W32.Atak.F[H/I] aka W32.Atak:a mass-mailing worm that send itself to email addresses it finds on the infected computer.

The email has the following characteristics:
Subject: "Merry X-Mas!" or "Happy New Year!".
Attachment name: <Random>.zip

W32.Zafi.D aka W32.Erkez.D:Uses its own SMTP engine to send itself to email addresses it finds on the infected computer. Also tries to lower security settings, terminate processes and drops a back door.

W32.Sober.I[J] aka Sober.I[J]:uses its own SMTP engine. Spreads by sending itself as email attachment to addresses collected on the infected computer. Email subject varies and will be in English or German. Attachment will have a .bat, .com, .pif, .scr, or .zip file extension. Most of the times even a double extension.

W32.Mydoom.AH/AI aka Mydoom.AH/AI: new variants of W32.Mydoom. Use their own SMTP engine to send itself to all the email addresses that it finds. Exploits the Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability.

W32.Beagle.AT[AV/AU] aka Bagle.AT[AV/AU]: attempts to spread using email and file sharing networks. Tries to download a backdoor to an infected computer. Backdoor uses TCP port 81.

W32.Mydoom.AG aka Mydoom.AG: uses its own SMTP engine to send itself to the email addresses that it finds on the infected computer. Also spreads through popular peer-to-peer networks. Attachment extension is .bat, .cmd, .com, .exe, .pif, .scr, or .zip.

W32.Buchon.A aka Buchon:Uses its own SMTP engine to send itself to email addresses it finds on all drives. Simularities with W32.Netsky.

W32.Mydoom.AE[AF] aka Mydoom.AE[AF]: uses its own SMTP engine to send itself to all the email addresses that it finds. Drops and executes a backdoor.

W32.Netsky.AD[AE/AF] aka NetSky.AD[AE/AF]:new variants of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all drives.

W32.Beagle.AR[AS/AZ] aka Bagle.AS[AR/AZ]: attempts to spread using email. Email attachment tries to download a backdoor to an infected computer. Backdoor uses TCP port 81 and UDP port 81.

W32.Blakmal.C aka Nyxem.D - MyWife.C:a mass-mailing worm. Uses its own SMTP engine to send itself to contacts in MSN Messenger, Yahoo Pager, and addresses found in files with .htm or .dbx extensions. Uses Windows Media Player to mask itself. Tries to delete security software and system files.

W32.Mydoom.T[R] aka Mydoom.T[R]: uses its own SMTP engine to send itself to all the email addresses that it finds. Attachment extension is .bat, .cmd, .com, .exe, .pif, .scr, or .zip. Possible second extension is .doc, .txt, .htm, or .html. Drops and executes a backdoor, that listens on TCP port 5422.

W32.Mydoom.S aka Mydoom.S: a mass-mailing worm that downloads an executable file. Uses its own SMTP engine to send itself to the email addresses that it finds.

W32.Beagle.AO[AL/AQ] aka Bagle.AO[AL/AQ]: attempts to spread using email. Opens a backdoor on an infected computer [UDP and TCP port 2480].

W32.Mydoom.Q aka W32.Evaman.C:uses its own SMTP engine to send itself to the email addresses that it finds on an infected machine. Also tries to obtain email addresses from website 'email.people.yahoo.com'.

W32.Mydoom.M[O] aka Mydoom.M[O]: uses its own SMTP engine to send itself to all the email addresses that it finds. Attachment extension is .bat, .cmd, .com, .exe, .pif, .scr, or .zip. Possible second extension is .doc, .txt, .htm, or .html. Drops and executes a backdoor, that listens on TCP port 1034.

W32.Beagle.AG[AH/AI] aka Bagle.AG[AH/AI]: attempts to spread using email. Opens a backdoor on an infected computer [TCP 1080]. Tries to delete security software processes and settings in the registry.

W32.Beagle.AB[AF] aka Bagle.AB[AF]: attempts to spread using email. Opens a backdoor on an infected computer [TCP 1080]. Tries to delete security software processes and settings in the registry.

W32.Korgo.F aka Korgo.F - Padobot: uses a buffer overrun in the Local Security Authority Subsystem Service (LSASS).

W32.Bobax.A aka Bobax:spreads the same way as W32.Sasser. Uses a buffer overrun in the Local Security Authority Subsystem Service (LSASS). Targets only WIN XP operating system.

W32.Sober.G aka Sober .G:new variant of W32.Sober aka Sober. Uses its own SMTP engine to spread itself. Email sender address is spoofed, the subject varies, and it will be in either English or German.

W32.Sasser.C/D aka Sasser.C/D:new variants of W32.Sasser.A aka Sasser.

