Worm:Win32/Slenfbot.AU is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Backdoor:Win32/Oderoor.gen!A is a backdoor Trojan that allows an attacker access to the compromised computer. This Trojan may connect with remote Web sites and SMTP servers.

Worm:Win32/Pushbot.BZ is a worm that spreads via MSN Messenger when commanded to by a remote attacker. This worm contains backdoor functionality that allows unauthorized access and control of an affected machine.

Worm:Win32/Brontok.AR@mm is detection for a group of variants of the Win32/Brontok worm family.

 

This worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from files on the infected computer. It can also copy itself to USB and pen drives. Win32/Brontok can disable antivirus and security software, immediately terminate certain applications, and cause Windows to restart immediately when certain applications run. The worm may also conduct denial of service (DoS) attacks against certain Web sites.

Worm:AutoIt/Sohanad.AI is an AutoIT script worm that spreads by copying itself to local and removable drives, and network shares. It may also send messages to contacts via Yahoo Messenger.

Worm:Win32/Slenfbot.ML is a worm that can spread via MSN Messenger. The worm also contains backdoor functionality that allows unauthorized access to an affected machine. This worm does not spread automatically upon installation, but must be ordered to spread by a remote attacker.

Worm:Win32/Qwizz.A!bat is a Batch script worm that may copy itself to networked shares, stop services, and download and execute other malware. This worm may be dropped by Worm:Win32/Qwizz.A.

Worm:Win32/Qwizz.A is a dropper that executes a dropped Batch script worm, identified as Worm:Win32/Qwizz.A!bat. The worm may copy itself to networked shares, and download and execute other malware.

Win32/Bagle.BA@mm!CME-477 is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it finds on the host computer. Win32/Bagle.BA@mm!CME-477 also spreads by copying itself to folders containing the string 'shar' in the folder name.

Worm:Win32/Alcan.B is a worm that spreads via peer-to-peer networking applications.  It may prevent system utilities from working and/or infect the computer with other malicious  software.

Worm:Win32/Zotob.F is a network worm that primarily targets Microsoft Windows 2000 computers that do not have Microsoft Security Bulletin MS05-039 installed. MS05-039 patches the Windows Plug-and-Play buffer overflow vulnerability. The worm can also infect computers running other Windows operating systems if it is delivered through e-mail, instant messaging, or other routes. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

Worm:Win32/Zotob.D is a backdoor Trojan that targets computers running Microsoft Windows 2000 that do not have MS05-039 installed. It can also infect computers running other versions of Windows operating systems if it is delivered through e-mail, instant messaging, or other routes. The Trojan connects to an IRC server from the infected computer to receive commands from attackers.

Win32/Sober.Z@mm is a mass-mailing worm that targets computers running Microsoft Windows. The worm sends a zipped copy of itself as an attachment to e-mail addresses that it finds on the infected computer. The worm runs when a user opens the attachment in the e-mail message.

 

This worm was assigned CME ID CME-681.

 

 

Win32/Netsky.B@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens an e-mail attachment that contains the worm.

Win32/Korgo.E.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected systems. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Korgo.W.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Bulletin MS04-011 installed. The worm monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Netsky.U@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment that contains the worm. The worm also contains a backdoor and performs denial of service (DoS) attacks against certain Web sites.

Win32/Zafi.C@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to certain e-mail addresses that it finds on an infected machine. The worm is activated when a user opens the e-mail attachment that contains the worm. The worm overwrites certain executable files on the infected computer.

Win32/Bagle.F@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on the infected computer. It also spreads through file-sharing networks by copying itself to certain folders. The worm monitors a particular TCP port for instructions from remote attackers.