|
Last update
05.03.05
A A A |
Category 5: Very Severe |
Highly dangerous threat type, very difficult to contain. All machines should download the latest virus definitions immediately and execute a scan. Email servers may need to come down. |
Category 4: Severe |
Dangerous threat type, difficult to contain. The latest virus definitions should be downloaded immediately and deployed. |
Category 3: Moderate |
Threat type characterized either as highly wild (but reasonably harmless and containable) or potentially dangerous (and uncontainable) if released into the wild. |
Category 2: Low |
Threat type characterized either as low or moderate wild threat (but reasonably harmless and containable) or non-wild threat characterized by an unusual damage or spread routine, or perhaps by some feature of the virus that makes headlines in the news. (These viruses are not tracked on this page.) |
Category 1: Very Low |
Poses little threat to users. Rarely even makes headlines. No reports in the wild. (These viruses are not tracked on this page.) |
| |
|
Threat Level |
3 |
Also known as |
Win32.Sober.N [Computer Associates], Sober.P [F-Secure], W32/Sober.p@MM [McAfee], W32/Sober-N [Sophos], WORM_SOBER.S [Trend Micro] |
Date reported |
5/2/05 |
What is it |
W32.Sober.O@mm is a mass-mailing worm that sends itself as an email attachment to addresses gathered from the compromised computer. It uses its own SMTP engine to spread. The email may be in either English or German |
Affected Systems |
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP |
Unaffected Systems |
DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX |
Prevention |
Never open attachments unless expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. |
What to do |
Download this tool, developed by Symantec, to purge your system of the worm. |
More information |
Symantec |
| |
|
Threat Level |
3 |
Also known as |
Win32.Mydoom.AU [Computer Associates], Email-Worm.Win32.Mydoom.am [Kaspersky Lab], W32/Mydoom.bb@MM [McAfee], W32/MyDoom-O [Sophos], WORM_MYDOOM.BB [Trend Micro] |
Date reported |
2/16/05 |
What is it |
W32.Mydoom.AX@mm is a mass-mailing worm that uses it own SMTP engine to send email to addresses that it retrieves from the Windows Address Book on the infected computer. |
Affected Systems |
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP |
Unaffected Systems |
DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX |
Prevention |
Never open attachments unless expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. |
What to do |
Download this tool, developed by Symantec, to purge your system of the worm. |
More information |
Symantec |
| |
|
 |
 |
|
|
|
| |
 W32.Beagle.AZ@mm |
|
|
|
|
|
|
|
|
|
|
|
| |
Threat Level |
|
3 |
|
|
|
|
|
|
| |
Also known as |
|
Win32.Bagle.AU [Computer Associates], Email-Worm.Win32.Bagle.ay [Kaspersky Lab], W32/Bagle.bk@MM [McAfee], WORM_BAGLE.AZ [Trend Micro] |
|
|
|
|
|
|
| |
Date reported |
|
1/27/05 |
|
|
|
|
|
|
| |
What is it |
|
W32.Beagle.AZ@mm is a mass-mailing worm that also spreads through file-sharing networks. The email will have a variable subject and attachment name. The attachment will have a .com, .cpl, .exe, or .scr file extension. |
|
|
|
|
|
|
| |
Affected Systems |
|
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP |
|
|
|
|
|
|
| |
Unaffected Systems |
|
DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX |
|
|
|
|
|
|
| |
Prevention |
|
Never open attachments unless expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. |
|
|
|
|
|
|
| |
What to do |
|
Download this tool, developed by Symantec, to purge your system of the worm. |
|
|
|
|
|
|
| |
More information |
|
Symantec |
|
| |
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
| |
W32.Erkez.D@mm |
|
|
|
|
|
|
|
|
|
|
|
| |
Threat Level |
|
3 |
|
|
|
|
|
|
| |
Also known as |
|
Win32.Zafi.D [Computer Associates], Zafi.D [F-Secure], W32/Zafi.d@MM [McAfee], W32/Zafi.D.worm [Panda], W32/Zafi-D [Sophos], WORM_ZAFI.D [Trend Micro] |
|
|
|
|
|
|
| |
Date reported |
|
12/15/04 |
|
|
|
|
|
|
| |
What is it |
|
W32.Erkez.D@mm is a mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. |
|
|
|
|
|
|
| |
Affected Systems |
|
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP |
|
|
|
|
|
|
| |
Unaffected Systems |
|
DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX |
|
|
|
|
|
|
| |
Prevention |
|
Never open attachments unless expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. |
|
|
|
|
|
|
| |
What to do |
|
Download this tool, developed by Symantec, to purge your system of the worm. |
|
|
|
|
|
|
| |
More information |
|
Symantec |
|
| |
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
| |
W32.Sober.I@mm |
|
|
|
|
|
|
|
|
|
|
|
| |
Threat Level |
|
3 |
|
|
|
|
|
|
| |
Also known as |
|
Win32.Sober.I [Computer Associates], Sober.I [F-Secure], I-Worm.Sober.i [Kaspersky], W32/Sober.j@MM [McAfee], W32/Sober.I@mm [Norman], W32/Sober.I.worm [Panda], W32/Sober-I [Sophos], WORM_SOBER.I [Trend] |
|
|
|
|
|
|
| |
Date reported |
|
11/19/04 |
|
|
|
|
|
|
| |
What is it |
|
W32.Sober.I@mm is a mass-mailing worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the infected computer. The subject of the email varies and will be in either English or German. The email sender address is spoofed. The name of the email attachment varies, and it will have a .bat, .com, .pif, .scr, or .zip file extension. The attachment may also have a double extension. This threat is written in the Microsoft Visual Basic programming language and is compressed with UPX. |
|
|
|
|
|
|
| |
Affected Systems |
|
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP |
|
|
|
|
|
|
| |
Unaffected Systems |
|
DOS, Linux, Macintosh, Novell Netware, OS/2, UNIX |
|
|
|
|
|
|
| |
Prevention |
|
Never open attachments unless expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched. |
|
|
|
|
|
|
| |
What to do |
|
Download this tool, developed by Symantec, to purge your system of the worm. |
|
|
|
|
|
|
| |
More information |
|
Symantec |
|
| |
|
|
|
|
| |
|
|
|
|
|
|
|
|
