Worm:Win32/Emerleox.gen is a network worm that attempts to copy itself to writable network shares by exploiting weak password/username combinations. When Worm:Win32/Emerleox.gen is run, it attempts to disable certain antivirus and firewall products by disabling registry entries and killing processes associated with those programs.

Worm:Win32/Emerleox.gen is a network worm that attempts to copy itself to writable network shares by exploiting weak password/username combinations. When Worm:Win32/Emerleox.gen is run, it attempts to disable certain antivirus and firewall products by disabling registry entries and killing processes associated with those programs.

Win32/Bugbear.B@mm is a mass-mailing e-mail worm that also spreads via unprotected network shares. E-mail messages used by the Win32/Bugbear.B@mm worm may use the vulnerability mentioned in Microsoft Security Bulletin MS01-020, Incorrect MIME Header Can Cause IE to Execute E-mail Attachment, to run automatically on some computers when an infected e-mail is viewed. Win32/Bugbear.B@mm also includes a file infecting component and opens an unsecured backdoor on TCP port 1080.

Win32/Wowstealer.A@mm is a mass mailing e-mail worm that targets the account credentials used to access the World of Warcraft online game. Win32/Wowstealer.A@mm lowers the security settings in Microsoft Outlook Express that would normally prevent accidental opening of executable e-mail attachments.

Win32/Funner is an instant messaging worm that spreads through MSN Messenger, MSN Communicator, and QQ. The worm overwrites the HOSTS file to redirect certain outbound Internet traffic from the infected computer to an attacker’s server, which could enable phishing and man-in-the-middle attacks. These attacks may include theft of credentials such as user names, passwords, and credit card data, as well as injection of malicious code into Internet traffic that is bound for the user's computer.

Worm:Win32/Nuwar.IR registers itself as a Licensed Service Provider (LSP) on the compromised system. The worm receives messages from a remote Web site which it then appends to outgoing Web-based communications. The message includes a link that points to a copy of the worm file. These messages may be appended to outgoing instant messaging chats, Web-based e-mail, as well as blog comments and forum posts.

Worm:Win32/Stration.X is a mass-mailing email worm that sends itself to addresses obtained from a wide range of file types found on the infected system. The e-mail message composed by the worm may masquerade as a failure message or as a scanning tool. Worm:Win32/Stration.X also acts as a Trojan downloader, attempting to download a file from a remote website. The downloaded file is typically another variant of the Win32/Stration family.

Worm:Win32/Mabutu.A@mm is a family of mass-mailing worms that targets computers running certain versions of Microsoft Windows. The worm sends a copy of itself as an attachment to e-mail addresses found on the infected computer. The worm has a backdoor component that connects to an IRC server from the infected computer to receive commands from attackers.

Worm:Win32/Gaobot.ZT is a network worm that targets certain versions of Microsoft Windows. It spreads by exploiting vulnerabilities that are patched in several Microsoft Security Bulletins. To retrieve personal and system information, it also spreads to writeable network shares that have weak administrator passwords. The worm targets certain Web sites for denial of service (DoS) attacks. The worm also has backdoor capabilities, which allow attackers to control an infected computer through an IRC channel.

Worm:Win32/Gaobot.ZR is a network worm that targets certain versions of Microsoft Windows. It spreads by exploiting multiple vulnerabilities that are patched in various Microsoft Security Bulletins. It also spreads to writeable network shares that have weak administrator passwords to retrieve personal and system information. The worm targets certain Web sites for denial of service (DoS) attacks. The worm also has backdoor capabilities, which allow attackers to control a computer through an IRC channel.

Worm:Win32/Gaobot.ZS is a network worm that targets certain versions of Microsoft Windows. It spreads by exploiting known vulnerabilities that are patched in several Microsoft Security Bulletins. To retrieve personal and system information, it also spreads to writeable network shares that have weak administrator passwords. The worm targets certain Web sites for denial of service (DoS) attacks. The worm also has backdoor capabilities, which allow attackers to control an infected computer through an IRC channel.

Win32/Sober.S@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses found on the infected computer. The worm runs when the user opens the attachment.

Worm:Win32/Slenfbot.AQ is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/Slenfbot.AT is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/Pushbot.BZ is a worm that spreads via MSN Messenger when commanded to by a remote attacker. This worm contains backdoor functionality that allows unauthorized access and control of an affected machine.

Worm:Win32/Pakabot.gen is a generic detection for the Worm:Win32/Pakabot family of worms. This family spreads via MSN Messenger and contains backdoor functionality that allows unauthorized access and control of the affected machine.

Worm:Win32/Nuwar.JZ is a backdoor trojan that allows unauthorized access to an infected computer. The trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network.

Win32/Antinny is a family of worms that targets certain versions of Microsoft Windows. The worm spreads using a Japanese peer-to-peer file-sharing application named Winny. The worm creates a copy of itself with a deceptive file name in the Winny upload folder so that it can be downloaded by other Winny users.

 

Japanese text description of Win32/Antinny:
http://www.microsoft.com/japan/security/encyclopedia/Antinny.mspx