VIRUS
NAME
|
DETAILS
|
I-Worm/Klez.H
|
Klez.H
is a modified variant of
original Klez.E
and
it is rapidly spreading
in the wild. Klez.H
arrives as an e-mail
attachment with different
names. The attachments
are embedded within the
e-mail and it won't
visible to the user.
| More
details |
I-Worm/SirCam
|
SirCam
is a mass mailing worm
uses e-mail addresses
stored in Windows Address
book and also collects
addresses from temporary
Internet folder to
distribute infected
messages. SirCam is also
network aware worm. It
searches for network
shares and infects them
too. | More
details |
HomePage
aka
VBSWG.X
|
VBS/HomePage
aka VBS/VBSWG.X is a
encrypted VB script worm
uses Microsoft outlook to
spread. The email message
subject will be "
Homepage
"
and the attachment will
be "homepage.HTML.vbs"
and the message body will
be "Hi!
You've got to see this
page! It's really cool
;O)". | More
details |
BadTrans
Worm
|
BadTrans
is an encrypted worm
spreads via MAPI function
of Microsoft Outlook and
it also drops
Trojan.PSW.Hooker.b in
the victims PC. The virus
author can steal username
and password details
using the password
stealer. | More
details |
Win32/Magistr
|
Win32/Magistr
is a complex polymorphic
worm spreads via email
and it contains virus
components to infect PE
files [*.EXE,
*.SCR] in
Windows environment. It
infects local machine and
PCs connected to the
local network (LAN). It
is discovered in March
2001 and frequently
reported in the wild. | More
details |
I-Worm/Hybris
|
Hybris
is a complex deadly worm,
it will update the
plugins from the virus
author's site or through
a virus conference news
group alt.comp.virus. The
worm uses Win95/Babylonia
virus
technique to download
plugins, but it uses
strong encryption on
plugins using RSA 128 bit
keys. The worm patches
WSOCK32.DLL to email
automatically. | More
details |
I-Worm/PROLIN
|
Prolin is
an Internet worm, uses
Microsoft Outlook to
email itself.The worm is
36,834 bytes long and
written in Visual Basic
version 6. It needs
"MSVBVM60.dll"
to spread otherwise it
will show DLL missing
error. The e-mail
attachment name will be
"Creative.exe". | More
details |
I-Worm/MTX
|
MTX
is a complex encrypted
worm spreads via email
and carries a virus to
infect local machine
files. It is discovered
one month back and
frequently reported in
the wild. When
executed, the worm
patches WSOCK32.DLL to
email automatically.
The virus
component uses EPO
( Entry Point Obscuring )
technology to
infect files. | More
details |
Wscript/KAK
Worm
|
Wscript/Kak
is a worm that exploits
security vulnerabilities
in Microsoft Internet
Explorer and Microsoft
Outlook in a way similar
to Bubbleboy worm.
It will ONLY infect PCs
running Windows 98
with Internet Explorer
5 and Outlook
or Outlook Express.
| More
details |
W97M/Marker
family
|
W97M/Marker
(also known as HSFX) is a
Word macro virus that
collects user information
from Word and uses FTP to
send it over the
internet. The virus is
similar to W97M/Caligula.
It sends the data over to
codebreakers.org. It also
has some similarities to
W97M/Ethan.| More
details |
PrettyPark
worm
|
Pretty
Park is an Internet worm,
uses mass
mailing and mIRC clients
to spread. There are lot
of unpacked variants also
reported in the wild. | More
details |
W97M/Ethan
family
|
Ethan
is a simple macro virus,
consisting of a single
macro less than 50 lines
long. It infects Word's
NORMAL.DOT template and
documents by inserting
it's code to a module in
the document.| More
details |
Happy99
Worm
|
The is a
Win32-based e-mail and
newsgroup worm. It
displays fireworks when
executed first time as
Happy99.exe. When
executed first time, it
creates SKA.EXE and
SKA.DLL in the system
directory. Also it
modifies WSOCK32.DLL to
infect.| More
details |
X97M/Laroux
family
|
XM/Laroux
is the first macro virus
for Microsoft Excel for
Windows which actually
works. The virus
intercepts Excel's
AutoOpen automacro. When
an infected spreadsheet
is opened, the virus
activates and checks
whether the system is
already infected. If not
, the virus creates an
Excel for Windows file
named PERSONAL.XLS in the
Excel for Windows default
startup directory (e.g.
C:\MSOFFICE\EXCEL
\XLSTART) and copies
itself there.| More
details |
Win32/Funlove
|
This
is a Win32 PE file virus
infects EXE, SCR, OCX
files under Win9x and
WinNT 4.0 platforms.
The infected files will
increase by 4099 bytes.
What is notable about
this virus is that it
uses a new strategy to
attack the Windows NT
file security system and
it runs as a service on
Windows NT systems. | More
details |
WYX
Boot
|
WYX boot
uses floppy disks to
infect other PCs. If you
accidentally switch on
the PC with an infected
disk it will infect
Partition table and Boot
sector of Hard disk. It
spreads on DOS, Windows
9x and Windows NT
environments. Some times
it failed to replicate in
Windows environment and
damages the data.| More
details |
VBS/LoveLetter
|
VBS/LoveLetter
is a VB Script uses
Microsoft outlook and
Mirc clients to spread.
It is spreading faster
than Melissa virus. It
causes heavy e-mail
traffic and downs many
mail servers. There are
several variants reported
in the wild. The
attachments will be LOVE-LETTER-FOR-YOU.TXT.VBS,
mothersday.vbs,
Urgent_virus_warning.vbs,
IMPORTANT.TXT.VBS,
Virus-Protection-Informations.vbs,
ArabAir.TXT.vbs,
BEWERBUNG.TXT.vbs,
KillEmAll.TXT.vbs,
protect.vbs or
Very Funny.vbs .
| More
details |
Win95/CIH
virus
|
A
more dangerous and deadly
virus called
"CIH" has
spread rapidly and
remains dormant in many
computers. This virus
will wake up or get
activated on 26th of
April and it will damage
the motherboard and the
hard disk. The damage
caused could be extreme
and expensive. | More
details
|
.