Update: This threat has been renamed Backdoor:Win32/Mocbot.A.

 

Backdoor:Win32/Graweg.B is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Graweg.B begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Graweg.B is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Graweg.B could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Graweg.B may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Graweg.B includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Graweg.B has been assigned CME ID 762 and will be detected by Microsoft as

Win32/Sober.S@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses found on the infected computer. The worm runs when the user opens the attachment.

Update: This threat was originally detected as Backdoor:Win32/Graweg.B.

 

Backdoor:Win32/Mocbot.B is an IRC Trojan that connects to an IRC channel and awaits commands from remote attackers. When instructed, Backdoor:Win32/Mocbot.B begins searching the local network for systems which have not yet applied the Microsoft Windows Server Service security patch described in Microsoft Security Bulletin MS06-040. The Trojan also includes the ability to send messages via AOL Instant Messenger (AIM) and ICQ. The exploit code used by Backdoor:Win32/Graweg.B is only effective against un-patched systems running Windows 2000. However, the Trojan can still infect patched versions of Windows 2000 and other Windows operating systems by means other than exploit. For example, Backdoor:Win32/Mocbot.B could be distributed as an e-mail attachment, or a link to the Trojan could be sent to e-mail or AIM recipients.

 

Backdoor:Win32/Mocbot.B may lower security settings on infected systems and allows the system to be used for nefarious purposes, such as launching a Denial of Service (DoS) attack against others. Backdoor:Win32/Mocbot.B includes the ability to download other files, thus the Trojan could update its functionality or download additional malicious software to infected systems.

 

Backdoor:Win32/Mocbot.B has been assigned CME ID 762 and will be detected by Microsoft as

Win32/Sober.V@mm!CME-157 is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from certain files on the host computer. The worm runs on when the user opens the e-mail attachment.

Win32/Sober.V@mm is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from certain files on the host computer. The worm runs on when the user opens the e-mail attachment.

Win32/Sober.V@mm is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from certain files on the host computer. The worm runs on when the user opens the e-mail attachment.

Win32/Sober.V@mm is a mass-mailing worm. The worm spreads by sending a copy of itself as an e-mail attachment to e-mail addresses that it gathers from certain files on the host computer. The worm runs on when the user opens the e-mail attachment.

Backdoor:Win32/Rbot!8A89 is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

 

Backdoor:Win32/Rbot!8A89 may be detected as Backdoor:Win32/Rbot.AF.

Backdoor:Win32/Rbot.JF is a member of Win32/Rbot - a large family of IRC-controlled backdoors that allow unauthorized access and control of an affected computer. Using this backdoor, an attacker can perform a large number of different actions on an affected computer, including downloading and executing arbitrary files, stealing sensitive information and spreading to other computers using various methods.

Win32/Zindos.A.worm is a network worm that targets computers running Microsoft Windows 9x, Windows ME, Windows NT, Windows 2000, or Windows XP. The worm spreads through a backdoor created by the mass-mailer worm Win32/Mydoom.O@mm. Win32/Zindos.A.worm performs a denial of service (DoS) attack against www.microsoft.com.

Win32/Msblast.B is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. The worm performs a denial of service (DoS) attack against windowsupdate.com, if the day of the month is greater than 15 or the month is greater than 8.

Win32/Msblast.C is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. It performs a denial of service (DoS) attack against windowsupdate.com, if the day of the month is greater than 15 or the month is greater than 8.

Win32/Msblast.D is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. It performs a denial of service (DoS) attack against windowsupdate.com, if the day of the month is greater than 15 or the month is greater than 8.

Win32/Msblast.E is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. It performs a denial of service (DoS) attack against kimble.org, if the day of the month is greater than 15 or the month is greater than 8.

Win32/Msblast.F is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. It performs a denial of service (DoS) attack against tuiasi.ro, if the day of the month is greater than 15 or the month is greater than 8.

Win32/Msblast.G is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 installed. It performs a denial of service (DoS) attack against windowsupdate.com, if the day of the month is greater than 15 or if the month is greater than 8.

Win32/Msblast.H is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. It performs a denial of service (DoS) attack against windowsupdate.com, if the day of the month is greater than 15 or the month is greater than 8.

Win32/Msblast.A is a network worm that can spread to a computer running Microsoft Windows 2000 or Windows XP that does not have Security Update MS03-026 or MS03-039 installed. It performs a denial of service (DoS) attack against windowsupdate.com if the day of the month is greater than 15 or the month is September or later.