Most Popular Viruses
VIRUS NAME | DETAILS |
Backdoor.Bot | Backdoor.Bot is a hacker agent, it allows the computer to be remotely controlled by another user. | More details |
W32.Netsky.T@mm | Netsky.T worm arrives as an e-mail attachment. The infected attachment name, message body and subject is randomly chosen by the worm. | More details |
W32.Stration@mm | Stration aka Warezov is a mass mailing worm, uses e-mail addresses collected from the infected system to distribute infected messages. Stration worm arrives as an e-mail attachment. It has the ability to download new variants of malware from Internet.| More details |
W32.Blackmal.E@mm | W32.Blackmal.E@mm aka VB.BI is a mass mailing worm, uses e-mail addresses collected from the infected system to distribute infected messages. It attempts spread through network shares.| More details |
W32.Sober.X@mm | Sober.X is a mass mailing worm uses e-mail addresses collected from the system to distribute infected mails. The worm uses its own SMTP engine to spread. The infected mail will be in English or German.| More details |
W32.Beagle.AV@mm | Beagle.AV is a mass mailing worm, uses e-mail addresses collected from the infected system to distribute infected messages. Beagle worm arrives as an e-mail attachment. | More details |
W32.Sasser.Worm | Sasser is a network Worm, exploits a remote code execution vulnerability LSASS to infect target systems. It scans for IP addresses and infects unpatched systems. This worm targets Windows 2000, and Windows XP systems. | More details |
W32.Netsky.P@mm | Netsky.P is a modified variant of Netsky.C worm. This mass mailing worm spreads using e-mail addresses collected from MSG, OFT, SHT, DBX, TBB, ADB, DOC, WAB, ASP, UIN, RTF, VBS, HTML, HTM, PL, PHP, TXT, SHTM, DHTM, CGI and EML files to distribute infected messages. Netsky.P worm arrives as an e-mail attachment. | More details |
W32.Netsky.D@mm | Netsky.D is a modified variant of Netsky.C worm. This mass mailing worm spreads using e-mail addresses collected from MSG, OFT, SHT, DBX, TBB, ADB, DOC, WAB, ASP, UIN, RTF, VBS, HTML, HTM, PL, PHP, TXT, SHTM, DHTM, CGI and EML files to distribute infected messages. Netsky.D worm arrives as an e-mail attachment. The infected attachment name, message body and subject is randomly chosen by the worm. | More details |
W32.Mydoom.A@mm | Novarg aka Mydoom is a mass mailing worm, uses e-mail addresses collected from .wab, .adb, .tbb, .dbx, .asp, .php, .sht, .htm, .txt files to distribute infected messages. Novarg worm arrives as an e-mail attachment. The infected attachment name, subject and message body is randomly chosen by the worm. The worm also spreads using KaZaA P2P network. | More details |
W32.Blaster.Worm | Blaster worm exploits a vulnerability DCOM RPC [ Buffer Overrun In RPC Interface ] to infect target systems. The worm randomly scans for IP addresses [ X.X.X.0 Example: 202.124.64.0 ] and infects the vulnerable systems. This worm targets Windows NT, 2000, XP, and Windows Server 2003 systems. | More details |
W32.Klez.H@mm | Klez.H is a modified variant of original Klez.E worm and it is rapidly spreading in the wild. I-worm/Klez.H arrives as an e-mail attachment with different names. | More details |
W32.Yaha.K@mm | Yaha.K is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from .ht* files to distribute infected messages. It also spreads through MSN messenger list, ICQ list and Yahoo pager list. | More details |
W32.Bugbear@mm | BugBear is an Internet worm, uses e-mail addresses stored in Windows Address book and network shares. It also collects addresses from .dbx, .mbx, .eml, and .ocs files to distribute infected messages. The worm randomly chooses the message body and subject. | More details |
Worm/Opaserv.A | Opaserv is a network worm, spreads using shared network drives. Opaserv infects only the network shares and it will not spread using e-mail attachments. When executed, it will search for Windows folder in the local system and network and copies to "Scrsvr.exe". | More details |
W32.Yaha.E@mm | Yaha.E is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from .ht* files to distribute infected messages. It also spreads through MSN messenger list, ICQ list and Yahoo pager list. | More details |
W32.Klez.E@mm | Klez.E is modified variant of original Klez worm. Klez.E variant rapidly spreads in the wild. I-worm/Klez.E arrives as an e-mail attachment. The attachments are embedded within the e-mail and it won't visible to the user. | More details |
W32.BadTrans.B@mm | W32.BadTrans.B@mm is modified variant of original BadTrans worm. This encrypted worm sends infected mails to e-mail address collected from web pages and Windows address book. It also drops Trojan.PSW.Hooker.b in the victims PC. The virus author can steal username and password details using this password stealer. | More details |
W32.SirCam@mm | SirCam is a mass mailing worm uses e-mail addresses stored in Windows Address book and also collects addresses from temporary Internet folder to distribute infected messages. SirCam is also network aware worm. It searches for network shares and infects them too. | More details |
