Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
500 entries found.
Displaying page 1
of 25.
Worm:Win32/Vobfus.A
Worm:Win32/Vobfus.A is a worm that installs Worm:Win32/Vobfus.E, changes Windows settings and may download other malware.
Alert level:
severe
VirTool:INF/Autorun.gen!AE
VirTool:INF/Autorun.gen!AE is a generic detection for autorun.inf files that may be used by variants of the Win32/Vobfus family of worms when spreading to local, network or removable drives.
Worms of the Win32/Vobfus family download and run arbitrary files and the downloaded files may include additional malware.
Alert level:
severe
Worm:Win32/Vobfus!dll
Worm:Win32/Vobfus!dll is a component of Win32/Vobfus, a worm that spreads by copying itself to available network and removable drives. It launches a specific file named "x.exe".
Alert level:
severe
Worm:Win32/Buchon.G@mm
Worm:Win32/Buchon.G@mm is a mass-mailing e-mail worm that includes a proxy component that can respond to commands from attackers to download files from remote Web sites.
Alert level:
severe
Worm:Win32/Wukill.F@mm
Win32/Wukill.F@mm is a mass-mailing e-mail worm that also spreads via local and mapped drives. The worm modifies the registry to disable viewing of file extensions and paths in Windows Explorer.
Alert level:
severe
Worm:VBS/Slows.A
Worm:VBS/Slows.A is a worm that copies itself to all logical drives and the Windows folder as ".MS32DLL.dll.vbs". Worm:VBS/Slows.A runs when Windows is started on an infected machine. Worm:VBS/Slows.A also makes certain registry edits to lower security settings on the infected computer.
Alert level:
severe
Worm:Win32/Slenfbot.AE
Worm:Win32/Slenfbot.AE is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.
Alert level:
severe
Worm:Win32/Slenfbot.BT
Worm:Win32/Slenfbot.BT is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.
Alert level:
severe
Worm:Win32/Scano.C@mm
Worm:Win32/Scano.C@mm is worm that spreads via e-mail. The worm sends itself to e-mail addresses that it finds on the infected computer.
Alert level:
severe
Worm:Win32/Slenfbot.HM
Worm:Win32/Slenfbot.HM is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.
Alert level:
severe
Worm:Win32/Brontok.L@mm
Worm:Win32/Brontok.L@mm is detection for a group of variants of the Win32/Brontok worm family.
This worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct denial of service (DoS) attacks against certain Web sites.
Alert level:
severe
Worm:AutoIt/Utoti.A
Worm:AutoIt/Utoti.A is a worm that copies itself to fixed and removable drives, terminates processes, deletes files, and alters Windows settings.
Alert level:
severe
Worm:Win32/Hamweq!inf
Worm:Win32/Hamweq is a worm that spreads via removable drives, such as USB memory sticks. It contains an IRC-based backdoor, which may be used by a remote attacker to order the affected machine to participate in Distributed Denial of Service attacks, or to download and execute arbitrary files.
Alert level:
severe
Worm:VBS/Autorun.F!inf
Worm:VBS/Autorun.F!inf is a detection for the INF file used by Worm:VBS/Autorun.F to automatically execute itself when the removable drive in which it is located is accessed.
Alert level:
severe
Worm:Win32/Mydoom.AR@mm!CME901
Win32/Mydoom.AR@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it gathers from Web site queries and from the infected computer. The worm also monitors a TCP port for commands from remote attackers.
Alert level:
severe
Worm:Win32/Korgo.F
Win32/Korgo.F.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected systems. A computer infected with this worm may crash and reboot unexpectedly.
Alert level:
severe
Worm:Win32/Netsky.G@mm
Win32/Netsky.G@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens an e-mail attachment that contains the worm. There may be no readily apparent indications that a computer is infected with this worm.
Alert level:
severe
Worm:Win32/Korgo.AD
Win32/Korgo.AD.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may display an LSA crash dialog box and may crash and reboot unexpectedly.
Alert level:
severe
Win32/Korgo.O.worm
Win32/Korgo.O.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.
Alert level:
severe