Win32/Bagle.I@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on the infected computer. It also spreads through file-sharing networks by copying itself to certain folders. The worm monitors a particular TCP port for instructions from remote attackers.

Win32/Bagle.K@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on the infected computer. It also spreads through file-sharing networks by copying itself to certain folders. The worm monitors a particular TCP port for instructions from remote attackers.

Win32/Bagle.P@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment. The worm monitors a random TCP port for instructions from remote attackers. Win32/Bagle.P@mm is also a polymorphic file infector.

Win32/Bagle.W@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the user opens the attachment. The worm monitors a TCP port for instructions from remote attackers.

Win32/Bagle.Z@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the user opens the attachment. The worm monitors a TCP port for instructions from remote attackers.

 

W32.Mimail.S@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the user opens the attachment. The worm also launches denial of service (DoS) attacks against certain Web sites.

Win32/Mugly.H@mm is a mass-mailing worm that spreads by sending a copy of itself as an attachment via e-mail and to contacts in MSN Messenger or Windows Messenger. When executed, Win32/Mugly.H@mm drops and executes Win32/Spybot.BE.

Win32/Bagle.Y@mm is a backdoor Trojan that targets certain versions of Microsoft Windows. The Trojan monitors a random TCP port for instructions from remote attackers.

Worm:Win32/Wootbot.BM is a backdoor trojan that allows attackers to control the infected computer via IRC channels. Upon receiving certain commands, the trojan can perform Denial-of-Service (DoS) attacks and spread to other computers that have not applied the update provided in Microsoft Security Bulletin MS04-011.

Win32/Gaobot.AAB.worm is a network worm that that targets computers running various versions of Microsoft Windows. The worm can spread across network connections using weak passwords or by exploiting certain Windows vulnerabilities. After the Trojan copies itself to a computer, it connects to an IRC server to receive commands from attackers.

Win32/Gaobot.AAE.worm is a network worm that targets computers running various versions of Microsoft Windows. The worm can spread across network connections using weak passwords or by exploiting various Windows vulnerabilities. After the worm copies and runs itself on a computer, it connects to an IRC server to receive commands from attackers.

Win32/Gaobot.AAK.worm is a network worm that targets computers running certain versions of Microsoft Windows. The worm can spread across network connections using weak passwords or by exploiting vulnerabilities described in several Microsoft Security Bulletins. The worm has backdoor capabilities that allow attackers to control the infected computer using IRC channels. The worm also acts as a bot on an IRC network, coordinated through the IRC commands, to launch massive distributed denial of service (DDoS) attacks, and retrieve personal and system information.

Win32/Sober.M@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm runs when a user opens the attachment.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

Win32/Sober.O@mm is a mass-mailing worm that targets computers certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm is activated when a user opens the attachment.

Win32/Bobax.P@mm is a mass-mailing network worm that targets computers running certain versions Microsoft Windows. The worm targets computers running Windows 2000 by exploiting the Windows Plug-and-Play buffer overflow vulnerability that is fixed with Microsoft Security Bulletin MS05-039. The worm can also send a copy of itself as an attachment to e-mail addresses that it gathers from the infected computer.

Backdoor:Win32/Wootbot.AX is a backdoor Trojan that targets computers running certain versions of Microsoft Windows. The Trojan connects to an IRC server to receive commands from attackers. For example, an attacker can send a command to distribute the Trojan to other computers by exploiting the Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.

Win32/Ganda.A@mm is a mass-mailing worm that targets Microsoft Windows. The worm sends a copy of itself as an e-mail attachment to e-mail addresses that it finds on the infected computer. The e-mail may be in English or Swedish. The worm infects the computer when the user opens the attachment. The worm can exploit Windows vulnerability MS01-020, which allows an executable e-mail attachment to run automatically when a user merely previews or opens an e-mail message. Win32/Ganda.A@mm has a file-infector component that  replaces an API function call with code that runs a copy of the worm.