Worm:Win32/Kelvir.AS is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads and is activated when a user opens a file that is sent through MSN Messenger or Windows Messenger.

Worm:Win32/Kelvir.AT is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads and is activated when a user opens a file that is sent through MSN Messenger or Windows Messenger.

Worm:Win32/Kelvir.AW is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads through MSN Messenger or Windows Messenger. The worm runs when a user receives a link to the worm file through the Messenger program and opens the link.

Worm:Win32/Wootbot.K is a network worm that includes a backdoor component which connects to an IRC server and awaits commands from remote attackers. For example, an attacker can send a command to distribute the worm to other computers that have not been patched for the Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.

Worm:Win32/Kelvir.BD is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads through MSN Messenger or Windows Messenger. The worm runs when a user receives a link to the worm file through the Messenger program and opens the link.

Win32/Chir.A@mm is a mass-mailing worm. The worm sends a copy of itself as an e-mail attachment to e-mail addresses that it finds on the infected computer and remote shares. The worm runs when a user opens the e-mail attachment. On a computer that has not been patched for the Incorrect MIME Header vulnerability described in Microsoft Security Bulletin MS01-020, the attachment can open automatically under certain conditions.

Win32/Chir.B@mm is both a network and e-mail worm, as well as a virus. The e-mail worm component sends a copy of itself as an e-mail attachment to addresses that it finds on local and remote drives. Win32/Chir.B@mm also exploits the Incorrect Mime Header vulnerability discussed in Microsoft Security Bulletin (MS01-020). This may cause the e-mail attachment to open automatically when the e-mail is read or previewed on susceptible systems that have not had the MS01-020 security patch installed. Win32/Chir.B@mm infects .EXE and .SCR files on local and remote drives. Win32/Chir.B@mm also drops a copy of itself named readme.eml to folders containing .HTM and .HTML files, then appends malicious JavaScript to the bottom of these .HTM* files to cause them to automatically run the infected readme.eml file when they are opened.

Backdoor:Win32/Gaobot.AM is a backdoor Trojan that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Backdoor:Win32/Gaobot.Z is a backdoor Trojan that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

The Netsky family is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. When a user opens an e-mail attachment that contains a Netsky variant, the worm is activated. Some variants copy the worm to network-share folders. Some variants contain a backdoor component and perform denial of service (DoS) attacks.

Win32/Bagle is a family of mass-mailing worms that targets certain versions of Microsoft Windows. The worm spreads primarily through e-mail, though some variants also spread through peer-to-peer networks. The worm acts as a backdoor Trojan, allowing an attacker to access a computer that it has infected. The backdoor can be used to distribute other malicious software. Some variants of Win32/Bagle infect executable files.

Windows Defender Antivirus detects and removes this threat.

 

W32/Mimail is a family of mass-mailing and network worms. The variants target several versions of Microsoft Windows. Some Mimail variants spread through email attachments. Some target PCs that do not have Microsoft Security Bulletins MS02-015 and MS03-014 installed.  Some variants spread through peer-to-peer networks. Some variants gather and transmit user account numbers and passwords. Some variants launch denial of service (DoS) attacks against certain Web sites.

Windows Defender Antivirus detects and removes this threat.

 

Win32/Yaha is a family of mass-mailing network worms that targets certain versions of Microsoft Windows. The worm spreads primarily by sending a copy of itself as an attachment to e-mail addresses gathered from an infected computer. It can also spread through mapped drives and writeable network shares. The worm can terminate security-related processes and conduct denial of service (DoS) attacks against certain Web sites.

Win32/Bagz is a family of mass-mailing worms that targets certain versions of Microsoft Windows. The worm spreads as an e-mail attachment and runs when the user opens the attachment. It can download and run other malicious files from a server.

Windows Defender Antivirus detects and removes this threat.

 

Win32/Maslan is a family of mass-mailing network worms that targets computers running Microsoft Windows. The worm spreads through email and peer-to-peer file-sharing applications. It can also spread to computers that have not been patched for the Windows vulnerabilities described in Microsoft Security Bulletins MS03-039 and MS04-011. The worm installs two backdoors, one of which is a variant of Win32/Sdbot. The worm has a stealth component that hides certain files and directories.

Win32/Klez.H@mm is a mass-mailing e-mail worm that also copies itself to local, mapped, and network shares. Win32/Klez.H@mm attempts to terminate processes associated with antivirus and security software. When sending copies of itself via e-mail, the worm may also attach randomly selected legitimate files found on the system. This could result in compromise of confidential or sensitive data.

Win32/Klez.E@mm is a mass-mailing e-mail worm that also copies itself to local, mapped, and network shares. Win32/Klez.E@mm attempts to terminate processes associated with antivirus and security software. When sending copies of itself via e-mail, the worm may also attach randomly selected legitimate files found on the system. This could result in compromise of confidential or sensitive data.

Exploit:Win32/Siveras.E is detection for specific known malware used to exploit a vulnerability in the Domain Name System (DNS) Server Service. This vulnerability impacts Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.

 

For vulnerability details and patch information, please see Microsoft Security Bulletin MS07-029 at http://www.microsoft.com/technet/security/bulletin/ms07-029.mspx.

Worm:Win32/Allaple.A is a multi-threaded, polymorphic network worm capable of spreading to other computers connected to a local area network (LAN) and performing denial-of-service (DoS) attacks against targeted remote Web sites.