VIRUS NAME
|
DETAILS
|
W32.Winevar@mm
|
Winevar
is an Internet worm, uses e-mail
addresses collected from DBX and HTM files to
send infected messages. The worm main
attachment will be "WIN<random
characters>.PIF". The subject and
message body will be random.| More details |
Worm/Opaserv.A
|
Opaserv
is a network worm, spreads using shared
network drives.
Opaserv infects only the network shares and it
will not spread using e-mail
attachments.When executed, it will search for
Windows folder in the local system and network
and copies to "Scrsvr.exe".| More details |
W32.Braid.A@mm
|
Brid.A
is an Internet worm, uses e-mail
addresses collected from DBX and HTM files to
send infected messages. The worm attachment
will be "README.EXE". This worm is
also known as I-Worm/Bridex, W32/Braid-A,
PE_BRID.A, W32.Brid.A@mm, Bridex worm.| More details |
W32.Frethem.K@mm
|
Frethem.K
is
a modified variant of Frethem mass mailing
worm. It uses e-mail addresses stored in
Windows Address book and collects addresses
from .dbx,
.wab, .mbx, .eml, and .mdb files
to
distribute infected messages.| More details |
Jdbgmgr hoax
|
A
hoax message claiming that a new virus is
hiding in the Windows utility file JDBGMGR.EX.
This is a Windows system file used by Windows
Java runtime machine. It is not infected with
any virus and do not delete this file. Also do
not forward this hoax message to anyone.| More details |
W32.Klez.H@mm
|
Klez.H
is modified variant of original
Klez worm. Klez.H variant rapidly
spreads in the wild. It
arrives as an e-mail attachment
and the attachments are embedded
within the e-mail and it won't
visible to the user.| More details |
W32.Gibe.A@mm
|
Gibe is an
Internet worm uses
Microsoft Outlook and its own
SMTP engine to spread. The worm
is 122880 bytes long and the
e-mail attachment name will be "Q216309.exe". Gibe worm
sends fakes email as it is an
update coming from Microsoft.| More details
|
W32.Klez.E@mm
|
Klez.E
is modified variant of original
Klez worm. Klez.E variant rapidly
spreads in the wild. I-worm/Klez.E
arrives as an e-mail attachment.
The attachments are embedded
within the e-mail and it won't
visible to the user.| More details |
W32.Nimda.A@mm
|
Nimda
is a mass mailing worm uses
different techniques to spread.
It will infect network shares,
local PE files and already
vulnerable Microsoft IIS web
servers. Because of the IIS
server infection it generates
heavy network traffic. Nimda also
uses CodeRed dropped
trojan to find the target server.| More details
|
W32.APost.A@mm
|
APost is an
Internet worm uses
Microsoft Outlook to spread. The
worm is 24,576 bytes
long and written in Visual Basic
6.0. It needs
"MSVBVM60.dll" to
spread otherwise it will show dll
missing error. The attachment
name will be
"Readme.exe". It is
also known as I-Worm.Readme,
WORM_APOST| More details
|
IIS.CodeRed
Worm
|
CodeRed worm
spreads using .ida buffer
overflow attack vulnerability in
IIS Web servers. The worm will
attack unprotected IIS servers.
Web administrators are requested
to install the security patch
provided by Microsoft. | More details
|
VBS/Redlof.A
|
VBS/Redlof.A is an encrypted
Visual basic script worm, uses Microsoft
outlook Express to spread. It also infects VBS,
HTML, HTM, ASP, PHP, JSP, and HTT files. | More details
|
W32.SirCam@mm
|
SirCam
is a mass mailing worm uses
e-mail addresses stored in
Windows Address book and also
collects addresses from temporary
Internet folder to distribute
infected messages. SirCam is also
network aware worm. It searches
for network shares and infects
them too. | More details |
VBS/Jolin
|
VBS/Jolin
is an intended VB script worm
uses Microsoft outlook and mIRC
to spread. The worm contains bugs
in its code, so it won't work
properly. The email message
subject will be "FW: Check
this out... " and the
attachment will be "!!jolin_caught_naked!!!!.jpg.vbs
"
| More details |
VBS/Mawanella
|
VBS/Mawanella
aka VBS/VBSWG.Z is a encrypted VB
script worm uses Microsoft
outlook to spread. The email
message subject will be "
Mawanella" and the
attachment will be "Mawanella.vbs"
and the message body will be "Mawanella
is one of the Sri Lanka's Muslim
Village". | More details |
VBS/HomePage
|
VBS/HomePage
aka VBS/VBSWG.X is a encrypted VB
script worm uses Microsoft
outlook to spread. The email
message subject will be "
Homepage " and the
attachment will be "homepage.HTML.vbs"
and the message body will be "Hi!
