Win32/Bagle.F@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on the infected computer. It also spreads through file-sharing networks by copying itself to certain folders. The worm monitors a particular TCP port for instructions from remote attackers.

Win32/Bagle.AY@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment. The worm monitors a random TCP port for instructions from remote attackers.

Win32/Bagle.T@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends e-mail messages that exploit the Internet Explorer vulnerability covered in Security Bulletin MS03-032. The worm monitors TCP ports for instructions from remote attackers. Win32/Bagle.R@mm is also a polymorphic file infector.

Win32/Sober.J@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on an infected computer. The worm is activated when a user opens the attachment. 

W32.Mimail.G@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on an infected computer. The worm is activated when the user opens the attachment. The worm also launches denial of service (DoS) attacks against certain Web sites.

W32.Mimail.U@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when the user opens the attachment. The worm also launches denial of service (DoS) attacks against certain Web sites.

Win32/Sobig.C@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm can also spread to writeable network shares.

Win32/HLLW.Nachi.D is a network worm that targets Microsoft Windows 2000 and Windows XP. It propagates by exploiting several known vulnerabilities. It tries to download and apply security updates if it detects the operating system is a certain language version. It also tries to remove certain worms if they are on the infected system.

Worm:Win32/Gaobot.BT is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Worm:Win32/Gaobot.CD is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Win32/Bropia.C.worm is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads and is activated when a user clicks a file that is sent through MSN Messenger or Windows Messenger. The worm drops Win32/Spybot.AT.worm when it runs on a computer.

Worm:Win32/Gaobot.P is a worm that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Worm:Win32/Gaobot.AS is a backdoor Trojan that can spread across network connections by breaking weak passwords or by exploiting vulnerabilities described in Microsoft Security Bulletins MS03-001, MS03-007, or MS03-026. After the Trojan copies and runs itself on a remote computer, it connects to an IRC server to receive commands.

Worm:Win32/Kelvir.AQ is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads and is activated when a user opens a file that is sent through MSN Messenger or Windows Messenger.

Win32/Spybot.BJ.worm is a network worm that targets certain versions of Microsoft Windows. When a computer is infected with Win32/Bropia.N.worm, that worm drops Win32/Spybot.BJ.worm on the infected computer. Win32/Spybot.BJ.worm in turn spreads to other computers that do not have Microsoft Security Bulletin MS04-011 (Windows LSASS buffer overflow vulnerability) installed. Win32/Spybot.BJ.worm also has backdoor capabilities, which allow attackers to control a target computer through an IRC channel.

Worm:Win32/Esbot.D is a network worm that targets Microsoft Windows 2000 computers by exploiting the Windows Plug-and-Play buffer overflow vulnerability that is fixed with Microsoft Security Bulletin MS05-039. The worm can also infect computers running other Windows operating systems if it is delivered through e-mail, instant messaging, or other routes. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

Win32/Mytob.AH@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends a copy of itself as an attachment to e-mail addresses that it gathers from the infected computer and from Web site queries. The worm also spreads by exploiting the DCOM RPC vulnerability that is described in Microsoft Security Bulletin MS03-026. Win32/Mytob.AH@mm has a backdoor component that connects to an IRC server to receive commands from attackers.

Win32/Mytob.AW@mm is a mass mailing worm that targets computers running certain versions of Windows. It spreads by sending a copy of itself as an e-mail attachment to e-mail addresses found on the infected computer. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.