and drops W32.Netsky.AC@mm. Degrades
performance: Causes significant performance degradation. W32.Lovgate.AO@mm W32.Lovgate.AO@mm is a mass-mailing worm that propagates through open network shares and prepends itself to .exe files. The email has a variable subject and attachment name, with a .bat, .cmd, .com, .exe, .pif, .scr, or.zip file extension. Large scale
e-mailing: Replies to existing emails and sends email to addresses found
on local system. Read the full Symantec report here W32.Spybot.DAZ W32.Spybot.DAZ is a worm that spreads through IRC, network shares, exploits, and computers that are infected with common backdoor Trojan horses. Releases confidential info: May steal CD keys and passwords.Read the full Symantec report here Download.Ject.D Download.Ject.D is a variant of Download.Ject.C that attempts to download and execute files. Compromises
security settings: Terminates processes related to various security programs.
W32.Beagle.AQ@mm W32.Beagle.AQ@mm is a variant of W32.Beagle.AO@mm, which is a mass-mailing worm that uses its own SMTP engine to spread. The email attachment is a downloader, similar to Trojan.Mitglieder and Download.Ject.C, that downloads the worm from an external source. The worm
also contains backdoor functionality, opening TCP port 80 and UDP port
80. Degrades performance: Mass-mailing may clog mail servers or degrade network performance Compromises security settings: Terminates the processes associated with various security-related programs. Allows unauthorized remote access to a compromised host. Ports: TCP port 80 and UDP port 80 Read the full Symantec report here
|
|
|
©
Copyright 1999 - 2004 The Computer Wizard
|
||||
