If you came to this page directly, click the icon at the left to be taken to our Home Page| If you came to this page directly, click the icon at the left to be taken to our Home Page |
||||
|
|
||||
|
|
October 2004 Select the links for detailed information and removal tools for the latest viruses
|
|
|
W32.Bagz@mm W32.Bagz@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from the infected computer. Large scale
e-mailing: Sends a mass-mailing. Read the full Symantec report here W32.Mydoom.AD@mm
W32.Mydoom.AD@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds from an infected system. It also attempts to spread itself through IRC and some popular peer-to-peer networks. Large scale e-mailing: Send itself to the email addresses that it finds on the infected computer.Modifies files: %System%\drivers\etc\hosts %ProgramFiles%\mIRC\script.ini Compromises security settings: Terminates processes related to antivirus and security programs. Subject of email: Varies Name of attachment: Varies with .cmd, .cpl, .exe, .pif, .scr, or .zip as extension name. Size of attachment: 36,864 bytes, varies for .zip Target of infection: Attempts to spread itself to IRC and many peer-to-peer networks. Read the full Symantec report here W32.Bagz.B@mm W32.Bagz.B@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses gathered from an infected computer. Large scale e-mailing: Sends a mass-mailing.Compromises security settings: Disables firewalls. Subject of email: Various Name of attachment: Various Size of attachment: 253,954 bytes Read
the full Symantec report here
W32.Fili@mm W32.Fili@mm is a generic Visual Basic worm that propagates via Microsoft Outlook and through peer-to-peer file-sharing networks. It can also spread via mIRC. The email has a variable subject and attachment name. The attachment will have a .scr, .pif, .bat, .com, .cmd, or .exe file extension. Large scale e-mailing: Sends itself to email addresses found on the infected computer.Compromises security settings: Terminates some antivirus and security application processes. Subject of email: Varies Name of attachment: Varies with a .scr, .pif, .bat, .com, .cmd, or .exe extension. Size of attachment: 20,480 bytes Target of infection: Spreads through various peer-to-peer filesharing networks. Read the full Symantec report here W32.Funner W32.Funner is a worm that spreads using Microsoft's Windows Messenger instant message program and modifies the hosts file. Modifies
files: Modifies the Hosts file. Read the full Symantec report here W32.Netsky.AD@mm W32.Netsky.AD@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds on the infected system. The emal subject, message body, and attachment are variable. Read the full Symantec report here W32.Mydoom.AF@mm W32.Mydoom.AF@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds from an infected system. The worm also contains back door functionality which allows unauthorized remote access to the infected computer. The email will have a variable subject and attachment name. The attachment will have a .cpl, .pif, or .scr file extension. Large scale e-mailing: Sends itself to addresses harvested from the infected machine.Compromises security settings: Allows unauthorized remote access. Downloads and executes files. Name of attachment: Varies with .cpl, .pif, .or .scr file extension. Size of attachment: 51,712 bytes Read the full Symantec report here W32.Spybot.FBG W32.Spybot.FBG is a worm that may be remotely controlled via IRC channels. It includes distributed denial of service (DDoS) and back door capabilities. The worm also attempts to steal confidential information from the infected computer. Read the full Symantec report here W32.Darby.B W32.Darby.B is a worm that uses file-sharing networks, email, network file sharing, and Internet Relay Chat (IRC) to spread. The worm may also attempt to disable antivirus and firewall software. Large scale e-mailing: Sends email to addresses harvested from the local system.Releases confidential info: Sends cached password information to hacker. Compromises security settings: Terminates processes of various security related programs. Subject of email: Varies Name of attachment: Varies with .com, .pif, .scr, or .zip file extension. Shared drives: Attempts to connect to systems with weak passwords. Target of infection: Spreads via various filesharing networks and IRC. When W32.Darby.B is executed, it does the following:
The file
this total or partially damaged, impossible to open the file. Read
the full Symantec report here
W32.Spybot.FCD W32.Spybot.FCD:
Releases
confidential info: Log keystrokes to steal passwords and confidential
information. Read the full Symantec report here W32.Bagz.D@mm W32.Bagz.D@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from an infected computer. This worm also prevents access to several Web sites by overwriting the local hosts file. It also disables certain security and anti-virus applications. The email will have a variable subject line and attachment name. The attachment will have an .exe or .zip file extension. Large scale e-mailing: Sends a mass-mailing.Modifies files: Modifies the hosts file. Compromises security settings: May disable anti-virus and security applications. Subject of email: Varies. Name of attachment: Varies with a .zip or .exe extension. Size of attachment: 157,194 bytes Read the full Symantec report here W32.Netsky.AE@mm W32.Netsky.AE@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all email addresses it finds in the Windows address book on the infected computer. It also spreads by copying itself to the shared folders of various file-sharing and instant messaging programs. Large scale
e-mailing: Sends itself to addresses harvested from the infected machine.
