Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
855 entries found. Displaying page 34 of 43.
Updated on Dec 07, 2006
Alert level: severe
Updated on Jan 28, 2005
Win32/Gaobot.ZX.worm is a network worm that can spread across network connections by exploiting the vulnerability described in Microsoft Security Bulletin MS03-026. The worm has backdoor capabilities, which allows attackers to control the infected computer using IRC channels. The worm also acts as a bot on the IRC network, coordinated through the IRC command, to launch massive distributed denial of service (DDoS) attacks and retrieve personal and system information.
Alert level: severe
Updated on May 02, 2006
Win32/Nugache.A@mm is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads via e-mail, AOL Instant Messenger (AIM), Windows Messenger, and by exploiting security vulnerabilities. The Win32/Nugache.A@mm worm also creates a backdoor on TCP port 8 and lowers security settings in the Windows firewall.
Alert level: severe
Updated on May 29, 2007
Backdoor:Win32/Sdbot!CC62 connects to a remote Internet Relay Chat (IRC) server and provides attackers with remote access to the impacted system. Commands that can be remotely executed include shutting down antivirus and other security-related software and using exploits to spread to other computers.
Alert level: severe
Updated on Jul 13, 2007
Backdoor:Win32/IRCbot.OP is a backdoor Trojan that connects to a remote IRC channel and listens for commands from remote attackers.
Alert level: severe
Updated on Aug 17, 2007
Backdoor:Win32/Agent!9972 is a backdoor Trojan that allows an attacker to take control of an infected computer. When a computer is infected, the Trojan connects to an Internet Relay Chat (IRC) server and joins a channel in order to receive commands from the controlling attacker. These commands can instruct the Trojan to perform a number of different actions, including downloading and installing additional components and spreading to other computers via MSN Messenger.
Alert level: severe
Updated on Aug 23, 2007
Backdoor:Win32/IRCBot.OU is a backdoor Trojans that targets computers running Microsoft Windows. The Trojan drops other malicious software and opens a backdoor on the infected computer to connect to IRC servers. The Trojan can maintain multiple IRC server connections simultaneously to receive commands from attackers.
 
Backdoor:Win32/IRCBot.OU may be detected as Backdoor:Win32/IRCbot!5320.
Alert level: severe
Updated on Aug 27, 2007
Backdoor:Win32/IRCBot!5320 is a backdoor Trojans that targets computers running Microsoft Windows. The Trojan drops other malicious software and opens a backdoor on the infected computer to connect to IRC servers. The Trojan can maintain multiple IRC server connections simultaneously to receive commands from attackers.
 
Backdoor:Win32/IRCBot!5320 may be detected as Backdoor:Win32/IRCbot.OU.
Alert level: severe
Updated on Aug 30, 2007
Backdoor:Win32/Rbot!D195 is a backdoor Trojan that runs in the background, gathers software installation and computer configuration details, and connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets. Backdoor:Win32/Rbot!D195 may arrive
Alert level: severe
Updated on Sep 09, 2007
Backdoor:Win32/IRCBot.BA is a Windows Messenger worm with backdoor Trojan functionality. The worm sends message to random Messenger contacts with a link to a remote Web site hosting a copy of the worm. If IRCBot.BA is run, it connects to an IRC server and waits to receive commands, such as to self-update, remove itself, download various programs and malware, or terminate running processes.
Alert level: severe
Updated on Sep 14, 2007
Backdoor:Win32/IRCBot.OV is a Windows Messenger worm with backdoor Trojan functionality. The worm sends message to random Messenger contacts with a link to a remote Web site hosting a copy of the worm. If IRCBot.BA is run, it connects to an IRC server and waits to receive commands, such as to self-update, remove itself, download various programs and malware, or terminate running processes.
Alert level: severe
Updated on Dec 13, 2007
Trojan:Win32/Srizbi.gen is a generic detection for Trojans that connect to remote sites to retrieve spam messages. It also uses rootkit techniques in order to hide itself from the affected user.
Alert level: severe
Updated on Dec 17, 2007
Worm:Win32/Neeris.A is a worm that spreads using Microsoft Messenger products. It also contains backdoor functionality.
Alert level: severe
Updated on Jan 09, 2008
PWS:Win32/Sinowal.gen!C is a component of the greater Win32/Sinowal family.
Alert level: severe
Updated on Jan 17, 2008
Worm:Win32/Rootcip.E.dr is a dropper for the worm Win32/Rootcip.E, and for the rootkit VirTool:WinNT/Rootkitdrv.CN. Win32/Rootcip.E spreads by copying itself to the root of all logical disks, including removable drives. VirTool:WinNT/Rootkitdrv.CN hides all malicious processes created by the worm, and disables a security firewall service.
Alert level: severe
Updated on Mar 24, 2008
Trojan:Win32/Pramro.A is a trojan that can act as an SMTP and HTTP proxy and is used to send spam e-mail. In the wild it has been distributed as a 30,208-byte UPX packed executable compiled from a program written in C (although please note that Microsoft may also detect related variants with minor differences with the same name).
Alert level: severe
Updated on Apr 16, 2008
Spammer:WinNT/Srizbi.gen is a generic detection for Trojans that connect to remote sites to retrieve spam messages. It also uses rootkit techniques in order to hide itself from the affected user.
Alert level: severe
Updated on Jul 28, 2008
TrojanDropper:Win32/Cutwail.gen!H is a generic detection for a Trojan family that drops a system driver to conceal itself, and downloads additional malicious programs onto the infected computer. The functionality of the files that are downloaded may change, but Win32/Cutwail usually downloads a Trojan, which is able to send spam. Win32/Cutwail also uses rootkit and other defensive techniques to avoid detection and removal.
 
It attempts to drop a device driver, detected as VirTool:WinNT/Cutwail.K, into the system folder.
Alert level: severe
Updated on Aug 01, 2008
TrojanDownloader:Win32/Snapit.A is a trojan that downloads and executes arbitrary files. In the wild, we have seen this trojan being distributed via the successful exploitation of a vulnerability in the Snapshot Viewer for Microsoft Access (Security Advisory 955179 - http://www.microsoft.com/technet/security/advisory/955179.mspx).
Alert level: severe
Updated on Aug 08, 2008
Worm:Win32/Koobface.A is a worm that may spread when a user logs into their profile account on the Internet social network sites 'MySpace' or 'Facebook'.
Alert level: severe