If you came to this page directly, click the icon at the left to be taken to our Home Page| If you came to this page directly, click the icon at the left to be taken to our Home Page |
||||
|
|
||||
|
|
December 2004 Select the links for detailed information and removal tools for the latest viruses Updated 12/29/2004
|
|
|
W32.Mugly.A@mm W32.Mugly.A@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to the email addresses gathered from the infected computer. It also drops and runs a W32.Spybot.Worm variant, and may attempt to open a backdoor on the infected computer. Large scale e-mailing: Sends a mass-mailing.Causes system instability: Exploits system vulnerabilities. Compromises security settings: Opens a backdoor. Subject of email: Varies Name of attachment: Attachment.zip Shared drives: Attempts to copy itself to shared drives protected by weak passwords. Attached image:
Read the full Symantec report here W32.Atak.B@mm W32.Atak.B@mm is a mass-mailing worm that uses its own SMTP engine to send its messages to the email addresses it gathers from certain files on a compromised computer. Large scale
e-mailing: Sends a mass-mailing of itself. Read the full Symantec report here W32.Atak.E@mm W32.Atak.E@mm is a mass-mailing worm that uses its own SMTP engine to send a copy of itself as an attachment to the email addresses it gathers from files on the compromised computer. Large scale
e-mailing: Sends a mass-mailing of itself to address gathered from the
compromised computer. Read the full Symantec report here W32.Gaobot.BUU W32.Gaobot.BUU is a network-aware worm that has back door capabilities and can be controlled through IRC channels. It attempts to lower security settings by blocking access to security-related Web sites and terminating processes. This worm spreads by exploiting several Windows vulnerabilities. Modifies
files: Modifies the hosts file. Read the full Symantec report here Download the Removal Tool here W32.Maslan.A@mm W32.Maslan.A@mm is a mass-mailing worm that opens a back door and exploits system vulnerabilities on the compromised computer. The worm also steals passwords and uses rootkit techniques. Payload:
Allows unauthorized remote access. Read the full Symantec report here W32.Maslan.C@mm W32.Maslan.C@mm is a mass-mailing worm that opens a back door and exploits system vulnerabilities on the compromised computer. The worm also steals passwords and uses rootkit techniques. Payload:
Allows unauthorized remote access. Read the full Symantec report here VBS.Junkmail@mm VBS.Junkmail@mm is a generic VBS, mass-mailing worm, which copies itself to files on the C drive. Payload:
Copies itself to files on the C drive. Read the full Symantec report here W32.Janx W32.Janx is a worm that attempts to exploit the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011). The worm spreads by randomly scanning IP addresses for vulnerable systems. The worm also connects to an IRC server and waits for commands. Degrades
performance: Excessive network access occurs. Read
the full Symantec report here
W32.Qeds@mm W32.Qeds@mm is a mass-mailing worm that sends a copy of itself as an attachment to the email addresses that it gathers from the files on an infected computer. Payload Trigger:
Downloads remote files. Read the full Symantec report here VBS.Sorpe.A@mm VBS.Sorpe.A@mm is a mass-mailing worm that sends itself to email addresses gathered from files on the infected computer. Large scale
e-mailing: Sends a mass-mailing. Read the full Symantec report here W32.Erkez.D@mm W32.Erkez.D@mm is a mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. Payload:
Opens a back door Read
the full Symantec report here
Download the Removal Tool here VBS.Sorpe.B@mm VBS.Sorpe.B@mm is a mass-mailing worm that sends itself to the email addresses gathered from the files on an infected computer. The worm also disables various system utilities including the Registry Editor and Microsoft Notepad. Large scale
e-mailing: Sends a mass-mailing. Read the full Symantec report here W32.Atak.F@mm W32.Atak.F@mm is a mass-mailing worm that sends itself to addresses collected from the infected computer. The email has a variable subject and attachment name. The attachment will have a .zip file extension. Large scale e-mailing: Mails itself to the email addresses found on infected computer.Modifies files: Adds an entry to win.ini. Degrades performance: Email address searching and mass-mailing activity may degrade computer performance. Subject of email: "Merry X-Mas!" or "Happy New Year!" Name of attachment: Variable double extension ending in .zip. Size of attachment: approx. 11 kb Read the full Symantec report here W32.Envid.B@mm W32.Envid.B@mm is a worm that sends email to all addresses found in the Microsoft Outlook Address Book. The email has a variable subject and no attachment. The email contains a link from which the worm is downloaded. Large scale
e-mailing: Sends a mass-mailing. Read
the full Symantec report here
Download the Removal Tool here W32.Looked W32.Looked is a worm that propagates through shared folders, downloads a file, and infects .exe files. Modifies files: Infects files with .exe file extension.Compromises security settings: Terminates the Zone Alarm firewall and various associated processes. Target of infection: IPC$ and ADMIN$ network shares Read the full Symantec report here W32.Atak.G@mm W32.Atak.G@mm is a mass-mailing worm that uses its own SMTP engine to send itself as an attachment to the email addresses that it gathers from the files on the compromised computer. Large scale
e-mailing: Mails itself to the email addresses found on infected computer.
Read the full Symantec report here W32.Mugly.C@mm W32.Mugly.C@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the compromised computer. The worm also drops and runs a W32.Spybot.Worm variant. Large scale
e-mailing: Sends a mass-mailing.
Read the full Symantec report here Perl.Santy Perl.Santy is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11., which are vulnerable to the PHPBB Remote URLDecode Input Validation Vulnerability (BID 11672). Other systems are not affected. If successful, the worm copies itself to the server and overwrites files with the following extensions:
The worm
uses the Google search engine to find potential new infection targets.
Google has now implemented blocking Perl.Santy search requests, which
is expected to greatly reduce the worm's ability to propagate and lower
the risk of further infections. Read the full Symantec report here W32.Randex.CCF W32.Randex.CCF is a network-aware worm that opens a back door on an infected computer and may be remotely controlled via IRC channels. Payload: Opens a back door.Compromises security settings: Terminates security-related processes and blocks access to security-related Web sites. Ports: TCP port 9000 Read the full Symantec report here W32.Envid.C@mm W32.Envid.C@mm is a mass-mailing worm that sends an email to all the addresses in the Microsoft Outlook Address Book. Large scale
e-mailing: Sends emails to addresses in the Outlook Address Book. Read the full Symantec report here W32.Beaker.A@mm
W32.Beaker.A@mm is a mass-mailing worm that sends a copy of itself by email and overwrites files on infected computers. Large scale
e-mailing: Emails itself to email addresses found on the infected computer.
Read the full Symantec report here Perl.Santy.B Perl.Santy.B is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11, which are vulnerable to the PHPBB Remote URLDecode Input Validation Vulnerability (BID 11672). It uses AOL or Yahoo search to find potential new infection targets. Compromises security settings: Downloads and executes script files that contain arbitrary code.Read the full Symantec report here Perl.Santy.C Perl.Santy.C is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11, which are vulnerable to the PHPBB Remote URLDecode Input Validation Vulnerability (BID 11672). It uses Google search to find potential new infection targets. Compromises security settings: Downloads and executes script files that contain arbitrary code.Read the full Symantec report here W32.Protoride.B W32.Protoride.B is a worm that propagates through network shares and opens a backdoor that allows unauthorized access to a compromised machine. Payload:
Allows unauthorized remote access. Read the full Symantec report here
|
|
|
©
Copyright 1999 - 2004 The Computer Wizard
|
||||
