Virus News September 2004

If you came to this page directly, click the icon at the left to be taken to our Home Page
	Virus News

September 2004

Select the links for detailed information and removal tools for the latest viruses

W32.Spybot.EAS 09/30/2004 2
W32.Mydoom.AC 09/28/2004 2
W32.Beagle.AR 09/28/2004 2
W32.Noomy.A 09/27/2004 2
Hacktool.JPEGShell 09/25/2004 1
W32.Mydoom.AB 09/15/2004 2
W32.Mydoom.Y 09/15/2004 2
W32.Mexer.E 09/15/2004 2
W32.Mydoom.W 09/14/2004 2
W32.Spybot.DNB 09/13/2004 2
W32.Spybot.DNC 09/13/2004 2
W32.Mydoom.V 09/10/2004 2
W32.Mydoom.U 09/09/2004 2
W32.Mydoom.T 09/09/2004 2
W32.Mydoom.S 09/09/2004 2
W32.Blackmal.C 09/06/2004 2
W32.Mydoom.R 09/03/2004 2
W32.Bugbear.M 09/03/2004 2

W32.Bugbear.M@mm
Discovered September 3, 2004
Systems Affected: All Windows32 Systems

W32.Bugbear.M@mm is a mass-mailing worm that sends itself to email addresses it gathers from certain files on the system, using its own SMTP engine.

Large scale e-mailing: Emails itself as an attachment using its own SMTP engine.
Releases confidential info: May send confidential information to the hacker.
Subject of email: Varies. Starts with "Re: "
Name of attachment: Varies

Read the full Symantec report here

W32.Mydoom.R@mm
Discovered September 3, 2004
Systems Affected: All Windows32 Systems

W32.Mydoom.R@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer. The email contains a spoofed From address. The subject and message body vary, and the attachment has a .bat, .cmd, .exe, .pif, .scr, or .zip extension.

Large scale e-mailing: Sends itself to the email addresses found in the files with certain extensions.
Degrades performance: Mass-mailing may clog mail servers or degrade network performance.
Subject of email: Varies.
Name of attachment: Varies with .bat, .com, .doc, .exe, .htm, .scr, .tmp, .txt. file extensions.
Size of attachment: 37,888 bytes

Read the full Symantec report here

W32.Blackmal.C@mm
Discovered September 6, 2004
Systems Affected: All Windows32 Systems

W32.Blackmal.C@mm is a mass-mailing worm that lowers security settings by deleting files associated with security applications. It sends a copy of itself to all email addresses gathered from the Outlook address book, Yahoo Messenger address book, and Yahoo Pager address book.

Read the full Symantec report here

W32.Mydoom.S@mm
Discovered September 9, 2004
Systems Affected: All Windows32 Systems

W32.MyDoom.S@mm is a mass-mailing worm that downloads a copy of Backdoor.Nemog.B.

Releases confidential info: Collects emails addresses from the infected computer.

Read the full Symantec report here

W32.Mydoom.T@mm
Discovered September 9, 2004
Systems Affected: All Windows32 Systems

W32.Mydoom.T@mm is a mass-mailing worm that downloads a copy of Backdoor.Nemog.B.

Large scale e-mailing: Sends out a mass mailing of itself.
Releases confidential info: Collects emails addresses from the infected computer.

Read the full Symantec report here

W32.Mydoom.U@mm
Discovered September 9, 2004
Systems Affected: All Windows32 Systems

W32.Mydoom.U@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer. The subject and message body vary, and the attachment has a .bat, .cmd, .exe, .pif, .scr, or .zip extension. It is similar to W32.Mydoom.P@mm.

Payload: Downloads and executes a file from a Web site.
Large scale e-mailing: Uses its own SMTP engine to send itself to the email addresses found in the files with certain extensions.
Degrades performance: Mass mailing may clog mail servers or degrade network performance.
Subject of email: Varies
Name of attachment: Varies, with .bat, .cmd, .exe, .pif, .scr, or .zip extension.
Size of attachment: 17kb

Read the full Symantec report here

W32.Mydoom.V@mm
Discovered September 10, 2004
Systems Affected: All Windows32 Systems

W32.Mydoom.V@mm is a mass-mailing worm that downloads an excutable file.

Large scale e-mailing: Sends out a mass mailing of itself.
Degrades performance: Mass-mailing may clog mail servers or degrade network performance.

Read the full Symantec report here

W32.Spybot.DNC
Discovered September 13, 2004
Systems Affected: All Windows32 Systems

W32.Spybot.DNC is a worm that may be remotely controlled via IRC channels. The worm has the ability to perform distributed denial of service (DDoS) attacks and open a backdoor on the infected computers. It also attempts to steal CD keys from some computer games.

Releases confidential info: Attempts to steal confidential information
Compromises security settings: Opens a backdoor
Ports: 6667/135/80/145/1434

Read the full Symantec report here

W32.Spybot.DNB
Discovered September 13, 2004
Systems Affected: All Windows32 Systems

W32.Spybot.DNB is a worm that may be remotely controlled via IRC channels. The worm has the ability to perform distributed denial of service (DDoS) attacks and open a backdoor on the infected computers. It also attempts to steal CD keys from some computer games.

