W32.Scold.A aka Scold.A: a mass-mailing worm that uses Microsoft Outlook to send itself to contacts in the Outlook address book.

W32.Mimail.M aka mimail.M: a W32.Mimail.L variant.
Attachment name: wendy.zip or only_for_greg.zip

W32.Mimail.L aka Mimail.L: another W32.Mimail variant. Spreads by email and steals information from infected computers.
Attachment name: wendy.zip

W32.Mimail.J aka Mimail.J:a mass-mailing worm very similar to W32.Mimail.I.
Attachment name: InfoUpdate.exe -or- www.paypal.com.pif

W32.Mimail.I aka Mimail.I - Paylap:a mass-mailing worm which attempts to steal credit card information.
Attachment name: paypal.asp.scr -or- www.paypal.com.scr

W32.Mimail variants [D/E] :variant of W32.Mimail.C@mm.
Attachment name: readnow.zip

W32.Mimail.C aka Mimail.C :variant of W32.Mimail.A@mm that spreads by email and steals information from infected computers.
Attachment name: photos.zip

W32.Sober aka Sober:a mass-mailing worm that Will disguis itself as a security warning for a new worm and a fix from an AV company. Using its own SMTP engine to spread. Attachment will have a .bat, .com, .exe, .pif, or .scr file extension.

W32.Swen.A aka Swen:a mass-mailing worm that tries to disable antivirus/firewall software. Attempt to spread itself through Kaza and IRC and also to send itselfto addresses found in the Microsoft Outlook address book.

W32.Blaster.Worm.F aka Lovsan.F:variant of W32.Blaster.Worm. Characteristic is the existence of file Enbiei.exe which it will try to download and run.

W32.Blaster.Worm.E aka Lovsan.E:variant of W32.Blaster.Worm. Characteristic is the existence of file mslaugh.exe which it will try to download and run.

W32.Blaster.Worm aka Lovsan: HP OpenView has determined that the worm virus recently referred to as "Blaster" or "W32.Blaster.worm", may impact hp OpenView products running on Microsoft Windows, HPUX, Solaris and Linux.

W32.Dumaru@mm aka Dumaru: another mass-mailing worm. Collects emails addresses, drops an IRC Trojan onto the infected machine and uses its own SMTP engine to email itself.
Attachment name: patch.exe

W32.Blaster.Worm.D aka W32.Welchia.Worm - W32/nachi - welchi: functionally similar to W32.Blaster.Worm aka Lovsan. Uses files named DLLHOST.EXE and SVCHOST.EXE which is a tftp server. Both files are also genuine windows system files.

W32.Sobig.F aka Sobig.F: a new Sobig member. Sends itself to all the email addresses that it finds in the files with the following extensions: .dbx, .eml, .hlp, .htm, .html, .mht, .wab, .txt

W32.Blaster.Worm.C aka Lovsan.C: variant of W32.Blaster.Worm. Characteristic is the existence of file teekids.exe which it will try to download and run.

W32.Blaster.Worm.B aka Lovsan.B: variant of W32.Blaster.Worm. Characteristic is the existence of file penis32.exe which it will try to download and run.

W32.Blaster.Worm aka Lovsan: a worm that will exploit the DCOM RPC vulnerability by using TCP port 135. Characteristic is the existence of file Msblast.exe which it will try to download and run.

Backdoor.IRC.Cirebot aka RPC - Downloader.DM: a Trojan Horse that exploits the Microsoft DCOM RPC vulnerability. Will install Trojan Horse on vulnerable systems. Characteristic is the existence of files: C:\Rpc.exe, C:\Rpctest.exe, or C:\Lolx

W32.Mimail.A aka Mimail: a worm that spreads by email with the ability to capture users information. Uses it's own SMTP engine to send email to addresses found in files without extension[s]:
COM,WAV,CAB,PDF,RAR,ZIP,TIF,PSD,OCX,VXD,MP3,MPG,AVI,DLL,EXE,GIF,JPG,BMP
Attachment name: message.zip

W32.MyLife.M aka W32.MyLife.N: latest variant of W32.MyLife family.
Attachment name: Julia_Roberts_F*cking_toilet.Mpeg_.scr or Shakira_1997_part_1_.Mpeg_.scr

W32.Colevo aka W32.Vivael: a mass-mailing worm sends itself to all
the MSN messenger contacts of the user using its own SMTP engine.
Attachment name: hotmailpass.exe

W32.Sobig.E aka Sobig.E: variant of W32.Sobig

W32.Yaha.T aka Yaha.T: new member of the Yaha family.

W32.HLLW.Magold.E aka Magold.E - W32.Auric.E.: sends itself to all the contacts in the Windows Address Book and to email addresses in files whose extension begins with "ht."
Attachment name: Sziszi_video.scr.

W32.Bugbear.B aka Tanatos: variant of W32.Bugbear.A

W32.Sobig.C aka Sobig.C: variant of W32.Sobig.B. Characteristic is the
senders address 'bill@microsoft.com'.

W32.HLLW.Magold aka Magold - W32.Auric: a mass-mailing worm that attempts to spread
over e-mail, P2P networks and IRC chat. Will send itself to all contacts in the Windows Address
Book and in files with the .html, .htm, and .hta extensions. When executed, a fake message box
with the title "Directx" will be displayed.
Attachment name: Maya Gold.scr.

W32.Naco.B aka Naco.B - Anacon.B: a mass-mailing worm containing multiple threats:
[1] Attempts to spread itself through file-sharing networks KaZaA, Limewire, Morpheus, Grokster, Bearshare, and Edonkey2000 and through email.
[2] Contains Backdoor functionality and tries to replace HTML files on the Microsoft IIS server.
[3] Will try to perform a DOS [Denial of Service] attack against a predefined list of sites.
[4] Attemps to delete files and format hard disk[s].
Attachment name: WARS.EXE

W32.Sobig.B aka Sobig.B - Palyh: sends itself to email addresses found in files with extension: .wab, .dbx, .htm, .html, .eml, .txt
Characteristic is file: msccn32.exe

W32.HLLW.Lovgate.K aka Lovgate: minor variant of W32.HLLW.Lovgate.

W32.HLLW.Lovgate.J aka Lovgate: minor variant of W32.HLLW.Lovgate.

W32.HLLW.Fizzer aka Fizzer: a mass-mailing worm that sends itself to all contacts in the Windows Address Book. Contains a backdoor that uses mIRC to communicate with an attacker, a keylogger and attempts to spread through the KaZaA network.

W32.HLLW.Cult.B aka W32/Lanet: a mass-mailing worm that uses its own SMTP engine to
spread itself. Attempts to spread using the KaZaA file-sharing network.
Attachment: BlueMountaineCard.pif

W32.HLLW.Lovgate.G aka Lovgate: minor variant of W32.HLLW.Lovgate.C. Same backdoor
and worm capabilities. Doen't function correct under WIN9X/ME.

W32.Ganda aka Ganda: uses it's own SMTP engine to send e-mails to addresses collected from Windows Address Book. Included with the messages is an SCR (screen saver) attachment.

W32.Lirva.A aka Avril: a mass-mailing worm that also spreads by IRC, ICQ, KaZaA, and open network shares. Tries to terminate antivirus and firewall products. It also emails the cached Windows 95/98/Me dial-up networking passwords to the virus writer.