Navigation Menu 1

Search :

Change text size:

Navigation Menu 2

W32.Sober.X@mm (23 Nov 2005)
W32.Sober.X@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message written in either English or German with varying subjects, message bodies, spoofed sender addresses and an attachment with a .ZIP file containing an executable file. Upon execution, it displays a fake error message containing the text "Error in packed Header". Moreover, the worm also attempts to terminate various processes. For more information about this virus, please refer to the following links:
- Information from CME
  http://cme.mitre.org/data/list.html#681
- Information from F-Secure
- Information from McAfee
- Information from Sophos
- Information from Symantec
- Information from Trend Micro

W32.Sober.Q@mm (7 Oct 2005)
W32.Sober.Q@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message written in either English or German with varying subjects, message bodies, spoofed sender addresses and an attachment with a .ZIP file containing an executable file. Upon execution, it displays a fake error message containing the text "Error in packed file! CRC Header must be $7ff8". Moreover, the worm also attempts to terminate various processes. For more information about this virus, please refer to the following links:
- Information from CME
  http://cme.mitre.org/data/list.html#151
- Information from F-Secure
- Information from McAfee
- Information from Sophos
- Information from Symantec
- Information from Trend Micro

W32.Zotob.E (17 Aug 2005)
W32.Zotob.E is a worm that exploits the Microsoft Windows Plug and Play Service vulnerability through TCP port 445 as described in Microsoft Security Bulletin MS05-039 released on 9 August 2005. This worm will open a backdoor to allow a remoter user to access an infected system. Moreover, it will also open a TFTP service, and drop and execute a copy of the worm in the infected system. For more information about this virus, please refer to the following links:

W32.Sober.O@mm (3 May 2005)
W32.Sober.O@mm is a mass mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message written in either English or German with varying subjects, message bodies, spoofed sender addresses and an attachment with a .ZIP file extension. When infecting a computer, it displays a fake error message containing the text "Error: CRC not complete". For more information about this virus, please refer to the following links:

W32.Beagle.BH@mm (2 Mar 2005)
W32.Beagle.BH@mm is a mass-mailing worm, which sends out copies of the Trojan program, Trojan.Tooso.B, to victim computer. The Trojan arrives as an HTML formatted email with a .ZIP attachment. It terminates anti-virus programs, anti-virus definition updating processes and security-related applications. It also prevents users and programs from accessing most anti-virus websites. In addition, it opens a backdoor program on TCP port 80 to allow a remoter user to take control of the infected system. For more information about this virus, please refer to the following links:

W32.Mydoom.AX@mm (17 Feb 2005)
W32.Mydoom.AX@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. In additional, the worm may also use an Internet search engine and any active Outlook window to harvest more email addresses for possible distribution. It arrives in an email message with varying subjects, spoofed sender addresses and an attachment with .EXE, .COM, .SCR, .PIF, .BAT or .CMD as the file extension. The worm may be embedded in the attachment if it is a ZIP file and the attachment may be zipped twice. The worm also spreads via peer-to-peer file-sharing networks. When the worm is executed, it attempts to download a Trojan program. For more information about this virus, please refer to the following links:

W32.Beagle.AZ@mm (27 Jan 2005)
W32.Beagle.AZ@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses harvested from infected machines. It arrives in an email message with spoofed sender addresses and the attachment will have name like a .COM, .CPL, .EXE or .SCR file extension. The worm also spreads via peer-to-peer file-sharing networks. When the worm is executed, it attempts to download a file from a list of websites. For more information about this virus, please refer to the following links: