Win32/Bugbear.B@mm is a mass-mailing e-mail worm that also spreads via unprotected network shares. E-mail messages used by the Win32/Bugbear.B@mm worm may use the vulnerability mentioned in Microsoft Security Bulletin MS01-020, Incorrect MIME Header Can Cause IE to Execute E-mail Attachment, to run automatically on some computers when an infected e-mail is viewed. Win32/Bugbear.B@mm also includes a file infecting component and opens an unsecured backdoor on TCP port 1080.

Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

Win32/Wukill.F@mm is a mass-mailing e-mail worm that also spreads via local and mapped drives. The worm modifies the registry to disable viewing of file extensions and paths in Windows Explorer.

Worm:Win32/Alcan.D is a worm that spreads via peer-to-peer (P2P) file sharing networks.  Worm:Win32/Alcan.D downloads and runs files from remote websites and may interfere with security software installed on the system.

Win32/Wowstealer.A@mm is a mass mailing e-mail worm that targets the account credentials used to access the World of Warcraft online game. Win32/Wowstealer.A@mm lowers the security settings in Microsoft Outlook Express that would normally prevent accidental opening of executable e-mail attachments.

Worm:Win32/Nuwar.IR registers itself as a Licensed Service Provider (LSP) on the compromised system. The worm receives messages from a remote Web site which it then appends to outgoing Web-based communications. The message includes a link that points to a copy of the worm file. These messages may be appended to outgoing instant messaging chats, Web-based e-mail, as well as blog comments and forum posts.

Worm:Win32/Wootbot.BM is a backdoor trojan that allows attackers to control the infected computer via IRC channels. Upon receiving certain commands, the trojan can perform Denial-of-Service (DoS) attacks and spread to other computers that have not applied the update provided in Microsoft Security Bulletin MS04-011.

Win32/Funner is an instant messaging worm that spreads through MSN Messenger, MSN Communicator, and QQ. The worm overwrites the HOSTS file to redirect certain outbound Internet traffic from the infected computer to an attacker’s server, which could enable phishing and man-in-the-middle attacks. These attacks may include theft of credentials such as user names, passwords, and credit card data, as well as injection of malicious code into Internet traffic that is bound for the user's computer.

Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

Win32/Parite is a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

Worm:Win32/Bagle@mm!zip is detection for e-mail containing password-protected zip file attachments associated with the Win32/Bagle family. The Win32/Bagle family spreads primarily through e-mail, though some variants also spread through peer-to-peer networks. The worm acts as a backdoor Trojan, allowing an attacker to access a computer that it has infected. The backdoor can be used to distribute other malicious software. Some variants of Win32/Bagle infect executable files.

Win32/Reatle.A@mm!CME-875 is a mass-mailing e-email and network worm that exploits the Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011. Win32/Reatle.A@mm!CME-875 also downloads and runs a file from a URL specified in the worm's code.

Win32/Bagle.BA@mm!CME-477 is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it finds on the host computer. Win32/Bagle.BA@mm!CME-477 also spreads by copying itself to folders containing the string 'shar' in the folder name.

Worm:Win32/Zotob.Q is a network worm that exploits the Plug-and-Play vulnerability discussed in Microsoft Security Bulletin MS05-039. The worm targets computers running Microsoft Windows 2000 that do not have MS05-039 installed. The worm can also infect computers running other versions of Windows operating systems if it is delivered through e-mail, instant messaging, or some other means.

Win32/Klez.H@mm is a mass-mailing e-mail worm that also copies itself to local, mapped, and network shares. Win32/Klez.H@mm attempts to terminate processes associated with antivirus and security software. When sending copies of itself via e-mail, the worm may also attach randomly selected legitimate files found on the system. This could result in compromise of confidential or sensitive data.

Win32/Klez.E@mm is a mass-mailing e-mail worm that also copies itself to local, mapped, and network shares. Win32/Klez.E@mm attempts to terminate processes associated with antivirus and security software. When sending copies of itself via e-mail, the worm may also attach randomly selected legitimate files found on the system. This could result in compromise of confidential or sensitive data.