Latest top virus threats: W32/IRCbot.worm!MS05-039- this virus is a worm which includes the ability to spread by exploitingsystems which are not yet patched for the Microsoft "Plug & Play" MS05-039vulnerability. If thisworm is run on a system which has not yet been patched for the MS05-039vulnerability, it will continually reboot. To protect your computer fromthis virus make sure that you have all the latest "Critical / High PriorityUpdates and patches from Microsoft's website http://update.microsoft.com. W32.Erkez.D@mm- Offering a fake holiday greeting, this virus is a mass-mailing worm thatarrives as an email attachment. When run, the worm displays a fake error message(Error in packed file!), infects the host computer and emails itself to stolenemail addresses using the infected computer's Internet connection. Theworm may cause performance issues, attempt to lower security settings, terminateprocesses, and open a back door on the compromised computer. Theworm sends itself in different languages depending on the recipient's address. Rating:medium damage with high distribution. W32.Sober.I@mmis a mass-mailing worm that uses its own SMTP engine to spread by sending itselfas an email attachment to addresses gathered from the infected computer. If you see this message: "WinZip_Data_Module is missing ~Error:{[random number]}" Rating:low damage with high distribution. W32.Mydoom.Q@mmis a mass-mailing worm that downloads an executable file and uses its own SMTPengine to send itself to the email addresses that it finds on the infectedcomputer. Rating: medium damage with high distribution. W32.Korgo.F is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (BID 10108) on TCP port 445and other random ports. Rating: medium damage with high distribution. W32.Sasser.B.Wormis a variant of W32.Sasser.Worm which is a mass-mailing worm that causessignificant degradation in performance. To prevent infection and remoteexploitation of the vulnerability install the appropriate Microsoft patch(MS04-011). Rating: medium damage with very high distribution. W32.Beagle.W@mmis a mass-mailing worm that attempts to spread using mail and file-sharingnetworks. The worm also opens a backdoor on an infected computer. When theworm runs, it displays a message box with the following text:
Can't find a viewer associated with the file.
Rating: medium damage with high distribution. W32.Netsky.P@mm (also known asW32.Netsky.Q@mm) is a mass-mailing worm that uses its own SMTP engine to senditself to the email addresses it finds when scanning the hard drives and mappeddrives. The worm also tries to spread through various file-sharing programs bycopying itself into various shared folders. Theworm uses a Microsoft vulnerability to cause un-patched systems to auto-executethe worm when reading or previewing an infected message.
Rating: medium damage with high distribution. W32.Beagle.E@mm is a mass-mailing worm.The worm primarily spreads through e-mail and will be independent of thevictim's e-mail client. W32.Beagle.E@mm will also create a security hole, whichis also known as a backdoor, on the victim's machine. This backdoor componentwill allow a remote attacker to penetrate the victim's machine. Whatto look for: From: willcontain a spoofed e-mail address, which means that the email will most likelycontain an email address of someone you know, even if the worm did not originatefrom that person. Subject: mayhave a list of different phrases available to the worm itself. Thus, the subjectline of the email varies from one email to another. Attachment: containsa set of random characters, followed by the file extension ".zip." Rating: medium damage with high distribution. W32.Mydoom.F@mm is a mass-mailing wormthat opens a backdoor on TCP port 1080. Candownload and execute arbitrary files. Willperform a Denial of Service (DoS) against www.microsoft.com and www.riaa.com, ifthe computer's local system date is between the 17th and 22nd of any month. Sets upa backdoor in an infected system, by opening TCP port 1080. This could allow anattacker to connect to a computer and use it as a proxy to gain access to itsnetwork resources. Rating:significant damage with high distribution. W32.Novarg.A@mm is a mass-mailing wormthat arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr,or .zip. When a computer is infected, the worm will set up a backdoor into thesystem by opening TCP ports. This can potentially allow an attacker to connectto the computer and use it as a proxy to gain access to its network resources.In addition, the backdoor has the ability to download and execute arbitraryfiles. The worm will performa DoS (Denial of Service) attack starting on February 1, 2004. Italso has a trigger date to stop spreading on February 12, 2004.
W32.Bagle@MMis a Medium Risk mass-mailing worm with a potentially dangerous remote accesscomponent. Similar to last summer's Sobig virus, W32/Bagle@MM arrives as anexecutable attachment inside an email (subject line: "Hi"). When run,the virus checks the system date -- if January 28, 2004 or later, the virussimply exits and does not propagate. Otherwise, the virus emails itself toaddresses it steals from the infected computer, spoofing the "from:field" with one of the harvested addresses. Whatto look for: From:(address may be forged) Subject:Hi Body: Test=) (randomcharacters) Test,yep. Attachment:(random filename) 15,872 bytes W32.Scold@mm is a mass-mailing worm thatuses Microsoft Outlook to send itself to contacts in the Outlook address book. When W32.Scold@mm runs, it displays a picture of ababy seal. See the "Technical Details" section for an illustration. The email has the following characteristics:
Subject: (one of the following) - When It's Cold Outside She Gives Me Warm Inside <blank spaces and random characters>
- Fw: When It's Cold Outside She Gives Me Warm Inside <blank spaces and random characters>
- Re: When It's Cold Outside She Gives Me Warm Inside <blank spaces and random characters>
Message: (one of the following) - You will love this cute picture.
