• W32.Blaster.Worm.E aka Lovsan.E:variant of W32.Blaster.Worm. Characteristic is the existence of file mslaugh.exe which it will try to download and run.
  Check out the Latest Worms (MS) page.
  
  Related Microsoft patch[es] and information available at:
  Buffer Overrun In RPC Interface Could Allow Code Execution (823980)

McAfee
Sophos
Symantec

• W32.Blaster.Worm aka Lovsan: HP OpenView has determined that the worm virus recently referred to as "Blaster" or "W32.Blaster.worm", may impact hp OpenView products running on Microsoft Windows, HPUX, Solaris and Linux.

HP Openview

• W32.Dumaru@mm aka Dumaru: another mass-mailing worm. Collects emails addresses, drops an IRC Trojan onto the infected machine and uses its own SMTP engine to email itself.
  
  The email has the following characteristics:
  From: "Microsoft" <security@microsoft.com>
  Subject: Use this patch immediately !
  Message:
  Dear friend , use this Internet Explorer patch now!
  There are dangerous virus in the Internet now!
  More than 500.000 already infected!
  Attachment name: patch.exe
  Check out the Latest Worms (MS) page.

F-Secure
McAfee
Symantec
Trend Micro

• W32.Blaster.Worm.D aka W32.Welchia.Worm - W32/nachi - welchi: functionally similar to W32.Blaster.Worm aka Lovsan. Uses files named DLLHOST.EXE and SVCHOST.EXE which is a tftp server. Both files are also genuine windows system files.
  Check out the Latest Worms (MS) page.
  
  Related Microsoft patch[es] and information available at:
  Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
  
  Unchecked Buffer In Windows Component Could Cause Server Compromise (815021)

F-Secure
McAfee
Symantec
Trend Micro

• W32.Sobig.F aka Sobig.F: a new Sobig member. Sends itself to all the email addresses that it finds in the files with the following extensions:
  .dbx, .eml, .hlp, .htm, .html, .mht, .wab, .txt
  Check out the Latest Worms (MS) page.

F-Secure
McAfee
Symantec
Trend Micro

• W32.Blaster.Worm.C aka Lovsan.C: variant of W32.Blaster.Worm. Characteristic is the existence of file teekids.exe which it will try to download and run.
  Check out the Latest Worms (MS) page.
  
  Related Microsoft patch[es] and information available at:
  Buffer Overrun In RPC Interface Could Allow Code Execution (823980)

F-Secure
McAfee
Symantec
Trend Micro

• W32.Blaster.Worm.B aka Lovsan.B: variant of W32.Blaster.Worm. Characteristic is the existence of file penis32.exe which it will try to download and run.
  Check out the Latest Worms (MS) page.
  
  Related Microsoft patch[es] and information available at:
  Buffer Overrun In RPC Interface Could Allow Code Execution (823980)

F-Secure
McAfee
Symantec
Trend Micro

• W32.Blaster.Worm aka Lovsan: a worm that will exploit the DCOM RPC vulnerability by using TCP port 135. Characteristic is the existence of file Msblast.exe which it will try to download and run.
  Check out the Latest Worms (MS) page.
  
  Related Microsoft patch[es] and information available at:
  Buffer Overrun In RPC Interface Could Allow Code Execution (823980)

F-Secure
McAfee
Symantec
Trend Micro

• Backdoor.IRC.Cirebot aka RPC - Downloader.DM: a Trojan Horse that exploits the Microsoft DCOM RPC vulnerability. Will install Trojan Horse on vulnerable systems. Characteristic is the existence of files: C:\Rpc.exe, C:\Rpctest.exe, or C:\Lolx
  Check out the Latest Trojan Horses page.
  
  Related Microsoft patch[es] and information available at:
  Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
  

F-Secure
McAfee
Symantec
Trend Micro

• W32.Mimail.A aka Mimail: a worm that spreads by email with the ability to capture users information. Uses it's own SMTP engine to send email to addresses found in files without extension[s]:
  COM,WAV,CAB,PDF,RAR,ZIP,TIF,PSD,OCX,VXD,MP3,MPG,AVI,DLL,EXE,GIF,
  JPG,BMP
  Attachment name: message.zip
  Check out the Latest Worms (MS) page.
  
  Related Microsoft patches and information available at:
  Cumulative Patch for Internet Explorer &
  Cumulative Patch for Outlook Express

F-Secure
McAfee
Symantec
Trend Micro