Virus Alerts in 2003

• W32.Mimail.C@mm
  W32.Mimail.C@mm is a mass-mailing worm that arrives as an email attachment named photos.zip. The worm attempts to perform a denial of service attack against certain sites and to steal information from infected computers.

• W32.Sobig.F@mm
  W32.Sobig.F@mm is a mass-mailing, network-aware worm that disguises itself as an email from admin@internet.com or other email address. The worm will deactivate on September 10, 2003.

• W32.Welchia.Worm
  W32.Welchia.Worm is a worm that exploits the Microsoft RPC and WebDav vulnerabilities. If the infected system has previously been infected with the W32.Blaster.Worm worm, W32.Welchia.Worm will attempt to remove W32.Blaster.Worm from the infected system. W32.Welchia.Worm also downloads the Microsoft RPC patch and installs it. After 1 January 2004, the worm will delete itself upon execution.

• W32.Blaster.Worm
  W32.Blaster.Worm is a worm that exploits the Microsoft RPC Vulnerability. After August 15 the worm will perform a distributed denial of service attack on windowsupdate.com.

• W32.Mimail.A@mm
  W32.Mimail.A@mm is a mass-mailing worm that arrives as an email attachment, which is an ZIP file containing an HTML file with an embedded executable. This worm takes advantage of vulnerabilities in Microsoft Internet Explorer and Outlook Express to run the executable when the attachment is opened.

• W32.Sobig.E@mm
  W32.Sobig.E@mm is a mass-mailing worm that disguises itself as an email from support@yahoo.com or other email address. It also spreads via network shares.

• W32.Bugbear.B@mm
  W32.Bugbear.B@mm is a mass mailing worm that also spreads via network shares and infects certain executable files. It has keystroke-logging and backdoor capabilities which may allow password stealing and unauthorised access to infected machine.

• W32.Sobig.C@mm
  W32.Sobig.C@mm is a mass-mailing worm that disguises itself as an email from bill@microsoft.com. It also spreads via network shares.

• W32.Sobig.B@mm
  W32.Sobig.B@mm is a mass-mailing worm that disguises itself as an email from support@microsoft.com. It also spreads via network shares.

• W32/Fizzer@MM
  W32/Fizzer@MM is a worm with backdoor functionality, which propagates via email and the Kazaa file-sharing network.

• "Code Red III" Worm
  "Code Red III" worm is a new variant of Code Red II. It is almost identical to CodeRed II, with just two bytes changed. It stopped spreading in the end of 2002 - the change in CodeRed III changes this and enables it to spread forever. It still uses the old exploit to infect IIS Web Servers.

• W32.Deloder.A
  W32.Deloder.A is a network worm infecting Windows machines which have set a weak password to the "Administrator" account. It also installs two backdoor program which includes a configured VNC server and an IRC bot.

• W32.Lovgate.C@mm
  W32.Lovgate.C@mm is a mass-mailing and backdoor worm. The worm spreads via email and network-shared folders. It also has backdoor capability which allows remote users to access the infected system through port 10168.

• SQL Slammer Worm
  SQL Slammer worm targets systems running Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000. The worm is spreading using a buffer overflow to exploit a flaw in Microsoft SQL Server 2000. The buffer overflow exists because of the way SQL improperly handles data sent to its Microsoft SQL Monitor port - UDP port 1434.

• W32.Sobig.A@mm
  W32.Sobig.A@mm is a mass-mailing worm that also spreads by open network shares. The worm sends itself to all the addresses it finds in the .txt, .eml, .html, .htm, .dbx, and .wab files.

• W32.Lirva@mm
  W32.Lirva@mm is a mass-mailing worm that also spreads by the IRC, ICQ, KaZaA, and open network shares. This worm attempts to terminate antivirus and firewall program. It also emails cached Windows passwords to an external email address.

More Virus Alerts

Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) - Computer Virus

Selected virus alerts in recent years

• 2008
• 2007
• 2006
• 2005
• 2004
• 2003
• 2002
• 2001