VIRUS NAME
|
DETAILS
|
W32.Blackmal.E@mm
|
W32.Blackmal.E@mm
aka
VB.BI is a mass mailing worm,
uses e-mail addresses collected
from the infected system to
distribute infected messages. It
attempts spread through network
shares.| More details |
W32.Sober.X@mm
|
Sober.X is
a mass mailing worm uses e-mail
addresses collected from the
system to distribute infected
mails. The worm uses its own SMTP
engine to spread. The infected
mail will be in English or
German.| More details
|
W32.Beagle.AV@mm
|
Beagle.AV
is
a mass mailing worm, uses e-mail
addresses collected from the
infected system to distribute
infected messages. Beagle
worm arrives as an e-mail
attachment.
| More details |
W32.Sasser.Worm
|
Sasser is
a network Worm, exploits a
remote code execution
vulnerability LSASS to infect
target systems. It
scans for IP addresses and
infects unpatched systems. This
worm targets Windows 2000, and
Windows XP systems. | More details |
W32.Netsky.P@mm
|
Netsky.P is
a modified variant of Netsky.C
worm. This mass mailing worm
spreads using e-mail
addresses collected from MSG,
OFT, SHT, DBX, TBB, ADB, DOC,
WAB, ASP, UIN, RTF, VBS, HTML,
HTM, PL, PHP, TXT, SHTM, DHTM,
CGI and EML files to distribute
infected messages. Netsky.P
worm arrives as an e-mail
attachment. | More details |
W32.Netsky.D@mm
|
Netsky.D is
a modified variant of Netsky.C
worm. This mass mailing worm
spreads using e-mail
addresses collected from MSG,
OFT, SHT, DBX, TBB, ADB, DOC,
WAB, ASP, UIN, RTF, VBS, HTML,
HTM, PL, PHP, TXT, SHTM, DHTM,
CGI and EML files to distribute
infected messages. Netsky.D
worm arrives as an e-mail
attachment. The infected
attachment name, message body and
subject is randomly chosen by the
worm.
| More details |
W32.Mydoom.A@mm
|
Novarg
aka Mydoom
is a mass mailing worm,
uses e-mail addresses
collected from .wab, .adb, .tbb,
.dbx, .asp, .php, .sht, .htm,
.txt files to distribute infected
messages. Novarg worm
arrives as an e-mail attachment. The
infected attachment name, subject
and message body is randomly
chosen by the worm. The
worm also spreads using KaZaA P2P
network.
| More details |
W32.Blaster.Worm
|
Blaster
worm exploits a vulnerability
DCOM RPC [ Buffer Overrun In RPC
Interface ] to infect target
systems. The
worm randomly scans for IP
addresses [ X.X.X.0
Example: 202.124.64.0 ] and
infects the vulnerable systems.
This worm targets Windows NT,
2000, XP, and Windows Server 2003
systems. | More details |
W32.Klez.H@mm
|
Klez.H
is a modified variant of original
Klez.E
worm
and it is rapidly spreading in
the wild. I-worm/Klez.H
arrives as an e-mail attachment
with different names.
| More details |
W32.Yaha.K@mm
|
Yaha.K is
a mass mailing worm uses e-mail
addresses stored in Windows
Address book and also collects
addresses from .ht* files to
distribute infected messages. It
also spreads through MSN
messenger list, ICQ list and
Yahoo pager list. | More details |
W32.Bugbear@mm
|
BugBear
is an Internet worm, uses e-mail
addresses stored in Windows
Address book and network
shares.
It also collects addresses from .dbx,
.mbx, .eml, and .ocs files to
distribute infected messages. The
worm randomly chooses the message
body and subject. | More details |
Worm/Opaserv.A
|
Opaserv is a
network worm, spreads using
shared network drives.
Opaserv infects only the network
shares and it will
not spread using e-mail
attachments. When
executed, it will search for
Windows folder in the local
system and network and copies to "Scrsvr.exe".
| More details
|
W32.Yaha.E@mm
|
Yaha.E is
a mass mailing worm uses e-mail
addresses stored in Windows
Address book and also collects
addresses from .ht* files to
distribute infected messages. It
also spreads through MSN
messenger list, ICQ list and
Yahoo pager list. | More details |
W32.Klez.E@mm
|
Klez.E
is modified variant of original
Klez worm. Klez.E variant rapidly
spreads in the wild. I-worm/Klez.E
arrives as an e-mail attachment.
The attachments are embedded
within the e-mail and it won't
visible to the user.
| More details |
W32.BadTrans.B@mm
|
W32.BadTrans.B@mm
is modified variant of original BadTrans
worm. This encrypted worm sends
infected mails to e-mail address
collected from web pages and
Windows address book. It also
drops Trojan.PSW.Hooker.b in the
victims PC. The virus author can
steal username and password
details using this password
stealer. | More details |
W32.SirCam@mm
|
SirCam
is a mass mailing worm uses
e-mail addresses stored in
Windows Address book and also
collects addresses from temporary
Internet folder to distribute
infected messages. SirCam is also
network aware worm. It searches
for network shares and infects
them too. | More details |
HomePage
aka
VBSWG.X
|
VBS/HomePage
aka VBS/VBSWG.X is a encrypted VB
script worm uses Microsoft
outlook to spread. The email
message subject will be "
Homepage " and the
attachment will be "homepage.HTML.vbs"
and the message body will be "Hi!