You've got to see this page! It's
really cool ;O)". | More details |
W32.BadTrans@mm
|
BadTrans
is an encrypted worm spreads via
MAPI function of Microsoft
Outlook and it also drops
Trojan.PSW.Hooker.b in the
victims PC. The virus author can
steal username and password
details using the password
stealer. | More details |
W32/Magistr
|
W32/Magistr
is a complex polymorphic worm
spreads via email and it contains
virus components to infect PE
files [*.EXE,
*.SCR] in
Windows environment. It infects
local machine and PCs connected
to the local network (LAN). It is
discovered in March 2001 and
frequently reported in the wild. | More details |
W95.Hybris
|
Hybris
is a complex deadly worm, it will
update the plugins from the virus
author's site or through a virus
conference news group
alt.comp.virus. The worm uses Win95/Babylonia
virus
technique to download plugins,
but it uses strong encryption on
plugins using RSA 128 bit keys.
The worm patches WSOCK32.DLL to
email automatically. | More details |
W32.Prolin@mm
|
Prolin is an
Internet worm, uses
Microsoft Outlook to email
itself.The worm is 36,834 bytes
long and written in Visual Basic
version 6. It needs
"MSVBVM60.dll" to
spread otherwise it will show DLL
missing error. The e-mail
attachment name will be
"Creative.exe". | More details |
W32/MTX
|
MTX
is a complex encrypted worm
spreads via email and carries a
virus to infect local machine
files. It is discovered one month
back and frequently reported in
the wild. When executed, the worm patches
WSOCK32.DLL to email
automatically. The virus
component uses EPO (
Entry Point Obscuring )
technology to
infect files. | More details |
VBS/Stages
|
VBS/Stages
is a multi application Windows
worm uses Microsoft outlook,
mIRC, Pirch and mapped drives to
spread. Because of the mass
mailing routine it downs many
e-mail servers. The attachment
name will be "LIFE_STAGES.TXT.SHS"
and size will be 39,936 bytes.
| More details |
VBS/Plan
(VBS_Colombia)
|
VBS/Plan
is a new modified variant of VBS/LoveLetter worm
uses Microsoft outlook to spread.
While opening the e-mail
attachment, will copy LINUX32.vbs
and a random file name in windows
system folder and reload.vbs in
windows folder. Then it
changes the registry settings
so that the the script is
automatically executed when the
system is restarted.| More details |
W97M/Resume
|
Resume is a word
macro worm makes use of the MAPI
functions in Microsoft Outlook to
retrieve the current user profile
and password for server logon.