HomePage aka VBSWG.X | VBS/HomePage aka VBS/VBSWG.X is a encrypted VB script worm uses Microsoft outlook to spread. The email message subject will be " Homepage " and the attachment will be "homepage.HTML.vbs" and the message body will be "Hi! You've got to see this page! It's really cool ;O)". | More details |
W32.BadTrans@mm | BadTrans is an encrypted worm spreads via MAPI function of Microsoft Outlook and it also drops Trojan.PSW.Hooker.b in the victims PC. The virus author can steal username and password details using the password stealer. | More details |
W32/Magistr | W32/Magistr is a complex polymorphic worm spreads via email and it contains virus components to infect PE files [*.EXE, *.SCR] in Windows environment. It infects local machine and PCs connected to the local network (LAN). It is discovered in March 2001 and frequently reported in the wild. | More details |
W95/Hybris | Hybris is a complex deadly worm, it will update the plugins from the virus author's site or through a virus conference news group alt.comp.virus. The worm uses Win95/Babylonia virus technique to download plugins, but it uses strong encryption on plugins using RSA 128 bit keys. The worm patches WSOCK32.DLL to email automatically. | More details |
W32.Prolin@mm | Prolin is an Internet worm, uses Microsoft Outlook to email itself.The worm is 36,834 bytes long and written in Visual Basic version 6. It needs "MSVBVM60.dll" to spread otherwise it will show DLL missing error. The e-mail attachment name will be "Creative.exe". | More details |
W32/MTX | MTX is a complex encrypted worm spreads via email and carries a virus to infect local machine files. It is discovered one month back and frequently reported in the wild. When executed, the worm patches WSOCK32.DLL to email automatically. The virus component uses EPO ( Entry Point Obscuring ) technology to infect files. | More details |
Wscript/KAK Worm | Wscript/Kak is a worm that exploits security vulnerabilities in Microsoft Internet Explorer and Microsoft Outlook in a way similar to Bubbleboy worm. It will ONLY infect PCs running Windows 98 with Internet Explorer 5 and Outlook or Outlook Express. | More details |
W97M/Marker family | W97M/Marker (also known as HSFX) is a Word macro virus that collects user information from Word and uses FTP to send it over the internet. The virus is similar to W97M/Caligula. It sends the data over to codebreakers.org. It also has some similarities to W97M/Ethan.| More details |
PrettyPark. worm | Pretty Park is an Internet worm, uses mass mailing and mIRC clients to spread. There are lot of unpacked variants also reported in the wild. | More details |
W97M/Ethan family | Ethan is a simple macro virus, consisting of a single macro less than 50 lines long. It infects Word's NORMAL.DOT template and documents by inserting it's code to a module in the document.| More details |
Worm.Happy99 | The is a Win32-based e-mail and newsgroup worm. It displays fireworks when executed first time as Happy99.exe. When executed first time, it creates SKA.EXE and SKA.DLL in the system directory. Also it modifies WSOCK32.DLL to infect.| More details |
X97M/Laroux family | XM/Laroux is the first macro virus for Microsoft Excel for Windows which actually works. The virus intercepts Excel's AutoOpen automacro. When an infected spreadsheet is opened, the virus activates and checks whether the system is already infected. If not , the virus creates an Excel for Windows file named PERSONAL.XLS in the Excel for Windows default startup directory (e.g. C:\MSOFFICE\EXCEL \XLSTART) and copies itself there.| More details |
W32/Funlove | This is a Win32 PE file virus infects EXE, SCR, OCX files under Win9x and WinNT 4.0 platforms. The infected files will increase by 4099 bytes. What is notable about this virus is that it uses a new strategy to attack the Windows NT file security system and it runs as a service on Windows NT systems. | More details |
WYX Boot | WYX boot uses floppy disks to infect other PCs. If you accidentally switch on the PC with an infected disk it will infect Partition table and Boot sector of Hard disk. It spreads on DOS, Windows 9x and Windows NT environments. Some times it failed to replicate in Windows environment and damages the data.| More details |
VBS/LoveLetter | VBS/LoveLetter is a VB Script uses Microsoft outlook and Mirc clients to spread. It is spreading faster than Melissa virus. It causes heavy e-mail traffic and downs many mail servers. There are several variants reported in the wild. The attachments will be LOVE-LETTER-FOR-YOU.TXT.VBS, mothersday.vbs, Urgent_virus_warning.vbs, IMPORTANT.TXT.VBS, Virus-Protection-Informations.vbs, ArabAir.TXT.vbs, BEWERBUNG.TXT.vbs, KillEmAll.TXT.vbs, protect.vbs or Very Funny.vbs . | More details |
Win95/CIH virus | A more dangerous and deadly virus called "CIH" has spread rapidly and remains dormant in many computers. This virus will wake up or get activated on 26th of April and it will damage the motherboard and the hard disk. The damage caused could be extreme and expensive. | More details |
0 comments:
Subscribe to:
Post Comments (Atom)