W32.Sasser.B aka Sasser.B:minor variant of W32.Sasser.A aka Sasser.

W32.Sasser.A aka Sasser:spreads caused by a buffer overrun in the Local Security Authority Subsystem Service (LSASS) vulnerability.

W32.Misodene aka W32.Misodene.A:a mass-mailing worm that sends itself to email addresses found on an infected machine. Uses its own SMTP engine to propogate.

The email has the following characteristics:
Subject: Qui sabe el Pentagono sobre usted
Translated: (What the Pentagon knows about you)
Attachment name: <Random>.xls

W32.Netsky.AA/AB aka NetSky.AA/AB:new variants of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all drives.

W32.Beagle.W [X/Y/Z] aka Bagle.W [X/Y/Z]: attempts to spread using email and file-sharing networks. Opens a backdoor on an infected computer.

W32.Netsky.X/Y aka NetSky.X/Y:new variants of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all drives.

W32.Netsky.V aka NetSky.V:variant of mass-mailing worm W32.Netsky aka NetSky. Spreads as HTML email using known exploit vulnerability in Microsoft Internet Explorer.

W32.Netsky.U aka NetSky.U:minor variant of mass-mailing worm W32.Netsky.S aka NetSky.S.

W32.Netsky.T aka NetSky.T:variant of mass-mailing worm W32.Netsky.S aka NetSky.S. Contains backdoor functionality [port 6789] and may perform DoS attack against specified Web sites.

W32.Netsky.S aka NetSky.S:new variant of mass-mailing worm W32.Netsky aka NetSky. Contains backdoor functionality and may perform DoS attack against specified Web sites.

W32.Sober.F aka Sober.F:spreads by using its own SMTP engine. Sends itself as an email attachment and tries to download and execute a file from a remote Web site.

W32.Beagle.V aka Bagle.V:new variant of W32.Beagle aka Bagle. Simular to variant W32.Beagle.U. Opens a backdoor on TCP port 4751.

W32.Netsky.Q aka NetSky.Q:new variant of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all drives.

W32.Beagle.U aka Bagle.U:new variant of W32.Beagle aka Bagle. Sends itself as a blank email and randomly named attachment. Opens a backdoor on TCP port 4751

W32.Blakmal aka Nyxem - MyWife:a mass-mailing worm. Uses its own SMTP engine to send itself to contacts in MSN Messenger, Yahoo Pager, and addresses found in files with .htm or .dbx extensions. Uses Windows Media Player to mask itself. Tries to delete security software and system files

W32.Netsky.P aka NetSky.P:new variant of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives. New features: can spread in e-mail, local and p2p networks and to ftp and http server folders.

W32.Beagle.Q/R/S/T aka Bagle.Q/R/S/T:a bataljon new variants of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives.

W32.Netsky.N aka NetSky.N:new variant of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives.

W32.Beagle.P aka Bagle.P:a variant of mass-mailing worm W32.Beagle.N aka Bagle.N. Very simular, only differs in size. Contains the same security risks.

W32.Beagle.N aka Bagle.N:a variant of mass-mailing worm W32.Beagle aka Bagle. Opens a backdoor on TCP port 2556. Attempts to spread through file-sharing networks by copying itself to folders that contain "shar" in their names. Also infects files with the EXE extension.

W32.Sober.D aka Sober.D:a mass-mailing worm spreads by using its own SMTP engine as an email attachment.

W32.Netsky.K aka NetSky.K:new variant of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives.

W32.Netsky.I/J aka NetSky.I/J:new variant of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives.

W32.Netsky.G aka NetSky.G:new variant of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives.

W32.Mydoom.H aka Mydoom.H:a mass-mailing worm that opens a backdoor on TCP ports 80 and 1080. Will try to perform a DDOS attack to www.symantec.com.

W32.Netsky.F aka NetSky.F:new variant of mass-mailing worm W32.Netsky aka NetSky. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives. Tries to disable W32.Beagle aka Bagle instances.

W32.Beagle.J/K aka Bagle.J/K:new variants of W32.Beagle aka Bagle

W32.Netsky.E aka NetSky.E:new variant of mass-mailing worm W32.Netsky.C aka NetSky.C. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives. Copies itself to shared folders of all available drives.

W32.Beagle.F/H/I aka Bagle.F/H/I:new variants of W32.Beagle aka Bagle.

W32.Netsky.D aka NetSky.D:variant of mass-mailing worm W32.Netsky.C aka NetSky.C. Uses its own SMTP engine to send itself to email addresses it finds on all hard and mapped drives. Copies itself to shared folders of all available drives