This Virus grabs e-mail addresses
from the address book of
Microsoft Outlook and resends the
mail. It is very similar to
Melissa virus. It won't infect
any document in the system but
will delete files in the mapped
dirves.| More details |
VBS/NewLove
|
VBS/NewLove
is a modified variant of VBS/Love
Letter worm uses Microsoft
outlook to spread. It contains a
very dangerous payload and it
will overwrite all files with
virus code in a fly. The damaged
files cannot be recovered.| More details |
W32.SouthPark@mm
|
South Park is an
Internet worm, uses
Microsoft Outlook and other
different techniques like copying
"South Park.exe" to
floppy drives and Mapped drives
to spread. The worm is 19,968
bytes long and written in Visual
Basic. It needs
"MSVBVM50.dll" to
spread otherwise it will show dll
missing error. The e-mail
attachment name will be
"South Park.exe".| More details |
VBS/LoveLetter
|
VBS/LoveLetter
is a VB Script uses Microsoft
outlook and Mirc clients to
spread. It is spreading faster
than Melissa virus. It causes
heavy e-mail traffic and downs
many mail servers. There are
several variants reported in the
wild. The attachments will be LOVE-LETTER-FOR-YOU.TXT.VBS,
mothersday.vbs,
Urgent_virus_warning.vbs,
IMPORTANT.TXT.VBS,
Virus-Protection-Informations.vbs,
ArabAir.TXT.vbs,
BEWERBUNG.TXT.vbs,
KillEmAll.TXT.vbs, protect.vbs or
Very Funny.vbs . | More details |
Wscript/Kak
|
Wscript/Kak
is a worm that exploits security
vulnerabilities in Microsoft
Internet Explorer and Microsoft
Outlook in a way similar to Bubbleboy worm. It
will ONLY infect PCs running Windows
98 with Internet Explorer
5 and Outlook or Outlook
Express. | More details |
W32.Plage@mm
|
Plage is an e-mail
worm, uses MAPI
functions to infect e-mail
messages. The worm is 102400
bytes long written in Borland
C++. The worm has an icon similar
to PKLITE self extracting
program, very similar to
W32/ExploreZip worm. The
infection method is also similar
to ExploreZip worm but it won't
delete the data files in the
system. | More details |
W95/Babylonia
|
W95/Babylonia
is a polymorphic virus, When
executed, the virus infects .EXE
and .HLP files. When it detects
an Internet connection, it
attempts to connect to a Web site
hosted by a virus authoring
group, and if successful, it
downloads additional components
of the complete virus to the host
PC. | More details |
Worm.MiniZip
|
MiniZip is a
compressed variant of the
original ExploreZip worm, it uses standard
e-mail software such as Outlook,
Outlook Express and Exchange to
spread. It infects Windows
95/98/NT systems and damages the
data. It searches for the files
with extensions doc, xls, ppt, h,
asm, c, cpp in the local hard
drives and mapped drives and
reduces the file size to zero
byte. | More details |
W97M/Prilissa
|
W97M/Prilissa
virus is a new variant of Melissa
virus infects Word 97 Documents. Prilissa virus
makes use of the MAPI functions
in Microsoft Outlook to retrieve
the current user profile and
password for server logon. This
Virus grabs the first 50
addresses from the address book
of Microsoft Outlook and resends
the mail. It will format your
harddisk on Christmas day. | More details |
W32/FunLove
|
This
virus is a W32 PE file virus
infects EXE, SCR, OCX files under
Win9x and WinNT 4.0 platforms. The
infected files will increase by
4099 bytes. What is notable about
this virus is that it uses a new
strategy to attack the Windows NT
file security system and it runs
as a service on Windows NT
systems. | More details |
VBS/Bubbleboy
|
VBS/Bubbleboy
is the first e-mail worm to
infect computers without using
attachments. Historically, as
long as you don't open e-mail
attachments you're safe from
virus infection, but this changes
all that. It will ONLY
infect PCs running Windows 98
with Internet Explorer 5 and
Outlook or Outlook Express.| More details |
VBS/Monopoly
|
Monopoly
is a VBScript worm, uses
Microsoft OUTLOOK and it sends
information about who runs the
file. When run, it will display a
message saying "Bill Gates
is guilty of monopoly. Here is
the proof.". Then it will
show a JPG file, which shows Bill
Gates face in the monopoly game.|
More details |
Backdoor.Bo2K
|
BO2K is a hacker
agent, it allows the computer to
be remotely controlled by another
user. It was created by the Cult
of Dead Cow hackers group in July
1999. It works on Windows 95, 98
and Windows NT platforms. There
are two versions available in
this Trojan, one is designed for
USA and other an international
version.| More details |
Worm.ExploreZip
|
ExploreZip is an
e-mail worm, it uses standard
e-mail software such as Outlook,
Outlook Express and Exchange to
spread. It infects Windows
95/98/NT systems and damages the
data. It searches for the files
with extensions doc, xls, ppt, h,
asm, c, cpp in the local hard
drives and mapped drives and
reduces the file size to zero
byte. So it is impossible to
recover the data from the
infected files. It will infect
other networked computers too. | More details |
Worm.Happy99
|
The is a W32-based
e-mail and newsgroup worm. It
displays fireworks when executed
first time as Happy99.exe. When
executed first time, it creates
SKA.EXE and SKA.DLL in the system
directory. Also it modifies
WSOCK32.DLL to infect.| More details |
