Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
500 entries found.
Displaying page 1
of 25.
Worm:Win32/Emerleox.gen!A
Worm:Win32/Emerleox.gen is a network worm that attempts to copy itself to writable network shares by exploiting weak password/username combinations. When Worm:Win32/Emerleox.gen is run, it attempts to disable certain antivirus and firewall products by disabling registry entries and killing processes associated with those programs.
Alert level:
severe
Worm:Win32/Emerleox.gen!B
Worm:Win32/Emerleox.gen is a network worm that attempts to copy itself to writable network shares by exploiting weak password/username combinations. When Worm:Win32/Emerleox.gen is run, it attempts to disable certain antivirus and firewall products by disabling registry entries and killing processes associated with those programs.
Alert level:
severe
Worm:Win32/Bugbear.B@mm
Win32/Bugbear.B@mm is a mass-mailing e-mail worm that also spreads via unprotected network shares. E-mail messages used by the Win32/Bugbear.B@mm worm may use the vulnerability mentioned in Microsoft Security Bulletin MS01-020, Incorrect MIME Header Can Cause IE to Execute E-mail Attachment, to run automatically on some computers when an infected e-mail is viewed. Win32/Bugbear.B@mm also includes a file infecting component and opens an unsecured backdoor on TCP port 1080.
Alert level:
severe
Worm:Win32/Wowstealer.A
Win32/Wowstealer.A@mm is a mass mailing e-mail worm that targets the account credentials used to access the World of Warcraft online game. Win32/Wowstealer.A@mm lowers the security settings in Microsoft Outlook Express that would normally prevent accidental opening of executable e-mail attachments.
Alert level:
severe
Worm:Win32/Funner.A
Win32/Funner is an instant messaging worm that spreads through MSN Messenger, MSN Communicator, and QQ. The worm overwrites the HOSTS file to redirect certain outbound Internet traffic from the infected computer to an attacker’s server, which could enable phishing and man-in-the-middle attacks. These attacks may include theft of credentials such as user names, passwords, and credit card data, as well as injection of malicious code into Internet traffic that is bound for the user's computer.
Alert level:
severe
Worm:Win32/Nuwar.IR
Worm:Win32/Nuwar.IR registers itself as a Licensed Service Provider (LSP) on the compromised system. The worm receives messages from a remote Web site which it then appends to outgoing Web-based communications. The message includes a link that points to a copy of the worm file. These messages may be appended to outgoing instant messaging chats, Web-based e-mail, as well as blog comments and forum posts.
Alert level:
severe
Worm:Win32/Stration.X
Worm:Win32/Stration.X is a mass-mailing email worm that sends itself to addresses obtained from a wide range of file types found on the infected system. The e-mail message composed by the worm may masquerade as a failure message or as a scanning tool. Worm:Win32/Stration.X also acts as a Trojan downloader, attempting to download a file from a remote website. The downloaded file is typically another variant of the Win32/Stration family.
Alert level:
severe
Worm:Win32/Mabutu.A@mm
Worm:Win32/Mabutu.A@mm is a family of mass-mailing worms that targets computers running certain versions of Microsoft Windows. The worm sends a copy of itself as an attachment to e-mail addresses found on the infected computer. The worm has a backdoor component that connects to an IRC server from the infected computer to receive commands from attackers.
Alert level:
severe
Worm:Win32/Gaobot.ZT
Worm:Win32/Gaobot.ZT is a network worm that targets certain versions of Microsoft Windows. It spreads by exploiting vulnerabilities that are patched in several Microsoft Security Bulletins. To retrieve personal and system information, it also spreads to writeable network shares that have weak administrator passwords. The worm targets certain Web sites for denial of service (DoS) attacks. The worm also has backdoor capabilities, which allow attackers to control an infected computer through an IRC channel.
Alert level:
severe
Worm:Win32/Gaobot.ZR
Worm:Win32/Gaobot.ZR is a network worm that targets certain versions of Microsoft Windows. It spreads by exploiting multiple vulnerabilities that are patched in various Microsoft Security Bulletins. It also spreads to writeable network shares that have weak administrator passwords to retrieve personal and system information. The worm targets certain Web sites for denial of service (DoS) attacks. The worm also has backdoor capabilities, which allow attackers to control a computer through an IRC channel.
Alert level:
severe
Worm:Win32/Gaobot.ZS
Worm:Win32/Gaobot.ZS is a network worm that targets certain versions of Microsoft Windows. It spreads by exploiting known vulnerabilities that are patched in several Microsoft Security Bulletins. To retrieve personal and system information, it also spreads to writeable network shares that have weak administrator passwords. The worm targets certain Web sites for denial of service (DoS) attacks. The worm also has backdoor capabilities, which allow attackers to control an infected computer through an IRC channel.
Alert level:
severe
Worm:Win32/Sober.S@mm
Win32/Sober.S@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses found on the infected computer. The worm runs when the user opens the attachment.
Alert level:
severe
Worm:Win32/Slenfbot.AQ
Worm:Win32/Slenfbot.AQ is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.
Alert level:
severe
Worm:Win32/Slenfbot.AT
Worm:Win32/Slenfbot.AT is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.
Alert level:
severe
Worm:WinCE/Mepos.A
Worm:WinCE/Mepos.A is a malicious program that affects mobile devices running the Windows CE operating system using ARM architecture. It has been observed in the wild, packaged with some popular game programs, using the filename 'smallgame.cab' hosted on Chinese web sites.
Alert level:
severe
Worm:Win32/Pushbot.BZ
Worm:Win32/Pushbot.BZ is a worm that spreads via MSN Messenger when commanded to by a remote attacker. This worm contains backdoor functionality that allows unauthorized access and control of an affected machine.
Alert level:
severe
Worm:Win32/Pakabot.gen
Worm:Win32/Pakabot.gen is a generic detection for the Worm:Win32/Pakabot family of worms. This family spreads via MSN Messenger and contains backdoor functionality that allows unauthorized access and control of the affected machine.
Alert level:
severe
Worm:Win32/Nuwar.JZ
Worm:Win32/Nuwar.JZ is a backdoor trojan that allows unauthorized access to an infected computer. The trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network.
Alert level:
severe
Worm:Win32/Antinny.W
Win32/Antinny is a family of worms that targets certain versions of Microsoft Windows. The worm spreads using a Japanese peer-to-peer file-sharing application named Winny. The worm creates a copy of itself with a deceptive file name in the Winny upload folder so that it can be downloaded by other Winny users.
Japanese text description of Win32/Antinny:
http://www.microsoft.com/japan/security/encyclopedia/Antinny.mspx
http://www.microsoft.com/japan/security/encyclopedia/Antinny.mspx
Alert level:
severe