繁體版 簡体版 Text Only 繁體文字版 簡体文字版
FAQ Search :
GO Change text size:
A
A
A
Home PrintPrint
   
 

Virus Alerts in 2004

  • W32.Erkez.D@mm (15 Dec 2004)
    W32.Erkez.D@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in a Christmas greeting email message written in different languages such as Hungarian or English with varying subjects, message bodies, spoofed sender addresses and an attachment with a .COM,.CMD, .PIF, .BAT or .ZIP file extension. The worm also spreads via peer-to-peer file-sharing networks. It opens a backdoor on TCP port 8181 and attempts to terminate various anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • W32.Sober.I@mm (19 Nov 2004)
    W32.Sober.I@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message written in either English or German with varying subjects, message bodies, spoofed sender addresses and an attachment with a .EXE, .SCR, .COM, .PIF, .BAT or .ZIP file extension. When infecting a computer, it displays a fake error message containing the text "WinZip_Data_Module is missing ~Error: {2A0DCCF6}". For more information about this virus, please refer to the following links:

  • W32.Beagle.AW@mm (30 Oct 2004)
    W32.Beagle.AW@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message with spoofed sender addresses and the subject "Re:", "Re: Hello", "Re: Hi", "Re: Thank you!" or "Re: Thanks :)". The message body will be ":)" or ":))", and the attachment will have the name Price, price or Joke with a .COM, .CPL, .EXE or .SCR file extension. The worm also spreads via peer-to-peer file-sharing networks. When the worm is executed, it attempts to download a file from a list of websites. It opens a backdoor on TCP port 81 and attempts to terminate various anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • W32.Beagle.AV@mm (29 Oct 2004)
    W32.Beagle.AV@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message with spoofed sender addresses and the subject "Re:", "Re: Hello", "Re: Hi", "Re: Thank you!" or "Re: Thanks :)". The message body will be ":)" or ":))", and the attachment will have the name Price, price or Joke with a .COM, .CPL, .EXE or .SCR file extension. When the worm is executed, it attempts to download a file from a list of websites. W32.Beagle.AV@mm also spreads via network shares, opens a backdoor on TCP port 81 and attempts to terminate various anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • W32.MyDoom.Q@mm (16 Aug 2004)
    W32.MyDoom.Q@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message with the subject line "Photos" and the body of the message reads: "LOL!;))))". The sender's email address is spoofed and the attachment has the name photos_ars.exe. The worm also downloads and executes a backdoor program from a list of websites. For more information about this virus, please refer to the following links:

  • W32.Beagle.AO@mm (10 Aug 2004)
    W32.Beagle.AO@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message with a blank subject and spoofed sender addresses. The message body will be "New price" and the attachment has the name price.zip, price2.zip, price_new.zip, price_08.zip, 08_price.zip, newprice.zip, new_price.zip or new__price.zip. The ZIP file contains two files, an html file (price.html) and a downloader (price.exe). When price.exe is executed, it downloads the worm itself from a list of websites. W32.Beagle.AO@mm also spreads via peer-to-peer file-sharing networks, opens a backdoor on UDP and TCP port 80 and attempts to terminate several anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • W32.Mydoom.M@mm
    W32.Mydoom.M@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. In addition the worm may also use an Internet search engine to harvest more email addresses for possible distribution. It arrives in an email message with varying subjects, message bodies, spoofed sender addresses and an attachment with a .BAT, .CMD, .COM, .EXE, .PIF, .SCR, or .ZIP file extension. W32.Mydoom.M@mm also opens a backdoor on TCP port 1034. For more information about this virus, please refer to the following links:

  • W32.Beagle.AG@mm
    W32.Beagle.AG@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message with varying subjects, message bodies, spoofed sender addresses and an attachment with a .EXE, .SCR, .COM, .CPL, or .ZIP file extension. If the attachment is a password-protected .ZIP file, the password is included in the message body. Upon execution, the worm copies itself into the Windows System directory as WinXP.exe. W32.Beagle.AG@mm also spreads via peer-to-peer file-sharing networks, opens a backdoor on TCP port 1080 and attempts to terminate several anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • W32.Beagle.AB@mm
    W32.Beagle.AB@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message with varying subjects, message bodies, spoofed sender addresses and an attachment with a .EXE, .SCR, .COM, .CPL, or .ZIP file extension. If the attachment is a password-protected .ZIP file, the password is included in the message body. The worm also spreads via peer-to-peer file-sharing networks. W32.Beagle.AB@mm also opens a backdoor on TCP port 1080 and attempts to terminate several anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • W32.Beagle.Y@mm
    W32.Beagle.Y@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message with varying subjects, message bodies, spoofed sender addresses and an attachment with a .HTA, .VBS, .EXE, .SCR, .COM, .CPL, or .ZIP file extension. If the attachment is a password-protected .ZIP file, the password is included in the message body. The worm also spreads via peer-to-peer file-sharing networks. When infecting a computer, it displays a fake error message containing the text "Can't find a viewer associated with the file". W32.Beagle.Y@mm also opens a backdoor on TCP port 1234 and attempts to terminate several anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • Troj_Dingxa.A
    Troj_Dingxa.A is a Trojan horse that can be maliciously used to steal online banking information on the infected computers. In contrast to virus or worm, Troj_Dingxa.A will not spread by itself automatically and it must be manually executed to be infected, such as by disgusing itself as something useful to entice the victim to download and execute or arrives as an attachment to an email or instant message sent by the attacker. When Troj_Dingxa.A is executed, it checks the title bar of the current browser window against a list of strings contained within the Trojan to determine if it is the login page of certain online banks in the Mainland China. If a match is found, the Trojan will log the keystrokes entered by the user and send the information captured to a designated address. Users can prevent infection of this Trojan by following security best practices and avoid visiting/opening suspicious websites/emails or executing attachments/programs from doubtful sources. Troj_Dingxa.A can be detected by most anti-virus software with updated virus signatures. For more information about this Trojan horse, please refer to the following links:

