VIRUS NAME
|
DETAILS
|
Backdoor.Bot
|
Backdoor.Bot is a
hacker agent, it allows the
computer to be remotely
controlled by another user. | More details |
W32.Netsky.T@mm
|
Netsky.T
worm arrives as an e-mail
attachment. The infected
attachment name, message body and
subject is randomly chosen by the
worm. | More details |
W32.Stration@mm
|
Stration
aka Warezov is
a mass mailing worm, uses e-mail
addresses collected from the
infected system to distribute
infected messages. Stration
worm arrives as an e-mail
attachment. It has the ability to
download new variants of malware
from Internet.| More details |
W32.Blackmal.E@mm
|
W32.Blackmal.E@mm
aka
VB.BI is a mass mailing worm,
uses e-mail addresses collected
from the infected system to
distribute infected messages. It
attempts spread through network
shares.| More details |
W32.Sober.X@mm
|
Sober.X is
a mass mailing worm uses e-mail
addresses collected from the
system to distribute infected
mails. The worm uses its own SMTP
engine to spread. The infected
mail will be in English or German.| More details
|
W32.Beagle.AV@mm
|
Beagle.AV
is
a mass mailing worm, uses e-mail
addresses collected from the
infected system to distribute
infected messages. Beagle
worm arrives as an e-mail
attachment.
| More details |
W32.Sasser.Worm
|
Sasser is
a network Worm, exploits a
remote code execution
vulnerability LSASS to infect
target systems. It
scans for IP addresses and
infects unpatched systems. This
worm targets Windows 2000, and
Windows XP systems. | More details |
W32.Netsky.P@mm
|
Netsky.P is
a modified variant of Netsky.C
worm. This mass mailing worm
spreads using e-mail
addresses collected from MSG, OFT,
SHT, DBX, TBB, ADB, DOC, WAB, ASP,
UIN, RTF, VBS, HTML, HTM, PL, PHP,
TXT, SHTM, DHTM, CGI and EML
files to distribute infected
messages. Netsky.P worm
arrives as an e-mail attachment. | More details |
W32.Netsky.D@mm
|
Netsky.D is
a modified variant of Netsky.C
worm. This mass mailing worm
spreads using e-mail
addresses collected from MSG, OFT,
SHT, DBX, TBB, ADB, DOC, WAB, ASP,
UIN, RTF, VBS, HTML, HTM, PL, PHP,
TXT, SHTM, DHTM, CGI and EML
files to distribute infected
messages. Netsky.D worm
arrives as an e-mail attachment. The
infected attachment name, message
body and subject is randomly
chosen by the worm.
| More details |
W32.Mydoom.A@mm
|
Novarg
aka Mydoom
is a mass mailing worm, uses
e-mail addresses collected from .wab,
.adb, .tbb, .dbx, .asp, .php, .sht,
.htm, .txt files to distribute
infected messages. Novarg
worm arrives as an e-mail
attachment. The infected
attachment name, subject and
message body is randomly chosen
by the worm. The worm
also spreads using KaZaA P2P
network.
| More details |
W32.Blaster.Worm
|
Blaster
worm exploits a vulnerability
DCOM RPC [ Buffer Overrun In RPC
Interface ] to infect target
systems. The
worm randomly scans for IP
addresses [ X.X.X.0 Example:
202.124.64.0 ] and infects the
vulnerable systems. This worm
targets Windows NT, 2000, XP, and
Windows Server 2003 systems. | More details |
W32.Klez.H@mm
|
Klez.H
is a modified variant of original
Klez.E
worm
and it is rapidly spreading in
the wild. I-worm/Klez.H
arrives as an e-mail attachment
with different names.
| More details |
W32.Yaha.K@mm
|
Yaha.K is
a mass mailing worm uses e-mail
addresses stored in Windows
Address book and also collects
addresses from .ht* files to
distribute infected messages. It
also spreads through MSN
messenger list, ICQ list and
Yahoo pager list. | More details |
W32.Bugbear@mm
|
BugBear
is an Internet worm, uses e-mail
addresses stored in Windows
Address book and network
shares.
It also collects addresses from .dbx, .mbx,
.eml, and .ocs files to
distribute infected messages. The
worm randomly chooses the message
body and subject. | More details |
Worm/Opaserv.A
|
Opaserv is a
network worm, spreads using
shared network drives.
Opaserv infects only the network
shares and it will
not spread using e-mail
attachments. When
executed, it will search for
Windows folder in the local
system and network and copies to "Scrsvr.exe".
| More details
|
W32.Yaha.E@mm
|
Yaha.E is
a mass mailing worm uses e-mail
addresses stored in Windows
Address book and also collects
addresses from .ht* files to
distribute infected messages. It
also spreads through MSN
messenger list, ICQ list and
Yahoo pager list. | More details |
W32.Klez.E@mm
|
Klez.E
is modified variant of original
Klez worm. Klez.E variant rapidly
spreads in the wild. I-worm/Klez.E
arrives as an e-mail attachment.
The attachments are embedded
within the e-mail and it won't
visible to the user.
| More details |
W32.BadTrans.B@mm
|
W32.BadTrans.B@mm
is modified variant of original BadTrans
worm. This encrypted worm sends
infected mails to e-mail address
collected from web pages and
Windows address book. It also
drops Trojan.PSW.Hooker.b in the
victims PC. The virus author can
steal username and password
details using this password
stealer. | More details |
W32.SirCam@mm
|
SirCam
is a mass mailing worm uses e-mail
addresses stored in Windows
Address book and also collects
addresses from temporary Internet
folder to distribute infected
messages. SirCam is also network
aware worm. It searches for
network shares and infects them
too. | More details |
HomePage
aka
VBSWG.X
|
VBS/HomePage
aka VBS/VBSWG.X is a encrypted VB
script worm uses Microsoft
outlook to spread. The email
message subject will be "
Homepage " and the
attachment will be "homepage.HTML.vbs"
and the message body will be "Hi!
