W32.Mytob.MX aka Mytob.do: Uses its own
SMTP engine. Spreads by sending itself as email
attachment to addresses collected on the infected
computer. Tries to disable security related applications.
W32.Sober.X[Y] aka Sober.AG:uses its own
SMTP engine. Spreads by sending itself as email
attachment to addresses collected on the infected
computer. Tries to lower securityu settings. Email
subject varies and will be in English or German.
W32.Sober Family - New variants Sober.S/T/V:
all use their own SMTP engine. Spreads by sending
itself as email attachment to addresses collected
on the infected computer. Email subject varies and
will be in English or German.
W32.Sober.Q[R/S] aka Sober.AC:uses its own
SMTP engine. Spreads by sending itself as email
attachment to addresses collected on the infected
computer. Email subject varies and will be in English
or German.
W32.Esbot.A aka W32/IRCbot: a worm that
spreads by exploiting the Microsoft Windows Plug
and Play Service Vulnerability.
W32.Zotob family: new variants W32.Zotob.D/E.
Contains backdoor functionallities.
W32.Zotob family: a worm that spreads by
exploiting the Microsoft Windows Plug and Play Service
Vulnerability. Computers running Windows 95/98/Me/
NT4 cannot be infected, but can still be used to
infect vulnerable computers that they can connect
to.
W32.Mytob family: multiple variants. Uses
its own SMTP engine. Spreads by sending itself as
email attachment to addresses collected on the infected
computer.
W32.Lanieca.A aka Eyeveg: uses its own SMTP
engine. Spreads by sending itself as email attachment
to addresses collected on the infected computer.
W32.Mydoom.BO aka Mytob: uses its own SMTP
engine. Spreads by sending itself as email attachment
to addresses collected on the infected computer.
Contains a backdoor that listens on TCP port 6677.
W32.Sober.O[P/S] aka Sober.O[P/S] :uses
its own SMTP engine. Spreads by sending itself as
email attachment to addresses collected on the infected
computer. Email subject varies and will be in English
or German.
W32.Sober.N[O] aka Sober.N[O]:uses its own
SMTP engine. Spreads by sending itself as email
attachment to addresses collected on the infected
computer. Email subject varies and will be in English
or German.
W32.Sober.L[M] aka Sober.L[M]:uses its own
SMTP engine. Spreads by sending itself as email
attachment to addresses collected on the infected
computer. Email subject varies and will be in English
or German.
The email has the following characteristics:
Subject: "Ich habe Ihre E-Mail bekommen!".
or
Subject: "Your Password & Account number".
Attachment name: *.zip
W32.Sober.K[L] aka Sober.K[L]:uses its own
SMTP engine. Spreads by sending itself as email
attachment to addresses collected on the infected
computer. Email subject varies and will be in English
or German.
W32.Mydoom.AZ[BC] aka Mydoom.AZ[BC]: new
variants of W32.Mydoom. Use it's own SMTP engine
to send itself to all the email addresses it finds
in Windows Address Book.
W32.Mydoom.AX[BB] aka Mydoom.AX[BB]: new
variants of W32.Mydoom. Use it's own SMTP engine
to send itself to all the email addresses it finds
in Windows Address Book.
W32.Bropia.F[J] aka Bropia.F[J]: uses MSN
messenger for spreading and drops a variant of Spybot
- Agobot on the infected system.
W32.Beagle.AY[AZ] aka Bagle.AY[AZ]: a mass-mailing
worm that also spreads through file-sharing networks
and contains a backdoor that listens on TCP port
81.
W32.Zar.A aka Zar.A:Uses uses MAPI to send
an email to all addresses it finds in Microsoft
Outlook Address Book.
The email has the following characteristics:
Subject: "Tsunami Donation! Please help".
Attachment name: tsunami.exe
DOWNLOAD: 