Read the full Symantec report here W32.Buchon.A@mm W32.Buchon.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it finds on the infected computer. Large scale e-mailing: Sends a mass-mailing.Subject of email: Mail Delivery failure - %address@domain.com% Name of attachment: "message txt(random spaces) mcafee.com" Ports: Random TCP ports between 28000 - 28500. Read
the full Symantec report here
W32.Bagz.E@mm W32.Bagz.E@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from an infected computer. This worm also prevents access to several Web sites by overwriting the local hosts file. The email will have a variable subject line and attachment name. The attachment will have an .exe or .zip file extension. Large scale
e-mailing: Sends email to addresses found on the local system. Read the full Symantec report here W32.Mydoom.AG@mm W32.Mydoom.AG@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on the infected computer. It also propagates through popular peer-to-peer networks. The email will have a variable subject and attachment name. The attachment will have a .bat, .cmd, .exe, .scr, .pif, or .zip file extension. Large scale e-mailing: Sends itself to addresses harvested from the infected machine.Modifies files: Modifies the hosts file. Compromises security settings: Disables anti-virus and firewall applications. Subject of email: Varies Name of attachment: Varies with a .bat, .cmd, .exe, .scr, .pif, or .zip file extension Read the full Symantec report here W32.Anpes@mm W32.Anpes@mm is a mass-mailing worm that uses Microsoft Outlook to send itself to email addresses gathered from the infected computer. It also attempts to lower security settings, modify Explorer settings, and create a user account. Large scale
e-mailing: Sends a mass-mailing. Read the full Symantec report here W32.Bagz.F@mm W32.Bagz.F@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from the compromised system. The email will have a variable subject and attachment name. The attachment will have a .exe or .zip file extension. It also lowers security settings by overwriting the local hosts file and preventing access to several security-related Web sites. Large scale
e-mailing: Sends mail to addresses harvested from the local system. W32.Gaobot.BOW W32.Gaobot.BOW is a network-aware worm that has backdoor capabilities and can be controlled through IRC channels. Compromises
security settings: Allows unauthorized remote access. Terminates numerous
processes related to security type programs. Read the full Symantec report here W32.Erkez.C@mm W32.Erkez.C@mm is a mass-mailing worm that sends itself to email addresses it finds on the infected computer. It also copies itself to folders that are likely to be shared on file-sharing networks. When this worm infects a computer, it attempts to overwrite .exe files. The files that it targets are usually executables that belong to security products, including Symantec products. However, in some cases, the worm may overwrite .exe files that belong to other programs. If the worm does overwrite .exe files, some programs or operating system functions may no longer function correctly. Large scale
e-mailing: Sends itself to email addresses it finds on the infected computer.
Read the full Symantec report here W32.Beagle.AU@mm W32.Beagle.AU@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm will open a backdoor on TCP port 81. Large scale
e-mailing: Yes Read
the full Symantec report here
W32.Beagle.AW@mm W32.Beagle.AW@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm will open a backdoor on TCP port 81. Read the full Symantec report here W32.Beagle.AV@mm W32.Beagle.AV@mm is a mass-mailing worm that also spreads through file-sharing networks. The worm will open a backdoor on TCP port 81. Notes:
Read the full Symantec report here
|
|
|
©
Copyright 1999 - 2004 The Computer Wizard
|
||||