Deletes files: Deletes network shares
Releases confidential info: Steals confidential information
Compromises security settings: Opens a backdoor
Ports: 6667

Read the full Symantec report here

W32.Mydoom.W@mm
Discovered September 14, 2004
Systems Affected: All Windows32 Systems

W32.Mydoom.W@mm is a mass-mailing worm that attempts to perform a Distributed Denial of Service (DDoS) attack against www.symantec.com.

Symantec Security Response is currently investigating this threat and will post more information as it becomes available.

Read the full Symantec report here

W32.Mexer.E@mm
Discovered September 15, 2004
Systems Affected: All Windows32 Systems

W32.Mexer.E@mm is a mass-mailing worm that also spreads through several file-sharing networks.

Large scale e-mailing: Sends a mass-mailing.
Degrades performance: Creates a mass-mailing of itself may impact system performance

Read the full Symantec report here

W32.Mydoom.Y@mm
Discovered September 15, 2004
Systems Affected: All Windows32 Systems

Large scale e-mailing: Sends itself to the email addresses that it finds on the infected computer.
Causes system instability: Creates a mass-mailing of itself which may impact system performance
Subject of email: album You've got a Virtual Postcard
Name of attachment: photos_album.zip photos_album.scr www.flashecard.com_postcard=viewcard_download.html.scr www.flashecard.com_postcard=viewcard_download.html.zip
Size of attachment: 23,040byte

Read the full Symantec report here

W32.Mydoom.AB@mm
Discovered September 15, 2004
Systems Affected: All Windows32 Systems

W32.MyDoom.AB@mm is a mass-mailing worm that downloads a malicious file and spreads via ICQ

Large scale e-mailing: Sends itself to the email addresses found in the files with certain extensions.
Degrades performance: Mass-mailing may clog mail servers or degrade network performance.
Size of attachment: 69,632 bytes

Read the full Symantec report here

W32.Noomy.A@mm
Discovered September 27, 2004
Systems Affected: All Windows32 Systems

W32.Noomy.A@mm is a worm that sends itself by email, creates an HTTP server on port 8800/TCP and sends messages to IRC chat rooms inviting users to download the worm from the HTTP server.

Payload: Opens a backdoor and propagates by email and IRC.
Large scale e-mailing: Yes
Degrades performance: Yes
Releases confidential info: Opens a backdoor
Compromises security settings: Opens a backdoor
Subject of email: Varies.
Name of attachment: Varies
Size of attachment: 88,576 bytes

Read the full Symantec report here

Hacktool.JPEGShell
Discovered September 25, 2004
Systems Affected: All Windows32 Systems

Hacktool.JPEGShell is a Trojan horse program that can be used to generate .jpg files that exploit the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028).

The generated .jpg files are detected by Symantec Antivirus products as Trojan.Moo.

Read the full Symantec report here

W32.Beagle.AR@mm
Discovered September 28, 2004
Systems Affected: All Windows32 Systems

W32.Beagle.AR@mm is a mass-mailing worm that uses its own SMTP engine to spread. The email attachment is a downloader, similar to the Mitglieder family of Trojans, that downloads the worm from an external source.

The worm also contains backdoor functionality, opening TCP port 81 and UDP port 81.

Large scale e-mailing: Sends itself to addresses harvested from files on the local system.
Degrades performance: Mass-mailing may impact system performance.
Compromises security settings: Allows unauthorized remote access to a compromised host.
Subject of email: Varies
Name of attachment: Varies with .com, .cpl, .exe, or . scr file extension.
Size of attachment: Varies
Ports: TCP port 81 and UDP port 81

Read the full Symantec report here

W32.Mydoom.AC@mm
Discovered September 28, 2004
Systems Affected: All Windows32 Systems

W32.Mydoom.AC@mm is a mass-mailing worm that launches a Denial of Service (DoS) attack against a remote server. It can also spread through file-sharing networks.

Large scale e-mailing: Sends a mass-mailing of itself.
Degrades performance: Performs a DoS attack on a third party.

Subject: (Will be one of the following)

Holohoax information
Hackers for Historical Truth
Free Ernst Zundel
The holocaust is a lie
Information about Holocaust
The Germar Rudolf Report
Hello, here is your information!
Jewish Holocaust, another lie

Read the full Symantec report here

W32.Spybot.EAS
Discovered September 30, 2004
Systems Affected: All Windows32 Systems

W32.Spybot.EAS is a worm that may be remotely controlled via IRC channels. It includes distributed denial of service (DDoS) and back door capabilities. The worm also attempts to steal confidential information from the infected computer.

Deletes files: Deletes local network shares.
Releases confidential info: Steals product information and product keys.
Compromises security settings: Opens a back door.
Ports: TCP port 6667

Read the full Symantec report here


			© Copyright 1999 - 2004 The Computer Wizard