InfoSec
[General Users] [Youngsters & Students] [Parents and Teachers] [IT Professionals] [SME]
Virus Alerts in 2005
W32.Sober.X@mm
(23 Nov 2005)
W32.Sober.X@mm is a mass mailing worm that
uses its own SMTP engine to send itself to
email addresses harvested from infected machines.
It arrives in an email message written in
either English or German with varying subjects,
message bodies, spoofed sender addresses and
an attachment with a .ZIP file containing
an executable file. Upon execution, it displays
a fake error message containing the text "Error
in packed Header". Moreover, the worm
also attempts to terminate various processes.
For more information about this virus, please
refer to the following links:
W32.Sober.Q@mm
(7 Oct 2005)
W32.Sober.Q@mm is a mass mailing worm that
uses its own SMTP engine to send itself to
email addresses harvested from infected machines.
It arrives in an email message written in
either English or German with varying subjects,
message bodies, spoofed sender addresses and
an attachment with a .ZIP file containing
an executable file. Upon execution, it displays
a fake error message containing the text "Error
in packed file! CRC Header must be $7ff8".
Moreover, the worm also attempts to terminate
various processes. For more information about
this virus, please refer to the following
links:
W32.Zotob.E
(17 Aug 2005)
W32.Zotob.E is a worm that exploits the Microsoft
Windows Plug and Play Service vulnerability
through TCP port 445 as described in Microsoft
Security Bulletin MS05-039 released on 9 August
2005. This worm will open a backdoor to allow
a remoter user to access an infected system.
Moreover, it will also open a TFTP service,
and drop and execute a copy of the worm in
the infected system. For more information
about this virus, please refer to the following
links:
W32.Sober.O@mm
(3 May 2005)
W32.Sober.O@mm is a mass mailing worm that
uses its own SMTP engine to send itself to
email addresses harvested from infected machines.
It arrives in an email message written in
either English or German with varying subjects,
message bodies, spoofed sender addresses and
an attachment with a .ZIP file extension.
When infecting a computer, it displays a fake
error message containing the text "Error:
CRC not complete". For more information
about this virus, please refer to the following
links:
W32.Beagle.BH@mm
(2 Mar 2005)
W32.Beagle.BH@mm is a mass-mailing worm, which
sends out copies of the Trojan program, Trojan.Tooso.B,
to victim computer. The Trojan arrives as
an HTML formatted email with a .ZIP attachment.
It terminates antivirus programs, antivirus
definition updating processes and security-related
applications. It also prevents users and programs
from accessing most antivirus websites. In
addition, it opens a backdoor program on TCP
port 80 to allow a remoter user to take control
of the infected system. For more information
about this virus, please refer to the following
links:
W32.Mydoom.AX@mm
(17 Feb 2005)
W32.Mydoom.AX@mm is a mass-mailing worm that
uses its own SMTP engine to send itself to
email addresses harvested from infected machines.
In additional, the worm may also use an Internet
search engine and any active Outlook window
to harvest more email addresses for possible
distribution. It arrives in an email message
with varying subjects, spoofed sender addresses
and an attachment with .EXE, .COM, .SCR, .PIF,
.BAT or .CMD as the file extension. The worm
may be embedded in the attachment if it is
a ZIP file and the attachment may be zipped
twice. The worm also spreads via peer-to-peer
file-sharing networks. When the worm is executed,
it attempts to download a Trojan program.
For more information about this virus, please
refer to the following links:
W32.Beagle.AZ@mm
(27 Jan 2005)
W32.Beagle.AZ@mm is a mass-mailing worm that
uses its own SMTP engine to send itself to
email addresses harvested from infected machines.
It arrives in an email message with spoofed
sender addresses and the attachment will have
name like a .COM, .CPL, .EXE or .SCR file
extension. The worm also spreads via peer-to-peer
file-sharing networks. When the worm is executed,
it attempts to download a file from a list
of websites. For more information about this
virus, please refer to the following links:
More Virus Alerts
Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) - Computer Virus
Selected virus alerts in recent years
| Previous | Top |
Sitemap | Contact Us | Privacy Policy | Disclaimer
Copyright 2009. The Government of the Hong Kong Special Administrative Region.