You've got to see this page! It's
really cool ;O)". | More details |
W32.BadTrans@mm
|
BadTrans
is an encrypted worm spreads via
MAPI function of Microsoft
Outlook and it also drops Trojan.PSW.Hooker.b
in the victims PC. The virus
author can steal username and
password details using the
password stealer. | More details |
W32/Magistr
|
W32/Magistr
is a complex polymorphic worm
spreads via email and it contains
virus components to infect PE
files [*.EXE,
*.SCR] in
Windows environment. It infects
local machine and PCs connected
to the local network (LAN). It is
discovered in March 2001 and
frequently reported in the wild. | More details |
W95/Hybris
|
Hybris
is a complex deadly worm, it will
update the plugins from the virus
author's site or through a virus
conference news group alt.comp.virus.
The worm uses Win95/Babylonia
virus
technique to download plugins,
but it uses strong encryption on
plugins using RSA 128 bit keys.
The worm patches WSOCK32.DLL to
email automatically. | More details |
W32.Prolin@mm
|
Prolin is an
Internet worm, uses
Microsoft Outlook to email itself.The
worm is 36,834 bytes long and
written in Visual Basic version 6.
It needs "MSVBVM60.dll"
to spread otherwise it will show
DLL missing error. The e-mail
attachment name will be "Creative.exe". | More details |
W32/MTX
|
MTX
is a complex encrypted worm
spreads via email and carries a
virus to infect local machine
files. It is discovered one month
back and frequently reported in
the wild. When executed, the worm patches
WSOCK32.DLL to email
automatically. The virus
component uses EPO (
Entry Point Obscuring )
technology to
infect files. | More details |
Wscript/KAK
Worm
|
Wscript/Kak
is a worm that exploits security
vulnerabilities in Microsoft
Internet Explorer and Microsoft
Outlook in a way similar to Bubbleboy worm. It
will ONLY infect PCs running Windows
98 with Internet Explorer
5 and Outlook or Outlook
Express. | More details |
W97M/Marker
family
|
W97M/Marker
(also known as HSFX) is a Word
macro virus that collects user
information from Word and uses
FTP to send it over the internet.
The virus is similar to W97M/Caligula.
It sends the data over to
codebreakers.org. It also has
some similarities to W97M/Ethan.| More details |
PrettyPark.
worm
|
Pretty Park is an
Internet worm, uses mass
mailing and mIRC clients to
spread. There are lot of unpacked
variants also reported in the
wild. | More details |
W97M/Ethan
family
|
Ethan is
a simple macro virus, consisting
of a single macro less than 50
lines long. It infects Word's
NORMAL.DOT template and documents
by inserting it's code to a
module in the document.| More details |
Worm.Happy99
|
The is a Win32-based
e-mail and newsgroup worm. It
displays fireworks when executed
first time as Happy99.exe. When
executed first time, it creates
SKA.EXE and SKA.DLL in the system
directory. Also it modifies WSOCK32.DLL
to infect.| More details |
X97M/Laroux
family
|
XM/Laroux
is the first macro virus for
Microsoft Excel for Windows which
actually works. The virus
intercepts Excel's AutoOpen
automacro. When an infected
spreadsheet is opened, the virus
activates and checks whether the
system is already infected. If
not , the virus creates an Excel
for Windows file named PERSONAL.XLS
in the Excel for Windows default
startup directory (e.g. C:\MSOFFICE\EXCEL
\XLSTART) and copies itself there.| More details |
W32/Funlove
|
This
is a Win32 PE file virus infects
EXE, SCR, OCX files under Win9x
and WinNT 4.0 platforms. The
infected files will increase by
4099 bytes. What is notable about
this virus is that it uses a new
strategy to attack the Windows NT
file security system and it runs
as a service on Windows NT
systems. | More details |
WYX Boot
|
WYX boot uses
floppy disks to infect other PCs.
If you accidentally switch on the
PC with an infected disk it will
infect Partition table and Boot
sector of Hard disk. It spreads
on DOS, Windows 9x and Windows NT
environments. Some times it
failed to replicate in Windows
environment and damages the data.|
More details |
VBS/LoveLetter
|
VBS/LoveLetter
is a VB Script uses Microsoft
outlook and Mirc clients to
spread. It is spreading faster
than Melissa virus. It causes
heavy e-mail traffic and downs
many mail servers. There are
several variants reported in the
wild. The attachments will be LOVE-LETTER-FOR-YOU.TXT.VBS,
mothersday.vbs, Urgent_virus_warning.vbs,
IMPORTANT.TXT.VBS, Virus-Protection-Informations.vbs,
ArabAir.TXT.vbs, BEWERBUNG.TXT.vbs,
KillEmAll.TXT.vbs, protect.vbs or
Very Funny.vbs . | More details |
Win95/CIH
virus
|
A more dangerous
and deadly virus called "CIH"
has spread rapidly and remains
dormant in many computers. This
virus will wake up or get
activated on 26th of April and it
will damage the motherboard and
the hard disk. The damage caused
could be extreme and expensive. | More details
|
