Worm Library

W32.Esbot.D is a worm that exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) and opens a back door that allows a remote attacker access to the compromised computer.

W32.Kelvir.II is a worm that spreads through MSN Messenger and downloads a copy of another threat, which is a Backdoor.Sdbot variant.

VBS.Inker.B@mm is a mass-mailing worm that changes icons, swaps mouse buttons, and lowers computer secuirty settings.

PWSteal.Wayi is a Trojan horse that attempts to steal passwords for the Rexue Jianghu online game offered by wayi.com.tw. The Trojan sends the stolen information to a predetermined email address.

W32.Starimp is a worm that spreads through peer to peer networks, steals password details, and can download and execute remote files.

W32.Spybot.WON is a worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

W32.Spybot.WOE is a worm with back door capabilities that can be used to launch a distributed denial of service attack. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

W32.Mailbancos@mm is a worm that downloads and executes a copy of PWSteal.Bancos and sends emails to addresses gathered from the compromised computer.

W32.Mytob.JH@mm is a mass-mailing worm the opens a back door and lowers security settings on the compromised computer.

W32.Bobax.AH@mm is a mass-mailing worm that attempts to use the compromised computer as a covert proxy. The worm spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039) and by sending a copy of itself to email addresses gathered.

W32.Reatle.D@mm is a mass-mailing worm that opens a back door and attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011).

Also Known As: W32/Lebreat-D [Sophos], WORM_REATLE.D [Trend Micro]

W32.Falsu.A is a worm that spreads through file sharing networks and mIRC.

W32.Bratle.A is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011). It also opens a FTP server on the compromised computer.

W32.Incef is a worm that spreads through file sharing networks and mIRC.

W32.Netsky.AL@mm is a mass-mailing worm that sends itself to email addresses it gathers from the compromised computer. The worm also ends some security-related processes.

Also Known As: Trojan-Proxy.Win32.Daemonize.aw [Kaspersky Lab], W32/Mydoom.bs@MM [McAfee], W32/Tame-A [Sophos], PE_FINALDO.B [Trend Micro]

W32.Alcra.C is a worm that spreads through file-share networks and attempts to disable several programs on the compromised computer.

Also Known As: Worm.Win32.VB.an [Kaspersky Lab], Generic VB.b [McAfee], WORM_VB.AQ [Trend Micro]

W32.Bobax.AA is a mass-mailing worm that sends itself to addresses gathered from the compromised computer and from search results on www.google.com and www.accoona.com. It also operates as a covert proxy.

Also Known As: Backdoor.Win32.Surila.t [Kaspersky Lab], W32/Mydoom.gen@MM [McAfee], W32/MyDoom-Gen [Sophos], WORM_MYDOOM.BG [Trend Micro]

W32.Opanki.C is an IRC threat that may spread through AOL Instant Messenger.

W32.Kelvir.DY is a worm that spreads through MSN Messenger and downloads a variant of W32.Randex.

Also Known As: W32.Kelvir!gen, Win32.Kelvir.AK [Computer Associates], IM-Worm.Win32.Kelvir.ca [Kaspersky Lab], W32/Kelvir.worm.df [McAfee]

W32.Mytob.GP@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: Win32.Mytob.GS [Computer Associates], Net-Worm.Win32.Mytob.bs [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-CR [Sophos], WORM_MYTOB.GB [Trend Micro]

W32.Toxbot.C is a worm that opens an IRC back door on the compromised computer and spreads by exploiting vulnerabilities.

Also Known As: Win32.Toxbot.AH [Computer Associates], Backdoor.Win32.Codbot.ag [Kaspersky Lab], W32/Sdbot.worm.gen.w [McAfee], WORM_SDBOT.BLH [Trend Micro]

W32.Spybot.RDW is a worm that has distributed denial of service and back door capabilities. The worm spreads to network shares protected by weak passwords and by exploiting computer vulnerabilities.

W32.Mydoom.CF@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

W32.Kelvir.DT is a worm that spreads through MSN Messenger and drops a W32.Randex variant.

Also Known As: IM-Worm.Win32.Prex.h [Kaspersky Lab], W32/Kelvir-AL [Sophos]

W32.Mytob.GJ@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: Win32.Mytob.GP [Computer Associates], WORM_MYTOB.BC [Trend Micro]

W32.Meetot is a worm that copies itself to mapped drives.

W32.Kalel.B@mm is a mass-mailing worm that uses its own SMTP engine to spread. It also attempts to spread through various peer-to-peer file-sharing networks. It typically arrives as an email attachment named mailbox_details.zip.

W32.Opanki.B is an IRC threat that may spread through AOL Instant Messenger.

Also Known As: IRC Trojan, IM-Worm.Win32.Opanki.d [Kaspersky Lab], W32/Opanki.worm.gen [McAfee]

W32.Kelvir.DD is a worm that spreads through MSN Messenger.

Also Known As: IM-Worm.Win32.Harwig.a [Kaspersky Lab], W32/Harwig.worm.gen [McAfee], Troj/Harwig-A [Sophos], WORM_HARWIG.B [Trend Micro]

W32.Mytob.ER@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: Win32.Mytob.FV [Computer Associates], WORM_MYTOB.FM [Trend Micro]