Worm:Win32/Gaobot.BP is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Worm:Win32/Gaobot.CH is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Worm:Win32/Gaobot.U is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, MS03-026, or MS03-039. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

TrojanDownloader:Win32/Bagle.BO.dll is a Trojan that targets computers running certain versions of Microsoft Windows. This Trojan is dropped by TrojanDropper:Win32/Bagle.BO and other TrojanDropper:Win32/Bagle variants. It is injected into the explorer.exe process when Windows starts.

Win32/Sober.K@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm is activated when a user opens the attachment. 

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

Win32/Randex.FC is a network worm that targets computers running certain versions of Microsoft Windows. The worm randomly scans IP addresses to spread to writeable network shares that have weak passwords. The worm also has backdoor capabilities that allow attackers to control an infected computer through an IRC channel.

Win32/Randex.W is a network worm that targets computers running certain versions of Microsoft Windows. The worm attempts to spread by randomly scanning IP addresses for writeable network shares with weak passwords. The worm also has backdoor capabilities that allow attackers to control the infected computer through an IRC channel.

Worm:Win32/Spybot.AK is a network worm that targets certain versions of Microsoft Windows. When a computer is infected with Win32/Bropia.A.worm, that worm drops Worm:Win32/Spybot.AK on the infected computer. Win32/Spybot.AI.worm in turn spreads to other computers that do not have Microsoft Security Bulletin MS04-011 (Windows LSASS buffer overflow vulnerability) installed. Worm:Win32/Spybot.AK also has backdoor capabilities, which allow attackers to control an computer through an IRC channel.

Worm:Win32/Lovgate.AE@mm is a mass-mailing worm that sends itself as an e-mail attachment to addresses found on the infected computer. To spread via networks and file shares, Worm:Win32/Lovgate.AE@mm copies itself to writeable network shares and those protected by weak user name and password combinations. The worm opens a backdoor on infected systems and may send system passwords and other sensitive information to the worm's author.

Backdoor:Win32/Sdbot.OI is a backdoor trojan that connects to an IRC server from an infected computer to allow unauthorized access to the computer. Attackers can send commands that include spreading the trojan to network shares using weak passwords and to other computers by exploiting certain Windows buffer-overrun vulnerabilities.

Win32/Mytob.R@mm is a mass-mailing worm that spreads as an attachment through e-mail.  It can also spread to computers that have not been patched for the vulnerability described in Microsoft Security Bulletin MS04-011. Win32/Mytob.R@mm has a backdoor component that connects to an IRC server from the infected computer, allowing it to receive commands from attackers.

Trojan:Win32/Alemod.E.dr is a Trojan dropper and data-stealing Trojan. Trojan:Win32/Alemod.E.dr infects wininet.dll; Microsoft detects the infected wininet.dll file as Win32/Nsag.B. The dropper installs Trojan:Win32/Alemod.E and Trojan:Win32/Alemod.E.dll. Together these Trojans perform operations such as capturing data from outbound user Web traffic and displaying a hyperlink and dropping shortcuts to the infected user's desktop. These shortcuts may point to spyware-related Web sites. For more information, see the encyclopedia entry for Win32/Alemod at
http://www.microsoft.com/security/encyclopedia/details.aspx?Name=Win32/Alemod

Worm:Win32/Zotob.C is a network worm that exploits the Plug-and-Play vulnerability fixed in Microsoft Security Bulletin MS05-039. The worm targets computers running Microsoft Windows 2000 that do not have MS05-039 installed. The worm can also infect computers running other versions of Windows operating systems if it is delivered through e-mail, instant messaging, or other routes.

Win32/Mydoom.AR@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it gathers from Web site queries and from the infected computer. The worm also monitors a TCP port for commands from remote attackers.