VIRUS
NAME
|
DETAILS
|
I-Worm/Klez.H
|
Klez.H
is a modified variant of
original Klez.E
worm
and it is rapidly
spreading in the wild. I-worm/Klez.H
arrives as an e-mail
attachment with different
names. The attachments
are embedded within the
e-mail and it won't
visible to the user.| More
details
|
I-Worm/APost
|
APost is
an Internet worm uses
Microsoft Outlook to
spread. The worm is 24,576 bytes
long and written in
Visual Basic 6.0. It
needs
"MSVBVM60.dll"
to spread otherwise it
will show dll missing
error. The attachment
name will be
"Readme.exe".
It is also known as
I-Worm.Readme,
W32.Apost@mm | More
details
|
CodeRed
Worm
|
CodeRed
worm spreads using .ida
buffer overflow attack
vulnerability in IIS Web
servers. The worm will
attack unprotected IIS
servers. Web
administrators are
requested to install the
security patch provided
by Microsoft. | More
details
|
| I-Worm/SirCam |
SirCam
is a mass mailing worm
uses e-mail addresses
stored in Windows Address
book and also collects
addresses from temporary
Internet folder to
distribute infected
messages. SirCam is also
network aware worm. It
searches for network
shares and infects them
too. | More
details |
VBS/Jolin
|
VBS/Jolin
is an intended VB script
worm uses Microsoft
outlook and mIRC to
spread. The worm contains
bugs in its code, so it
won't work properly. The
email message subject
will be "FW:
Check this out... "
and the attachment will
be "!!jolin_caught_naked!!!!.jpg.vbs
"
| More
details |
VBS/Mawanella
|
VBS/Mawanella
aka VBS/VBSWG.Z is a
encrypted VB script worm
uses Microsoft outlook to
spread. The email message
subject will be "
Mawanella"
and the attachment will
be "Mawanella.vbs"
and the message body will
be "Mawanella
is one of the Sri Lanka's
Muslim Village". | More
details |
VBSWG.X
|
VBS/HomePage
aka VBS/VBSWG.X is a
encrypted VB script worm
uses Microsoft outlook to
spread. The email message
subject will be "
Homepage
"
and the attachment will
be "homepage.HTML.vbs"
and the message body will
be "Hi!
You've got to see this
page! It's really cool
;O)". | More
details |
BadTrans
Worm
|
BadTrans
is an encrypted worm
spreads via MAPI function
of Microsoft Outlook and
it also drops
Trojan.PSW.Hooker.b in
the victims PC. The virus
author can steal username
and password details
using the password
stealer. | More
details |
Win32/Magistr
|
Win32/Magistr
is a complex polymorphic
worm spreads via email
and it contains virus
components to infect PE
files [*.EXE,
*.SCR] in
Windows environment. It
infects local machine and
PCs connected to the
local network (LAN). It
is discovered in March
2001 and frequently
reported in the wild. | More
details |
I-Worm/Hybris
|
Hybris
is a complex deadly worm,
it will update the
plugins from the virus
author's site or through
a virus conference news
group alt.comp.virus. The
worm uses Win95/Babylonia
virus
technique to download
plugins, but it uses
strong encryption on
plugins using RSA 128 bit
keys. The worm patches
WSOCK32.DLL to email
automatically. | More
details |
I-Worm/PROLIN
|
Prolin is
an Internet worm, uses
Microsoft Outlook to
email itself.The worm is
36,834 bytes long and
written in Visual Basic
version 6. It needs
"MSVBVM60.dll"
to spread otherwise it
will show DLL missing
error. The e-mail
attachment name will be
"Creative.exe". | More
details |
I-Worm/MTX
|
MTX
is a complex encrypted
worm spreads via email
and carries a virus to
infect local machine
files. It is discovered
one month back and
frequently reported in
the wild. When
executed, the worm
patches WSOCK32.DLL to
email automatically.
The virus
component uses EPO
( Entry Point Obscuring )
technology to
infect files. | More
details |
VBS/Stages
|
VBS/Stages
is a multi application
Windows worm uses
Microsoft outlook, mIRC,
Pirch and mapped drives
to spread. Because of the
mass mailing routine it
downs many e-mail
servers. The attachment
name will be "LIFE_STAGES.TXT.SHS"
and size will be
39,936 bytes. | More
details |
VBS/Plan
(VBS_Colombia)
|
VBS/Plan
is a new modified variant
of VBS/LoveLetter
worm uses Microsoft
outlook to spread. While
opening the e-mail
attachment, will copy
LINUX32.vbs and a random
file name in windows
system folder and
reload.vbs in windows
folder. Then
it changes the registry
settings so that the the
script is automatically
executed when the system
is restarted.| More
details |
| W97M/Resume |
Resume is
a word macro worm makes
use of the MAPI functions
in Microsoft Outlook to
retrieve the current user
profile and password for
server logon. This Virus
grabs e-mail addresses
from the address book of
Microsoft Outlook and
resends the mail. It is
very similar to Melissa
virus. It won't infect
any document in the
system but will delete
files in the mapped
dirves.| More
details |
VBS/NewLove
|
VBS/NewLove
is a modified variant of
VBS/Love Letter worm uses
Microsoft outlook to
spread. It contains a
very dangerous payload
and it will overwrite all
files with virus code in
a fly. The damaged files
cannot be recovered.| More
details |
I-Worm/South
Park
|
South Park
is an Internet worm, uses
Microsoft Outlook and
other different
techniques like copying
"South
Park.exe" to floppy
drives and Mapped drives
to spread. The worm is
19,968 bytes long and
written in Visual Basic.
It needs
"MSVBVM50.dll"
to spread otherwise it
will show dll missing
error. The e-mail
attachment name will be
"South
Park.exe".| More
details |
| VBS/LoveLetter |
VBS/LoveLetter
is a VB Script uses
Microsoft outlook and
Mirc clients to spread.
