Worm:Win32/Rewdar.A is a network worm that spreads to systems that have not been patched for one or more of the Windows vulnerabilities described in Microsoft Security Bulletins MS04-011, MS05-039, and MS06-040. Worm:Win32/Rewdar.A may also download and run additional malicious software from a specified URL. Worm:Win32/Rewdar.A attempts to terminate security related processes and blocks access to security related websites by modifying the local HOSTS file. These modifications could cause the impacted user to be unable to access updates necessary to detect and remove the worm.

Backdoor:Win32/Sdbot.ZC is a backdoor Trojan that allows an attacker to take control of an infected computer. When a computer is infected, the Trojan connects to an Internet Relay Chat (IRC) server and joins a channel in order to receive commands from the controlling attacker. These commands can instruct the Trojan to perform a number of different actions, including downloading and installing additional components and spreading to other computers via MSN Messenger.

Worm:Win32/Neeris.A is a chat client worm with backdoor Trojan functionality. The worm uses API calls for both Windows Messenger and AOL Messenger to send messages to contacts, with an attached file containing a copy of the worm. Worm:Win32/Neeris.A connects to an IRC server and waits to receive commands, such as to self-update, remove itself, download various programs and malware, or terminate running processes.

Backdoor:Win32/Agent.RL is a backdoor Trojan that runs as a process at Windows startup, and may contact a remote Web server to notify attackers of the Trojan installation. Agent.RL may download additional programs or malware.

Backdoor:Win32/Agent.RL.dll is a backdoor Trojan that runs as a process at Windows startup, and may contact a remote Web server to notify attackers of the Trojan installation. Agent.RL may download additional programs or malware.

Backdoor:Win32/Sdbot.ZA is a backdoor Trojan that allows an attacker to take control of an infected computer. When a computer is infected, the Trojan connects to an Internet Relay Chat (IRC) server and joins a channel in order to receive commands from the controlling attacker. This malware can also spread via network shares with weak passwords, and by exploiting a known vulnerability in the RPCSS Service (addressed in Microsoft Security Bulletin MS03-039).

Backdoor:Win32/Rbot.gen!A is a family of backdoor Trojans that allows attackers to control infected computers. After a computer is infected, the Trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers. Commands can instruct the Trojan to spread to other computers by scanning for network shares with weak passwords, exploiting Windows vulnerabilities, and spreading through backdoor ports opened by other families of malicious software. The Trojan can also allow attackers to perform other backdoor functions, such as launching denial of service (DoS) attacks and retrieving system information from infected computers.

Trojan:Win32/Aegrus.gen is a family of backdoor trojans that allows attackers to control infected computers. After a computer is infected, the trojan connects to a specific IRC server and joins a specific channel to receive commands from attackers.