Win32/Mydoom.A@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer. The worm also installs a .dll file that acts as a backdoor. After February 1, 2004, the worm attempts a denial-of-service (DoS) attack against www.sco.com.

Win32/Netsky.P@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens an e-mail attachment that contains the worm. The worm also exploits a vulnerability that is fixed in Microsoft Security Bulletin MS01-020.

Worm:Win32/Gaobot.AZ is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Win32/Spybot.BA.worm is a network worm that targets certain versions of Microsoft Windows. When a computer is infected with Win32/Bropia.D.worm, that worm drops Win32/Spybot.BA.worm on the infected computer. Win32/Spybot.BA.worm in turn spreads to other computers that do not have Microsoft Security Bulletin MS04-011 (Windows LSASS buffer overflow vulnerability) installed. Win32/Spybot.BA.worm also has backdoor capabilities, which allow attackers to control an computer through an IRC channel.

Win32/Spybot.BK.worm is a network worm that targets certain versions of Microsoft Windows. When a computer is infected with Win32/Bropia.O.worm, that worm drops Win32/Spybot.BK.worm on the infected computer. Win32/Spybot.BK.worm in turn spreads to other computers that do not have Microsoft Security Bulletin MS04-011 (Windows LSASS buffer overflow vulnerability) installed. Win32/Spybot.BK.worm also has backdoor capabilities, which allow attackers to control a computer through an IRC channel.

Win32/Sober.P@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm runs when a user opens the attachment.

Win32/Randex.FK.worm is a network worm that targets computers running certain versions of Microsoft Windows. It scans randomly generated IP addresses to spread to network shares with weak passwords. After the worm infects a computer, it connects to an IRC server to receive commands from the attacker. If your computer is infected by Win32/Randex.FK worm, you may experience system performance degradation, slower network connectivity, or system crashes.

Backdoor:Win32/Wootbot.AX is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan connects to an IRC server to receive commands from attackers. For example, an attacker can send a command to distribute the Trojan to other computers by exploiting the Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.

Win32/Sober.Q@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm spreads by sending a copy of itself as an attachment to e-mail addresses found on the infected computer. The e-mail may be in English or German. The worm runs when the user opens the attachment.

Win32/Netsky.I@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens an e-mail attachment that contains the worm. There may be no readily apparent indications that a computer is infected with this worm.

Win32/Korgo.R.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Netsky.X@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment that contains the worm. The worm also contains a backdoor and performs denial of service (DoS) attacks against certain Web sites.

Win32/Zafi.D@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on an infected machine. The worm is activated when a user opens the e-mail attachment that contains the worm. Your computer may be infected with Win32/Zafi.D@mm if you notice e-mails with a certain appearance, certain error messages, or certain file names on the infected computer.

 

Win32/Gaobot.ZP is a network worm that can spread across network connections by exploiting the vulnerability described in Microsoft Security Bulletin MS03-026. The worm has backdoor capabilities that allow attackers to control the infected computer using IRC channels. The worm also acts as a bot on the IRC network, coordinated through the IRC command, to launch massive distributed denial of service (DDoS) attacks and retrieve personal and system information.

Win32/Bropia.G.worm is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads and is activated when a user opens a file that is sent through MSN Messenger or Windows Messenger. The worm drops Trojan:Win32/Pakes.C when it runs.

Win32/Bagle.AN@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment. The worm monitors a random TCP port for instructions from remote attackers.

Win32/Mydoom.AE@mm is a mass-mailing worm that sends itself to e-mail addresses it finds on the infected computer.

Win32/Gaobot.ZN.worm is a backdoor Trojan that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS01-059, MS02-061, MS03-001, MS03-007, MS03-026, or MS03-049. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.