Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
500 entries found. Displaying page 1 of 25.
Updated on Apr 11, 2011
The Win32/Gaobot worm family spreads using different methods, depending on the variant. Some variants spread to machines with weak passwords. Others exploit vulnerabilities to infect machines. Once a machine is infected, the worm connects to an IRC server to receive commands.
Alert level: high
Updated on Apr 11, 2011
Win32/Dumaru is a family of mass-mailing worms that targets certain versions of Microsoft Windows. The worm sends itself as an e-mail attachment to addresses that it finds on the infected computer. The worm runs when the user opens the attachment. Some variants drop a backdoor Trojan. Win32/Dumaru can infect or overwrite files, open ports, connect to an IRC server, release passwords and other confidential information, and receive commands from attackers.
Alert level: severe
Updated on Apr 11, 2011
Win32/Locksky@mm is a family of mass-mailing worms that targets Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds in files on the infected computer. The worm is activated when a user opens the attachment.
Alert level: high
Updated on Apr 11, 2011
Win32/Stration is a family of mass-mailing email worms that send themselves to addresses obtained from a wide range of file types found on the infected system. The e-mail message composed by the worm may masquerade as a failure message or as a scanning tool. Win32/Stration also acts as a Trojan downloader, attempting to download a file from a remote website. The downloaded file may be another variant of the Win32/Stration family.
Alert level: high
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
 
Win32/Opaserv is a family of network worms that targets computers running certain versions of Microsoft Windows.
 
The worm spreads through network shares using weak passwords or by exploiting the Windows vulnerability described in Microsoft Security Bulletin MS00-072. The worm can connect to a specified Web site to update itself. A Trojan dropped by one or more Opaserv variants performs operations that can prevent a computer from restarting.
Alert level: severe
Updated on Sep 16, 2005
Win32/Klez is a family of mass-mailing network worms that targets certain versions of Microsoft Windows. It can spread through mapped drives, network shares, executable files, and e-mail. Some Win32/Klez variants infect executable files. Win32/Klez also drops the Win32/Elkern virus to infect executable files.
Alert level: severe
Updated on Apr 20, 2007
Win32/Parite is a family of polymorphic file infectors that targets computers running Microsoft Windows. The virus infects .exe and .scr executable files on the local file system and on writeable network shares. In turn, the infected executable files perform operations that cause other .exe and .scr files to become infected.
Alert level: high
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
 
Win32/Optix is a family of highly configurable backdoor trojans that targets several versions of Microsoft Windows. The Trojan opens a backdoor that allows an attacker to control an infected PC remotely. It can also release system information to an attacker and disable security-related and other programs. 
Alert level: severe
Updated on Apr 11, 2011
Win32/Gael is a parasitic virus that targets certain versions of Microsoft Windows. The virus infects Win32 PE .exe files locally and on writeable network shares. The virus can also download TrojanDownloader:Win32/Small from a Web site and run the file.
Alert level: high
Updated on Jul 14, 2015
Windows Defender Antivirus detects and removes this threat.
 
Win32/Zafi is a family of mass-mailing worms. The worm sends itself to email addresses that it finds on the infected PC.
 
It may terminate processes that relate to system utilities and security products. It may change security-related registry key values. Some variants also copy the worm to network-share folders.
Alert level: severe
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
 
Sobig is a family of mass-mailing worms that target PCs running certain versions of Microsoft Windows.
 
The worm sends itself to email addresses that it finds on the infected PC. The worm may also spread to writeable network shares.
Alert level: severe
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
 
Win32/Swen is a family of mass-mailing network worms that targets certain versions of Microsoft Windows. 
 
The worm spreads through email, newsgroups, writeable network shares, Internet relay chat channels, and peer-to-peer file-sharing programs. 
Alert level: severe
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
 
Win32/Spyboter is a family of backdoor trojans that targets certain versions of Microsoft Windows.
 
The trojan injects code into explorer.exe and allows attackers to control the PC through an IRC channel. 
Alert level: severe
Updated on Sep 21, 2005
Win32/Ska is mailer worm that targets certain versions of Microsoft Windows. The worm spreads as an attachment to newsgroup postings and e-mail. The worm runs when a user opens the attachment.
Alert level: severe
Updated on Apr 11, 2011
Win32/Tibs is a family of Trojans that may download and run other malicious software or may steal user data and send it to the attacker via HTTP POST or email. The Win32/Tibs family frequently downloads Trojans belonging to the Win32/Harnig and Win32/Passalert families, both of which are families of Trojan downloaders which may in turn download and run other malicious software.
Alert level: high
Updated on Sep 08, 2005
Win32/Purstiu is a family of Trojan downloaders that targets certain versions of Microsoft Windows. These Trojan downloaders are Internet Explorer browser helper objects (BHOs) that can download and run a file from a Web site.
Alert level: severe
Updated on Apr 20, 2007
Win32/Wukill is a family of mass-mailing e-mail and network worms. The Win32/Wukill worm spreads to root directories on certain local and mapped drives. The worm also spreads by sending a copy of itself as an attachment to e-mail addresses found on the infected computer. 
Alert level: high
Updated on Jul 15, 2015
Windows Defender Antivirus detects and removes this threat.
 
Win32/Wootbot is a family of network worms that target certain versions of Microsoft Windows.
 
The worm spreads to writeable network shares as well as MySQL and Microsoft SQL Server application servers. It also spreads by exploiting various Windows vulnerabilities. The worm has a backdoor component that connects to an IRC server and joins a specific channel to receive commands from attackers.
Alert level: high
Updated on May 16, 2005
Win32/Zindos is a worm that targets computers running the following Microsoft Windows 9x, Windows ME, Windows NT, Windows 2000, and Windows XP. The worm spreads to computers that are already infected by the mass-mailer worm Win32/Mydoom.O@mm. Win32/Zindos may perform a denial of service (DoS) attack against certain Web sites.
Alert level: severe
Updated on May 16, 2005
Win32/Nachi is a family of network worms that spread across network connections by exploiting one or more vulnerabilities in Microsoft Windows 2000 and Windows XP. These worms can also spread using backdoors opened by other malicious software. The worm tries to download and apply security updates; some variants try to remove other malicious software that may be on the infected computer. Some variants replace Web pages stored on the computer with their own Web page.
Alert level: severe