Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
953 entries found. Displaying page 12 of 48.
Updated on Sep 13, 2004
Win32/Msblast.G is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 installed. It performs a denial of service (DoS) attack against windowsupdate.com, if the day of the month is greater than 15 or if the month is greater than 8.
Alert level: severe
Updated on Sep 14, 2004
Win32/Msblast.H is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. It performs a denial of service (DoS) attack against windowsupdate.com, if the day of the month is greater than 15 or the month is greater than 8.
Alert level: severe
Updated on Nov 09, 2004
Win32/Msblast.A is a network worm that can spread to a computer running Microsoft Windows 2000 or Windows XP that does not have Security Update MS03-026 or MS03-039 installed. It performs a denial of service (DoS) attack against windowsupdate.com if the day of the month is greater than 15 or the month is September or later.
Alert level: severe
Updated on Nov 09, 2004
Win32/Msblast.I is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. The worm attempts to spread using TCP port 135, UDP port 69, or TCP port 4444. The worm also drops a component that opens a backdoor.
Alert level: severe
Updated on Dec 14, 2004
Win32/Zafi.D@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on an infected machine. The worm is activated when a user opens the e-mail attachment that contains the worm. Your computer may be infected with Win32/Zafi.D@mm if you notice e-mails with a certain appearance, certain error messages, or certain file names on the infected computer.
 
Alert level: severe
Updated on Mar 21, 2005
Backdoor:Win32/Rbot is a family of backdoor Trojans that allows attackers to control infected computers. After a computer is infected, the Trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the Trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The Trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.
Alert level: severe
Updated on Jun 23, 2005
Worm:Win32/Swen.A@mm is a network and mass-mailing worm that targets certain versions of Microsoft Windows. The worm spreads in several ways and terminates security-related processes running on an infected computer. Win32/Swen masquerades as a patch for Microsoft Internet Explorer, and may pretend to download and install software.
Alert level: severe
Updated on Mar 27, 2006
TrojanDropper:Win32/Hupigon is component of Win32/Hupigon. TrojanDropper:Win32/Hupigon copies itself to the system folder and runs itself from there.  It then drops the other Hupigon components, registers the primary Backdoor component as a service, and injects the stealth / password stealer components into other processes using CreateRemoteThread. For more information, see the encyclopedia entry for Win32/Hupigon
Alert level: severe
Updated on Mar 27, 2006
Backdoor:Win32/Hupigon is the main backdoor component of Win32/Hupigon, a family of backdoor Trojans. TrojanDropper:Win32/Hupigon registers this component as a service. The service then opens a backdoor server that allows other computers to connect to and control the infected computer in various ways.
Alert level: severe
Updated on Sep 22, 2006
Win32/Parite.A is a memory resident polymorphic file infector that targets PE EXE and SCR files on the local file system and writeable network shares.
Alert level: high
Updated on Jan 29, 2007
Win32/Wukill.F@mm is a mass-mailing e-mail worm that also spreads via local and mapped drives. The worm modifies the registry to disable viewing of file extensions and paths in Windows Explorer.
Alert level: severe
Updated on Mar 25, 2007
Worm:Win32/Hybris.A@mm includes both a virus and a worm component. The virus component infects WSOCK32.DLL, enabling the virus to activate when an Internet connection is established. The worm component spreads by monitoring outgoing e-mail traffic and, when a legitimate e-mail is sent, follows that by sending a second email to the same addresses. That email contains a copy of the worm. Worm:Win32/Hybris.A@mm can download plug-ins via anonymous binary postings made to a particular newsgroup, thus changing the functionality.
Alert level: severe
Updated on Mar 25, 2007
Worm:Win32/Hybris.gen@mm includes both a virus and a worm component. The virus component infects WSOCK32.DLL, enabling the virus to activate when an Internet connection is established. The worm component spreads by monitoring outgoing e-mail traffic and, when a legitimate e-mail is sent, follows that by sending a second email to the same addresses. That email contains a copy of the worm. Worm:Win32/Hybris.gen@mm can download plug-ins via anonymous binary postings made to a particular newsgroup, thus changing the functionality.
Alert level: severe
Updated on Apr 23, 2007
Win32/Parite is a family of polymorphic file infectors that targets computers running Microsoft Windows. The virus infects .exe and .scr executable files on the local file system and on writeable network shares. In turn, the infected executable files perform operations that cause other .exe and .scr files to become infected.
Alert level: severe
Updated on Jun 05, 2007
Worm:Win32/Allaple.A is a multi-threaded, polymorphic network worm capable of spreading to other computers connected to a local area network (LAN) and performing denial-of-service (DoS) attacks against targeted remote Web sites.
Alert level: severe
Updated on Jun 05, 2007
Worm:Win32/Allaple.B is a multi-threaded, polymorphic network worm capable of spreading to other computers connected to a local area network (LAN) and performing denial-of-service (DoS) attacks against targeted remote Web sites.
Alert level: severe
Updated on Jun 05, 2007
Worm:Win32/Allaple.C is a multi-threaded, polymorphic network worm capable of spreading to other computers connected to a local area network (LAN) and performing denial-of-service (DoS) attacks against targeted remote Web sites.
Alert level: severe
Updated on Sep 05, 2007
Backdoor:Win32/Nuwar.A is a backdoor Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, registry entries and registry values.
Alert level: severe
Updated on Sep 07, 2007
TrojanDropper:Win32/Nuwar.gen!backdoor is a Trojan that drops and installs Backdoor:Win32/Nuwar.B onto an infected computer.
 
Backdoor:Win32/Nuwar.B is a Backdoor Trojan that allows unauthorized access to an infected computer. The Trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This Trojan also contains advanced stealth functionality that allows it to hide particular files, registry entries and registry values.
 
Related Malware
Alert level: severe
Updated on Sep 12, 2007
Spammer:Win32/Nuwar.B is a component of the Win32/Nuwar Trojan family, and is used to relay e-mails. E-mail messages are sent in various formats, commonly containing a hyperlink to a remote Web site hosting Win32/Nuwar Trojan files.
Alert level: severe