W32.Yaha.K aka Yaha.K: a mass-mailing worm that sends itself using SMTP to all email
addresses that exist on the local system. F.i. Microsoft Windows Address Book, MSN Messenger List, Yahoo Pager list, ICQ list and files with extensions ht*. Terminates some antivirus and firewall processes.

W32.Brida.A aka W32.Braid - Brid: A mass-mailing worm that contains its own SMTP engine. Includes a modified variant of W32.FunLove.4099.
Attachment name: README.EXE

W32.Sponge aka Sponge.A: a mass-mailing worm that appends .HTM files, overwrites
.PIF and .SCR files, and alters Microsoft Word's Normal.dot.
Attachment name: Spongy.exe

W32.Opaserv aka Opasoft (New Variants): a network-aware worm that attempts to replicate across open network shares. Copies itself to the remote computer as a file named Brasil.exe. Attempts to download updates from www.n3t.com.br.

W32.Opaserv aka Opasoft: a network-aware worm that attempts to replicate across open network shares. Copies itself to the remote computer as a file named Scrsvr.exe. Attempts to download updates from www.opasoft.com.

W32.Bugbear.A aka Tanatos: a mass-mailing worm. Can be spread through network shares.
Has keystroke-logging and backdoor capabilities. Will attempt to terminate the processes of AV
and firewall programs.

Linux.Slapper.Worm aka Slapper: a family of worms that use an OpenSSL buffer
overflow exploit to run a shell on a remote computer. Each variant targets vulnerable installations
of the Apache Web server on Linux operating systems, including versions of SuSe, Mandrake, RedHat, Slackware, and Debian. Code for a Distributed Denial of Service attack is included.

W32.Datom aka Datom: a worm that spreads through open shares. No damaging payload.

W32.Frethem.K aka W32.Frethem.I - Frethem: a mass-mailing worm that uses its own SMTP engine to send itself to email addresses found in the Microsoft Windows Address Book and in .dbx, .wab, .mbx, .eml, and .mdb files.
Attachment name: password.exe and Password.txt

W32.Yaha aka Yaha - Lentin: a mass-mailing worm that sends itself using SMTP to all email addresses that exist on the local system. F.i. Microsoft Windows Address Book,
MSN Messenger List, Yahoo Pager list, ICQ list and files with extensions ht*.

VBS.VBSWG.AQ aka Shakira: a VBScript threat that send itself to users of Microsoft Outlook or IRC as 'ShakiraPics.jpg.vbs'. It will overwrite '.vbs' and '.vbe' files with its own code.
Attachement name: ShakiraPics.jpg.vbs

W32.Benjamin.worm aka Benjamin: Seems like a popular music, movie and software
file, but tricking the KaZaA users into downloading a fake media program to their computer and opening it. Affects only users with Kazaa software installed.

The JDBGMGR.EXE Virus Hoax: This hoax warns against a virus contained in a file called JDBGMGR.EXE, that is spreading by MSN Messenger.

W32.Klez.H aka Klez.H: a new member of the Klez family. A mass-mailing email worm
that attempts to copy itself to network shares. It's using random subject lines, message bodies,
and attachment file names. Payload is that there are files overwritten and hidden copies of the worm are created.

W32.Aplore aka W32.Aphex: a mass-mailing worm that emails itself to all email addresses
in the Microsoft Outlook address book. Also uses IRC to spread itself.

W32.Cervivec.A aka Cervivec.A: a mass-mailing worm that is written in Delphi. The
worm is packed with UPX packer. When executed, the worm attempts to find email addresses belonging to contacts in the ICQ contact list, and then to send email to them.
Attachement name: WORMS.ZIP

W32.MyLife.B aka W32.Caric: Family of W32.MyLife. A mass-mailing worm that uses Microsoft Outlook to spread to all addresses in the Outlook address book. Copies itself
to C:\Windows \System\Cari.scr and may delete files, depending on the system time.

W32.Atram aka W32.Porkis - W32.Storiel: yet another mass-mailing worm. Contains
its own SMTP engine. Uses the system default SMTP server for spreading itself to addresses found
in the Windows Address Book.
Attachment name: PORKIS.EXE, PIPPO.EXE or BAR.EXE

W32.FBound.C aka W32.Impo.gen - W32.Dotjaypee: a mass-mailing worm with no payload. Only action is to send itself to all addresses found in Windows Address Book. Uses the SMTP
engine of the infected system. Random chosen Japanese subject when address ends with '.jp'.
Attachment name: patch.exe

W32.Gibe aka W32.Gibe.A: a worm that uses Microsoft Outlook and its own SMTP
engine to spread. Arrives in an email message disguised as a Microsoft Internet Security Update.
It also attempts to copy itself to all locally mapped remote drives.
Attachment name: Q216309.exe

W32.MyLife aka MyLife.A: a simple mass-mailer that sends itself to all contacts in the Microsoft Outlook address book. A compiled Visual Basic executable that has been compressed.

W32.Klez.e aka Klez.e: a mass-mailing email worm that attempts to copy itself to
network shares. It's using random subject lines, message bodies, and attachment file names. Payload is that there are files overwritten and hidden copies of the worm are created.

W32.Yarner.A aka Yarner: a mass-mailing worm written in the Delphi language. Sends itself to emails addresses from Microsoft Outlook address book and local files. Will send messages in German with subject 'Trojaner-Info Newsletter'.
Attachment name: yawsetup.exe

W32.MyParty aka MyParty: a mass-mailing email worm. Sends out mails using it's own SMTP
server found in Windows addressbook and '.DBX' files (MS Outlook (Express)).
Attachment name: www.myparty.yahoo.com