NOD32 - Save 25% - Download Now

Total Defense (former division of CA Technologies)

You are here: Home > Archive > News

News

* June 2006

W32.Beagle.FF aka Bagle.FB/FN: A mass-mailing worm. Opens a back door, possibility to lower security settings and even tries to download or execute remote files. The email has the following characteristics:
Body: "I Love You" or "To Be Beloved".
Attachment name: [Random name].zip
W32.Beagle Family

* March 2006

W32.Beagle.DQ aka Bagle.DX: A mass-mailing worm. Also tries to spread itself through file-sharing networks. Opens a back door, possibility to lower security settings and even tries to download/execute remote files. W32.Beagle Family

* February 2006

W32.Blackmal.E aka Win32.Nyxem.e: Uses its own SMTP engine. Spreads through network shares.Tries to disable security related applications and attempts to rewrite files with modified text every 3rd day of the month.
Keywords: Kama Sutra, Miss Lebanon, Sex pics, Free video, My Wife
F-Secure
McAfee
Symantec
Trend Micro

* November 2005

W32.Mytob.MX aka Mytob.do: Uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Tries to disable security related applications.
W32.Mytob Family
W32.Sober.X[Y] aka Sober.AG:uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Tries to lower securityu settings. Email subject varies and will be in English or German.
W32.Sober Family
W32.Sober Family - New variants Sober.S/T/V:all use their own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Email subject varies and will be in English or German.
W32.Sober Family

* October 2005

W32.Sober.Q[R/S] aka Sober.AC:uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Email subject varies and will be in English or German.
W32.Sober Family

* August 2005

W32.Esbot.A aka W32/IRCbot: a worm that spreads by exploiting the Microsoft Windows Plug and Play Service Vulnerability.

Related Microsoft patches and information available at:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
F-Secure
McAfee
Symantec
Trend Micro
W32.Zotob family: a worm that spreads by exploiting the Microsoft Windows Plug and Play Service Vulnerability. Computers running Windows 95/98/Me/ NT4 cannot be infected, but can still be used to infect vulnerable computers that they can connect to.

Related Microsoft patches and information available at:
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
W32.Zotob Family

* July 2005

W32.Mytob family: added new variants. W32.Mytob Family

* June 2005

W32.Mytob family: multiple variants. Uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. W32.Mytob Family

* May 2005

W32.Lanieca.A aka Eyeveg: uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. F-Secure
Symantec
Trend Micro
W32.Mydoom.BO aka Mytob: uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Contains a backdoor that listens on TCP port 6677.
W32.Mydoom Family
W32.Sober.O[P/S] aka Sober.O[P/S] :uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Email subject varies and will be in English or German. W32.Sober Family

* April 2005

W32.Sober.N[O] aka Sober.N[O]:uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Email subject varies and will be in English or German. W32.Sober Family

* March 2005

W32.Sober.L[M] aka Sober.L[M]:uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Email subject varies and will be in English or German.
The email has the following characteristics:
Subject: "Ich habe Ihre E-Mail bekommen!". or
Subject: "Your Password & Account number".
Attachment name: *.zip
W32.Sober Family

* February 2005

W32.Sober.K[L] aka Sober.K[L]:uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Email subject varies and will be in English or German. W32.Sober Family
W32.Mydoom.AZ[BC] aka Mydoom.AZ[BC]: new variants of W32.Mydoom. Use it's own SMTP engine to send itself to all the email addresses it finds in Windows Address Book.
W32.Mydoom Family
W32.Mydoom.AX[BB] aka Mydoom.AX[BB]: new variants of W32.Mydoom. Use it's own SMTP engine to send itself to all the email addresses it finds in Windows Address Book. W32.Mydoom Family
W32.Bropia.F[J] aka Bropia.F[J]: uses MSN messenger for spreading and drops a variant of Spybot - Agobot on the infected system.
F-Secure
McAfee
Symantec
Trend Micro
* January 2005
W32.Beagle.AY[AZ] aka Bagle.AY[AZ]: a mass-mailing worm that also spreads through file-sharing networks and contains a backdoor that listens on TCP port 81.
W32.Beagle Family
W32.Zar.A aka Zar.A:Uses uses MAPI to send an email to all addresses it finds in Microsoft Outlook Address Book.
The email has the following characteristics:
Subject: "Tsunami Donation! Please help".
Attachment name: tsunami.exe

F-Secure
McAfee
Symantec
Trend Micro

  Advertising

DHL for You
Use 'DHL for You' for easy package sending in the Netherlands!


Save 10% off top Norton Products with Coupon Code 10NAMNORTONSTORE


Save now - 25% off - 2 year license of ESET NOD32 Antivirus 4


Save 20% on Trend Micro™ Titanium™ Maximum Security! Coupon Code: titanium20


Norton 360 Version 5.0 3 Year Protection


ZoneAlarm Internet Security Suite 2012 - Save 50%