- Enjoy this great picture.
- Don't miss this cool picture.
W32.Mimail.M@mm is a worm that causessystem instability: Sends data to the darkprofits domains in an attempt toperform a Denial Of Service (DoS). Releases confidential info: Capturestext from specific windows and sends the data to predetermined email addresses. It may be disguised as the following email: Subject:Re[3]
Attachment: Wendy.zip (Contains the file Wendy.exe) or Only_for_greg.zip(Contains the file For_greg.jpg.exe) Rating:significant damage with high distribution but not difficult to repair W32.Swen@mm,also known as Gibe) is a mass-mailing worm exploiting a vulnerability inMicrosoft Outlook and Outlook Express in an attempt to execute itself when youopen or even preview the email message. It pretends to be a patch from Microsoft using the subject line to enticeWindows users to open the attachment. The virus attempts to kill allantivirus and personal firewall apps running on the infected machine. Rating:significant damage and difficult to repair with high distribution W32.Blaster.F.Wormis a worm that exploits the DCOM RPC vulnerability (described in MicrosoftSecurity Bulletin MS03-026). The worm targets only Windows 2000, Windows XP andNT computers. Symptoms include systems rebooting every few minutes withoutuser input, or becoming unresponsive. You may see this window pop-up toalert you of a problem. 
Yourcomputer is not vulnerable to the Blaster worm if you downloaded and installedthe security update that was addressed by Security Bulletin MS03-026 prior toAugust 11, the date the Blaster worm was discovered. However, you will need todownload and install the update addressed by Security Bulletin MS03-039 in orderto help ensure that you are not vulnerable to future variants of the Blasterworm. Rating:significant damage with very high distribution SQLSlammeris a worm that self-propagates malicious code exploiting multiplevulnerabilities in the Resolution Service of Microsoft SQL Server 2000.Microsoft has patched the buffer overflow vulnerability last summer, but forseveral reasons system administrators were slow on applying the patch. Whenerupted, the morning 1/24/03, the tiny worm (just 376 bytes of code)spread quickly and in a matter of minutes took disrupted companies' networks. Rating:network damage with very high distribution Naith.A@mmwill mass mail itself and is also a password stealer, sending confidential dataacross the internet. Copies itself into the Windows\temp directory andspreads. Rating: mediumdamage with high distribution W97M.Killboot is a macro virus that infects Microsoft Word documents. It spreads via shared documents. Symptoms: hangs the operating system of an infected computer by overwriting all of the data in the Master Boot Record (MBR) Rating: severe damage Bugbear virus installs a Trojan on infected machines Symptoms: capable of logging users' keystrokes, and give a remote attacker access to sensitive data such as passwords, also enable him to control the PC. Also disables anti-virus and firewalls. Rating: severe damage with very high distribution
W32.ExploreZip.L.Worm is a worm that contains a malicious payload and uses Microsoft Outlook, Outlook Express, or Exchange to mail itself, by replying to unread messages in the Inbox. Symptoms: The email attachment is titled Zipped_files.exe. The file has been repacked to make it more difficult to detect with older, existing antivirus software also searches the mapped drives and network computers for Windows installations. If they are found, the worm copies itself to the \Windows folder of the remote computer, and then modifies the Win.ini file of the infected computer.
Rating: severe damage with very high distribution
W32.Lirva.A is a mass-mailing worm that also spreads by IRC, ICQ, KaZaA, and open network shares. Symptoms: attempts to terminate antivirus and firewall products. It also emails the cached Windows 95/98/Me dial-up networking passwords to the virus writer. Rating: considerable damage with very high distribution W32.Yaha.K@mm is a worm that emails itself to all the contacts in the Windows Address Book, MSN Messenger, .NET Messenger, and Yahoo Pager. Symptoms: terminates some antivirus and firewall processes Rating: considerable damage with very high distribution W32.Klez.H@mm is an email based worm, also infects through network shares. Symptoms: infects executables, by creating a hidden copy of the original host file, and then by overwriting the original file with itself. Rating: considerable damage with very high distribution W32.HLLW.Backzat.B is an email-based worm that uses Microsoft Outlook and the Outlook address book to send out infectious email. Symptoms: deletes varying security software products Rating: medium damage with high distribution W32.HLLW.GOP.G@mm is a mass-mailing worm that copies itself to the hard drive. Symptoms: performs a mass-mailing routine. Rating: medium with high distribution | 