November 2006

Select the links for detailed information and removal tools for the latest viruses

For a Superior AntiVirus/Internet Security solution
Use AVG. Read about it here

W32.Spybot.ACYR 11/27/2006 2
W32.Pardona.A 11/19/2006 2
W32.Stration.EC 11/19/2006 2
W32.Mixor.I 11/19/2006 2
W32.Spybot.ALRD 11/16/2006 2
W32.Pintae.A 11/07/2006 2
W32.Stration.DW 11/06/2006 2
W32.Eboscro 11/04/2006 2

W32.Eboscro
Discovered November 4, 2006
Systems Affected: All Windows32 Systems

W32.Eboscro is a worm that copies itself to removable drives, opens a back door, and lowers security settings on the compromised computer.

Payload: Opens a back door.
Compromises Security Settings: Ends security-related processes.
Distribution Level: Medium
Ports: TCP port 8111

Read the full Symantec report here

W32.Stration.DW@mm
Discovered November 6, 2006
Systems Affected: All Windows32 Systems

W32.Stration.DW@mm is a worm that spreads by emailing itself to other computers. It also drops a copy of W32.Stration.DB@mm on to the compromised computer.

Payload: Spreads by emailing itself to other computers. It also drops a copy of W32.Stration.DB@mm on to the compromised computer.
Large Scale E-mailing: Yes
Distribution Level: Medium
Subject of Email: Varies
Name of Attachment: Varies

Read the full Symantec report here

W32.Pintae.A@mm
Discovered November 7, 2006
Systems Affected: All Windows32 Systems

W32.Pintae.A@mm is a mass-mailing worm that also spreads through network shares.

Large Scale E-mailing: Spreads through email and through network shares.
Distribution Level: High
Subject of Email: Varies
Name of Attachment: Varies

Read the full Symantec report here

W32.Spybot.ALRD
Discovered November 16, 2006
Systems Affected: All Windows32 Systems

W32.Spybot.ALRD is a network-aware worm that opens a back door on the compromised computer. It also attempts to spread to network shares protected by weak passwords and by exploiting vulnerabilities.

Payload: Opens a back door and exploits remote vulnerabilities.
Modifies Files: Attempts to patch several system files.
Compromises Security Settings: Modifies some registry entries to lower security settings.
Distribution Level: Medium
Shared Drives: Network shares with weak passwords.
Target of Infection: Un-patched computers vulnerable to several exploits.

Read the full Symantec report here

W32.Mixor.I@mm
Discovered November 19, 2006
Systems Affected: All Windows32 Systems

W32.Mixor.I@mm is a mass-mailing worm that also disables security related programs.

Distribution Level: High
Size of Attachment: 15,226 bytes

Read the full Symantec report here

W32.Stration.EC@mm
Discovered November 19, 2006
Systems Affected: All Windows32 Systems

W32.Stration.EC@mm is a mass-mailing worm that attempts to download files from the Internet.

Payload: Attempts to download files from the Internet.
Distribution Level: High
Subject of Email: Varies
Name of Attachment: Varies .

Read the full Symantec report here

W32.Pardona.A@mm
Discovered November 20, 2006
Systems Affected: All Windows32 Systems

W32.Pardona.A@mm is a mass-mailing worm that gathers email addresses from the compromised computer.

Symantec Security Response is currently investigating this threat and will post more information as it becomes available.

Large Scale E-mailing: Spreads by sending emails from the compromised computer.
Distribution Level: High

Read the full Symantec report here

W32.Spybot.ACYR
Discovered November 27, 2006
Systems Affected: All Windows32 Systems

W32.Spybot.ACYR is a worm that spreads through mIRC and to network shares protected by weak passwords. It also spreads by exploiting some vulnerabilities.

Payload: Spreads through mIRC and to network shares protected by weak passwords.
Compromises Security Settings: Disables Windows File Protection.
Distribution Level: High
Ports: TCP port 6667.

Read the full Symantec report here