It is spreading faster
than Melissa virus. It
causes heavy e-mail
traffic and downs many
mail servers. There are
several variants reported
in the wild. The
attachments will be LOVE-LETTER-FOR-YOU.TXT.VBS,
mothersday.vbs,
Urgent_virus_warning.vbs,
IMPORTANT.TXT.VBS,
Virus-Protection-Informations.vbs,
ArabAir.TXT.vbs,
BEWERBUNG.TXT.vbs,
KillEmAll.TXT.vbs,
protect.vbs or
Very Funny.vbs .
| More
details |
Wscript/Kak
|
Wscript/Kak
is a worm that exploits
security vulnerabilities
in Microsoft Internet
Explorer and Microsoft
Outlook in a way similar
to Bubbleboy worm.
It will ONLY infect PCs
running Windows 98
with Internet Explorer
5 and Outlook
or Outlook Express.
| More
details |
I-Worm/Plage
|
Plage is
an e-mail worm, uses
MAPI functions to infect
e-mail messages. The worm
is 102400 bytes long
written in Borland C++.
The worm has an icon
similar to PKLITE self
extracting program, very
similar to
Win32/ExploreZip worm.
The infection method is
also similar to
ExploreZip worm but it
won't delete the data
files in the system. | More
details |
| W95/Babylonia |
W95/Babylonia
is a polymorphic virus, When
executed, the virus
infects .EXE and .HLP
files. When it detects an
Internet connection, it
attempts to connect to a
Web site hosted by a
virus authoring group,
and if successful, it
downloads additional
components of the
complete virus to the
host PC. | More
details |
MiniZip
Worm
|
MiniZip is
a compressed variant of
the original ExploreZip
worm, it uses
standard e-mail software
such as Outlook, Outlook
Express and Exchange to
spread. It infects
Windows 95/98/NT systems
and damages the data. It
searches for the files
with extensions doc, xls,
ppt, h, asm, c, cpp in
the local hard drives and
mapped drives and reduces
the file size to zero
byte. | More
details |
W97M/Prilissa
|
W97M/Prilissa
virus is a new variant of
Melissa virus infects
Word 97 Documents. Prilissa
virus makes use of the
MAPI functions in
Microsoft Outlook to
retrieve the current user
profile and password for
server logon. This Virus
grabs the first 50
addresses from the
address book of Microsoft
Outlook and resends the
mail. It will format your
harddisk on Christmas
day. | More
details |
Win32/FunLove
|
This
virus is a Win32 PE file
virus infects EXE, SCR,
OCX files under Win9x and
WinNT 4.0 platforms.
The infected files will
increase by 4099 bytes.
What is notable about
this virus is that it
uses a new strategy to
attack the Windows NT
file security system and
it runs as a service on
Windows NT systems. | More
details |
VBS/Bubbleboy
|
VBS/Bubbleboy
is the first e-mail worm
to infect computers
without using
attachments.
Historically, as long as
you don't open e-mail
attachments you're safe
from virus infection, but
this changes all that.
It will
ONLY infect PCs running
Windows 98 with Internet
Explorer 5 and Outlook or
Outlook Express.| More
details |
VBS/Monopoly
|
Monopoly
is a VBScript worm, uses
Microsoft OUTLOOK and it
sends information about
who runs the file. When
run, it will display a
message saying "Bill
Gates is guilty of
monopoly. Here is the
proof.". Then it
will show a JPG file,
which shows Bill Gates
face in the monopoly
game.| More
details |
Back
Orifice 2000
|
BO2K is a
hacker agent, it allows
the computer to be
remotely controlled by
another user. It was
created by the Cult of
Dead Cow hackers group in
July 1999. It works on
Windows 95, 98 and
Windows NT platforms.
There are two versions
available in this Trojan,
one is designed for USA
and other an
international version.| More
details |
ExploreZip
Worm
|
ExploreZip
is an e-mail worm, it
uses standard e-mail
software such as Outlook,
Outlook Express and
Exchange to spread. It
infects Windows 95/98/NT
systems and damages the
data. It searches for the
files with extensions
doc, xls, ppt, h, asm, c,
cpp in the local hard
drives and mapped drives
and reduces the file size
to zero byte. So it is
impossible to recover the
data from the infected
files. It will infect
other networked computers
too. | More
details |
Netbus
Trojan
|
NetBus
is a remote
administration tool, just
like the famous Back
Orifice tool. However,
Netbus works on Windows
95/98/NT. Netbus is
basically a small utility
for remote controlling of
one computer from
different computer using
the Network. But it is
being more misused as a
Trojan than an actual
tool. | More
details |
W97M/Melissa
|
Melissa
virus makes use of the
MAPI functions in
Microsoft Outlook to
retrieve the current user
profile and password for
server logon. This Virus
grabs the first 50
addresses from the
address book of Microsoft
Outlook Express and
resends the mail .The
infected word document
contains the porno site
address. It infects
Word97 and Office 2000
documents.| More
details |
X97M/Papa
|
Papa virus
is a Microsoft Excel
virus which also spreads
through email. When an
infected Excel
spreadsheet is opened,
the Papa virus makes use
of the MAPI functions in
Microsoft Outlook to
retrieve the current user
profile and password for
server logon. The virus
will then access the
Outlook client address
book and select up to 60
recipients to
automatically send new
email messages.| More
details |
Happy99
Worm
|
The is a
Win32-based e-mail and
newsgroup worm. It
displays fireworks when
executed first time as
Happy99.exe. When
executed first time, it
creates SKA.EXE and
SKA.DLL in the system
directory. Also it
modifies WSOCK32.DLL to
infect.| More
details |
.