-
W32.Mimail.C@mm
W32.Mimail.C@mm is a mass-mailing worm that
arrives as an email attachment named photos.zip.
The worm attempts to perform a denial of service
attack against certain sites and to steal
information from infected computers.
-
W32.Sobig.F@mm
W32.Sobig.F@mm is a mass-mailing, network-aware
worm that disguises itself as an email from
admin@internet.com or other email address.
The worm will deactivate on September 10,
2003.
-
W32.Welchia.Worm
W32.Welchia.Worm is a worm that exploits the
Microsoft RPC
and WebDav
vulnerabilities. If the infected system has
previously been infected with the W32.Blaster.Worm
worm, W32.Welchia.Worm will attempt to remove
W32.Blaster.Worm from the infected system.
W32.Welchia.Worm also downloads the Microsoft
RPC patch and installs it. After 1 January
2004, the worm will delete itself upon execution.
-
W32.Blaster.Worm
W32.Blaster.Worm is a worm that exploits the
Microsoft RPC Vulnerability. After August
15 the worm will perform a distributed denial
of service attack on windowsupdate.com.
-
W32.Mimail.A@mm
W32.Mimail.A@mm is a mass-mailing worm that
arrives as an email attachment, which is an
ZIP file containing an HTML file with an embedded
executable. This worm takes advantage of vulnerabilities
in Microsoft Internet
Explorer and Outlook
Express to run the executable when the
attachment is opened.
-
W32.Sobig.E@mm
W32.Sobig.E@mm is a mass-mailing worm that
disguises itself as an email from support@yahoo.com
or other email address. It also spreads via
network shares.
-
W32.Bugbear.B@mm
W32.Bugbear.B@mm is a mass mailing worm that
also spreads via network shares and infects
certain executable files. It has keystroke-logging
and backdoor capabilities which may allow
password stealing and unauthorised access
to infected machine.
-
W32.Sobig.C@mm
W32.Sobig.C@mm is a mass-mailing worm that
disguises itself as an email from bill@microsoft.com.
It also spreads via network shares.
-
W32.Sobig.B@mm
W32.Sobig.B@mm is a mass-mailing worm that
disguises itself as an email from support@microsoft.com.
It also spreads via network shares.
-
W32/Fizzer@MM
W32/Fizzer@MM is a worm with backdoor functionality,
which propagates via email and the Kazaa file-sharing
network.
-
"Code
Red III" Worm
"Code Red III" worm is a new variant
of Code Red II. It is almost identical to
CodeRed II, with just two bytes changed. It
stopped spreading in the end of 2002 - the
change in CodeRed III changes this and enables
it to spread forever. It still uses the old
exploit to infect IIS Web Servers.
-
W32.Deloder.A
W32.Deloder.A is a network worm infecting
Windows machines which have set a weak password
to the "Administrator" account.
It also installs two backdoor program which
includes a configured VNC server and an IRC
bot.
-
W32.Lovgate.C@mm
W32.Lovgate.C@mm is a mass-mailing and backdoor
worm. The worm spreads via email and network-shared
folders. It also has backdoor capability which
allows remote users to access the infected
system through port 10168.
-
SQL
Slammer Worm
SQL Slammer worm targets systems running Microsoft
SQL Server 2000 and Microsoft Desktop Engine
(MSDE) 2000. The worm is spreading using a
buffer overflow to exploit a flaw in Microsoft
SQL Server 2000. The buffer overflow exists
because of the way SQL improperly handles
data sent to its Microsoft SQL Monitor port
- UDP port 1434.
-
W32.Sobig.A@mm
W32.Sobig.A@mm is a mass-mailing worm that
also spreads by open network shares. The worm
sends itself to all the addresses it finds
in the .txt, .eml, .html, .htm, .dbx, and
.wab files.
-
W32.Lirva@mm
W32.Lirva@mm is a mass-mailing worm that also
spreads by the IRC, ICQ, KaZaA, and open network
shares. This worm attempts to terminate anti-virus
and firewall program. It also emails cached
Windows passwords to an external email address.
English