  • W32.Beagle.X@mm
    W32.Beagle.X@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses harvested from the infected machine. It arrives in an email message from a spoofed sender with varying subjects and an attachment with a .HTA, .VBS, .EXE, .SCR, .COM, .CPL, or .ZIP file extension. The message body is either blank or a password if the attachment is a .ZIP file. The worm also spreads via peer-to-peer file-sharing networks. When infecting a computer, it displays a fake error message containing the text "Can't find a viewer associated with the file". W32.Beagle.X@mm also includes a backdoor component and attempts to terminate several anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • W32.Beagle.W@mm
    W32.Beagle.W@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses harvested from the infected machine. It arrives in an email message from a spoofed sender with a subject and body composed from a pool of strings carried within the worm. There may be two attached files one is a JPEG file that contains a picture of a girl and the other is a copy of the worm with a .HTA, .VBS, .EXE, .SCR, .COM, .CPL, or .ZIP file extension. The worm also spreads via peer-to-peer file-sharing networks. When infecting a computer, it displays a fake error message containing the text "Can't find a viewer associated with the file". W32.Beagle.W@mm also includes a backdoor component and attempts to terminate several anti-virus and security related applications. For more information about this virus, please refer to the following links:

  • W32.Netsky.Y@mm
    W32.Netsky.Y@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses harvested from the infected machine. It arrives in an email message from a spoofed sender with the subject line "Delivery failure notice (ID-<random number>)". W32.Netsky.Y@mm also includes a backdoor component which allows an attacker to upload and execute arbitrary programs on infected computers, and performs a Denial of Service (DoS) attack against certain websites between 28th and 30th of April 2004. For more information about this virus, please refer to the following links:

  • W32.Beagle.J@mm
    W32.Beagle.J@mm is a mass-mailing worm that arrives as a zipped attachment that contains the worm's executable with a random file name and an icon that makes the file looks like a WordPad file. It also spreads via peer-to-peer file-sharing networks. Furthermore, W32.Beagle.J@mm also contains a backdoor component.

  • W32.Netsky.D@mm
    W32.Netsky.D@mm is a mass-mailing worm that is a new variant of W32.Netsky.C@mm. The worm also attempts to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM worms. On Mar 02, between 6:00 and 9:00 am, the worm makes random beeping sounds with varying pitches and rhythm.

  • W32.Beagle.E@mm
    W32.Beagle.E@mm is a mass-mailing worm that arrives as a zipped attachment that contains the worm's executable with a random file name and an icon that makes the file looks like a text file. W32.Beagle.E@mm also contains a backdoor component.

  • W32.Beagle.C@mm
    W32.Beagle.C@mm is a mass-mailing worm that arrives as a zipped attachment that contains the worm's executable with a random file name and an icon that makes the file looks like an Excel spreadsheet. W32.Beagle.C@mm also contains a backdoor component.

  • W32.Netsky.C@mm
    W32.Netsky.C@mm is a mass-mailing worm that also spreads via network shares and peer-to-peer file-sharing networks. The worm also attempts to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM worms. On Feb 26, between 6:00 and 8:00 am, the worm makes random beeping sounds with varying pitches and rhythm.

  • W32.Mydoom.F@mm
    W32.Mydoom.F@mm is a mass-mailing worm that opens a backdoor on TCP port 1080. It also performs a Denial of Service (DoS) attack against www.microsoft.com and www.riaa.com between 17th and 22nd of any month.

  • W32.Netsky.B@mm
    W32.Netsky.B@mm is a mass-mailing worm that also spreads via network shares and peer-to-peer file-sharing networks. The worm also attempts to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM worms.

  • W32.Beagle.B@mm
    W32.Beagle.B@mm is a mass-mailing worm that includes a backdoor component. When infecting a computer, the worm deliberately launches the Windows Sound Recorder to hide its malicious intent.

  • W32.Mydoom.A@mm
    W32.Mydoom.A@mm is a mass-mailing and peer-to-peer file-sharing worm that includes a backdoor component. When infecting a computer, the worm deliberately launches Notepad with garbage data in it to pretend that it is harmless.

  • W32.Beagle.A@mm
    W32.Beagle.A@mm is a mass-mailing worm that includes a backdoor component. When infecting a computer, the worm deliberately launches the Calculator application to hide its malicious intent.

More Virus Alerts

Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) - Computer Virus

Selected virus alerts in recent years

  
 
     
Previous Top
 
Sitemap | Contact Us | Privacy Policy | Disclaimer
 

Copyright 2009. The Government of the Hong Kong Special Administrative Region.