Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
787 entries found. Displaying page 17 of 40.
Updated on Jul 14, 2004
Win32/Sasser.D.worm is a network worm that exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011. The worm targets Windows XP computers that do not have MS04-011 installed. Unlike previous variants, Sasser.D does not work on Windows 2000. Infected computers attempt to spread the worm to other unprotected computers by randomly scanning IP addresses and infecting vulnerable computers. 
Alert level: severe
Updated on Jul 15, 2004
Win32/Randex.D is a network worm that targets computers running certain versions of Microsoft Windows. The worm randomly scans IP addresses to spread to writeable network shares that have weak passwords. The worm drops a backdoor proxy Trojan that acts as an HTTP proxy that allows attackers to access the infected computer.
Alert level: severe
Updated on Jul 19, 2004
Win32/Sasser.B is a network worm that exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011. The worm targets Windows 2000 and Windows XP computers that do not have the MS04-011 security update installed. Infected computers attempt to spread the worm to other unprotected computers by randomly scanning IP addresses and infecting vulnerable computers.
Alert level: severe
Updated on Jul 21, 2004
Win32/HLLW.Doomjuice.A is a worm that targets computers infected with the Mydoom.A or Mydoom.B worms. Doomjuice.A scans for systems listening on TCP port 3127, the backdoor port for Mydoom.A and Mydoom.B. Doomjuice.A launches a denial of service (DoS) attack against www.microsoft.com
Alert level: severe
Updated on Jul 21, 2004
Win32/HLLW.Doomjuice.B is a worm that targets computers infected with the Mydoom.A or Mydoom.B worms. Doomjuice.B scans for systems listening on TCP port 3127, the backdoor port for Mydoom.A and Mydoom.B. Doomjuice.B launches a denial of service (DoS) attack against www.microsoft.com.
Alert level: severe
Updated on Aug 09, 2004
Win32/Bagle.AQ@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. It also spreads through file-sharing networks. The worm opens a backdoor on a TCP port that allows use of the infected computer as an HTTP relay.
Alert level: severe
Updated on Sep 01, 2004
Win32/Sasser.E.worm is a network worm that exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011. The worm targets Windows XP computers that do not have MS04-011 installed. Infected computers attempt to spread the worm to other unprotected computers by randomly scanning IP addresses and infecting vulnerable computers. 
Alert level: severe
Updated on Oct 29, 2004
Win32/Bagle.AS@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. It also spreads through file-sharing networks. The worm opens a backdoor and monitors a TCP port that allows remote attackers to execute files on the infected computer.
Alert level: severe
Updated on Nov 17, 2004
Win32/Sasser.F.worm is a network worm that exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011. The worm targets Windows 2000 and Windows XP computers that do not have MS04-011 installed. Infected computers attempt to spread the worm to other unprotected computers by randomly scanning IP addresses and infecting vulnerable computers. 
Alert level: severe
Updated on Jan 25, 2005
Win32/Korgo.AD.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may display an LSA crash dialog box and may crash and reboot unexpectedly.
Alert level: severe
Updated on Jan 25, 2005
Win32/Korgo.AB.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.
Alert level: severe
Updated on Feb 11, 2005
Win32/Mydoom.AO@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer.
Alert level: severe
Updated on Feb 24, 2005
Win32/Bagle.O is a backdoor Trojan that injects itself in Windows Explorer. The Trojan monitors a random TCP port for instructions from attackers.
Alert level: severe
Updated on Feb 24, 2005
Win32/Bagle.L@mm is a backdoor Trojan that injects itself in Windows Explorer. The Trojan monitors a random TCP port for instructions from attackers.
Alert level: severe
Updated on Mar 30, 2005
Win32/Mydoom.BH@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer.
Alert level: severe
Updated on Apr 27, 2005
Win32/Sober.P@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm runs when a user opens the attachment.
Alert level: severe
Updated on Nov 23, 2005
Win32/Sober.Z@mm is a mass-mailing worm that targets computers running Microsoft Windows. The worm sends a zipped copy of itself as an attachment to e-mail addresses that it finds on the infected computer. The worm runs when a user opens the attachment in the e-mail message.
 
This worm was assigned CME ID CME-681.
 
December 16, 2005 Update: Win32/Sober.Z@mm is programmed to download and run malicious files from certain Web domains beginning on January 6, 2006, midnight UTC/GMT . Beginning approximately every two weeks thereafter, the worm is set to begin downloading and running malicious files from additional sites on the same Web domains.
 
Alert level: severe
Updated on Nov 27, 2006
Win32/Sober.Z@mm is a mass-mailing worm that targets computers running Microsoft Windows. The worm sends a zipped copy of itself as an attachment to e-mail addresses that it finds on the infected computer. The worm runs when a user opens the attachment in the e-mail message.
 
This worm was assigned CME ID CME-681.
 
December 16, 2005 Update: Win32/Sober.Z@mm is programmed to download and run malicious files from certain Web domains beginning on January 6, 2006, midnight UTC/GMT . Beginning approximately every two weeks thereafter, the worm is set to begin downloading and running malicious files from additional sites on the same Web domains.
 
Alert level: severe
Updated on Jul 19, 2004
Win32/Sasser.C is a network worm that exploits the Local Security Authority Subsystem Service (LSASS) vulnerability fixed in Microsoft Security Update MS04-011. The worm targets Windows 2000 and Windows XP computers that do not have the MS04-011 security update installed. Infected computers attempt to spread the worm to other unprotected computers by randomly scanning IP addresses and infecting vulnerable computers.
Alert level: high
Updated on Feb 24, 2005
TrojanProxy/Win32.Mitglieder.G is a backdoor Trojan that injects itself into Windows Explorer. The Trojan monitors a random TCP port for instructions from remote attackers.
Alert level: severe