You've got to see this page! It's
really cool ;O)". | More details |
W32.BadTrans@mm
|
BadTrans
is an encrypted worm spreads via
MAPI function of Microsoft
Outlook and it also drops
Trojan.PSW.Hooker.b in the
victims PC. The virus author can
steal username and password
details using the password
stealer. | More details |
W32/Magistr
|
W32/Magistr
is a complex polymorphic worm
spreads via email and it contains
virus components to infect PE
files [*.EXE,
*.SCR] in
Windows environment. It infects
local machine and PCs connected
to the local network (LAN). It is
discovered in March 2001 and
frequently reported in the wild. | More details |
W95/Hybris
|
Hybris
is a complex deadly worm, it will
update the plugins from the virus
author's site or through a virus
conference news group
alt.comp.virus. The worm uses Win95/Babylonia
virus
technique to download plugins,
but it uses strong encryption on
plugins using RSA 128 bit keys.
The worm patches WSOCK32.DLL to
email automatically. | More details |
W32.Prolin@mm
|
Prolin is an
Internet worm, uses
Microsoft Outlook to email
itself.The worm is 36,834 bytes
long and written in Visual Basic
version 6. It needs
"MSVBVM60.dll" to
spread otherwise it will show DLL
missing error. The e-mail
attachment name will be
"Creative.exe". | More details |
W32/MTX
|
MTX
is a complex encrypted worm
spreads via email and carries a
virus to infect local machine
files. It is discovered one month
back and frequently reported in
the wild. When executed, the worm patches
WSOCK32.DLL to email
automatically. The virus
component uses EPO (
Entry Point Obscuring )
technology to
infect files. | More details |
Wscript/KAK
Worm
|
Wscript/Kak
is a worm that exploits security
vulnerabilities in Microsoft
Internet Explorer and Microsoft
Outlook in a way similar to Bubbleboy worm. It
will ONLY infect PCs running Windows
98 with Internet Explorer
5 and Outlook or Outlook
Express. | More details |
W97M/Marker
family
|
W97M/Marker
(also known as HSFX) is a Word
macro virus that collects user
information from Word and uses
FTP to send it over the internet.
The virus is similar to
W97M/Caligula. It sends the data
over to codebreakers.org. It also
has some similarities to
W97M/Ethan.| More details |
PrettyPark.
worm
|
Pretty Park is an
Internet worm, uses mass
mailing and mIRC clients to
spread. There are lot of unpacked
variants also reported in the
wild. | More details |
W97M/Ethan
family
|
Ethan is
a simple macro virus, consisting
of a single macro less than 50
lines long. It infects Word's
NORMAL.DOT template and documents
by inserting it's code to a
module in the document.| More details |
Worm.Happy99
|
The is a
Win32-based e-mail and newsgroup
worm. It displays fireworks when
executed first time as
Happy99.exe. When executed first
time, it creates SKA.EXE and
SKA.DLL in the system directory.
Also it modifies WSOCK32.DLL to
infect.| More details |
X97M/Laroux
family
|
XM/Laroux
is the first macro virus for
Microsoft Excel for Windows which
actually works. The virus
intercepts Excel's AutoOpen
automacro. When an infected
spreadsheet is opened, the virus
activates and checks whether the
system is already infected. If
not , the virus creates an Excel
for Windows file named
PERSONAL.XLS in the Excel for
Windows default startup directory
(e.g. C:\MSOFFICE\EXCEL \XLSTART)
and copies itself there.| More details |
W32/Funlove
|
This
is a Win32 PE file virus infects
EXE, SCR, OCX files under Win9x
and WinNT 4.0 platforms. The
infected files will increase by
4099 bytes. What is notable about
this virus is that it uses a new
strategy to attack the Windows NT
file security system and it runs
as a service on Windows NT
systems. | More details |
WYX Boot
|
WYX boot uses
floppy disks to infect other PCs.
If you accidentally switch on the
PC with an infected disk it will
infect Partition table and Boot
sector of Hard disk. It spreads
on DOS, Windows 9x and Windows NT
environments. Some times it
failed to replicate in Windows
environment and damages the
data.| More details |
VBS/LoveLetter
|
VBS/LoveLetter
is a VB Script uses Microsoft
outlook and Mirc clients to
spread. It is spreading faster
than Melissa virus. It causes
heavy e-mail traffic and downs
many mail servers. There are
several variants reported in the
wild. The attachments will be LOVE-LETTER-FOR-YOU.TXT.VBS,
mothersday.vbs,
Urgent_virus_warning.vbs,
IMPORTANT.TXT.VBS,
Virus-Protection-Informations.vbs,
ArabAir.TXT.vbs,
BEWERBUNG.TXT.vbs,
KillEmAll.TXT.vbs, protect.vbs or
Very Funny.vbs . | More details |
Win95/CIH
virus
|
A more dangerous
and deadly virus called
"CIH" has spread
rapidly and remains dormant in
many computers. This virus will
wake up or get activated on 26th
of April and it will damage the
motherboard and the hard disk.
The damage caused could be
extreme and expensive. | More details
|
