Worm Library

W32.Esbot.D is a worm that exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039) and opens a back door that allows a remote attacker access to the compromised computer.

W32.Kelvir.II is a worm that spreads through MSN Messenger and downloads a copy of another threat, which is a Backdoor.Sdbot variant.

VBS.Inker.B@mm is a mass-mailing worm that changes icons, swaps mouse buttons, and lowers computer secuirty settings.

PWSteal.Wayi is a Trojan horse that attempts to steal passwords for the Rexue Jianghu online game offered by wayi.com.tw. The Trojan sends the stolen information to a predetermined email address.

W32.Starimp is a worm that spreads through peer to peer networks, steals password details, and can download and execute remote files.

W32.Spybot.WON is a worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

W32.Spybot.WOE is a worm with back door capabilities that can be used to launch a distributed denial of service attack. The worm spreads by exploiting numerous vulnerabilities, including the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039).

W32.Mailbancos@mm is a worm that downloads and executes a copy of PWSteal.Bancos and sends emails to addresses gathered from the compromised computer.

W32.Mytob.JH@mm is a mass-mailing worm the opens a back door and lowers security settings on the compromised computer.

W32.Bobax.AH@mm is a mass-mailing worm that attempts to use the compromised computer as a covert proxy. The worm spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039) and by sending a copy of itself to email addresses gathered.

W32.Reatle.D@mm is a mass-mailing worm that opens a back door and attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011).

Also Known As: W32/Lebreat-D [Sophos], WORM_REATLE.D [Trend Micro]

W32.Falsu.A is a worm that spreads through file sharing networks and mIRC.

W32.Bratle.A is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011). It also opens a FTP server on the compromised computer.

W32.Incef is a worm that spreads through file sharing networks and mIRC.

W32.Netsky.AL@mm is a mass-mailing worm that sends itself to email addresses it gathers from the compromised computer. The worm also ends some security-related processes.

Also Known As: Trojan-Proxy.Win32.Daemonize.aw [Kaspersky Lab], W32/Mydoom.bs@MM [McAfee], W32/Tame-A [Sophos], PE_FINALDO.B [Trend Micro]

W32.Alcra.C is a worm that spreads through file-share networks and attempts to disable several programs on the compromised computer.

Also Known As: Worm.Win32.VB.an [Kaspersky Lab], Generic VB.b [McAfee], WORM_VB.AQ [Trend Micro]

W32.Bobax.AA is a mass-mailing worm that sends itself to addresses gathered from the compromised computer and from search results on www.google.com and www.accoona.com. It also operates as a covert proxy.

Also Known As: Backdoor.Win32.Surila.t [Kaspersky Lab], W32/Mydoom.gen@MM [McAfee], W32/MyDoom-Gen [Sophos], WORM_MYDOOM.BG [Trend Micro]

W32.Opanki.C is an IRC threat that may spread through AOL Instant Messenger.

W32.Kelvir.DY is a worm that spreads through MSN Messenger and downloads a variant of W32.Randex.

Also Known As: W32.Kelvir!gen, Win32.Kelvir.AK [Computer Associates], IM-Worm.Win32.Kelvir.ca [Kaspersky Lab], W32/Kelvir.worm.df [McAfee]

W32.Mytob.GP@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: Win32.Mytob.GS [Computer Associates], Net-Worm.Win32.Mytob.bs [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-CR [Sophos], WORM_MYTOB.GB [Trend Micro]

W32.Toxbot.C is a worm that opens an IRC back door on the compromised computer and spreads by exploiting vulnerabilities.

Also Known As: Win32.Toxbot.AH [Computer Associates], Backdoor.Win32.Codbot.ag [Kaspersky Lab], W32/Sdbot.worm.gen.w [McAfee], WORM_SDBOT.BLH [Trend Micro]

W32.Spybot.RDW is a worm that has distributed denial of service and back door capabilities. The worm spreads to network shares protected by weak passwords and by exploiting computer vulnerabilities.

W32.Mydoom.CF@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

W32.Kelvir.DT is a worm that spreads through MSN Messenger and drops a W32.Randex variant.

Also Known As: IM-Worm.Win32.Prex.h [Kaspersky Lab], W32/Kelvir-AL [Sophos]

W32.Mytob.GJ@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: Win32.Mytob.GP [Computer Associates], WORM_MYTOB.BC [Trend Micro]

W32.Meetot is a worm that copies itself to mapped drives.

W32.Kalel.B@mm is a mass-mailing worm that uses its own SMTP engine to spread. It also attempts to spread through various peer-to-peer file-sharing networks. It typically arrives as an email attachment named mailbox_details.zip.

W32.Opanki.B is an IRC threat that may spread through AOL Instant Messenger.

Also Known As: IRC Trojan, IM-Worm.Win32.Opanki.d [Kaspersky Lab], W32/Opanki.worm.gen [McAfee]

W32.Kelvir.DD is a worm that spreads through MSN Messenger.

Also Known As: IM-Worm.Win32.Harwig.a [Kaspersky Lab], W32/Harwig.worm.gen [McAfee], Troj/Harwig-A [Sophos], WORM_HARWIG.B [Trend Micro]

W32.Mytob.ER@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: Win32.Mytob.FV [Computer Associates], WORM_MYTOB.FM [Trend Micro]

W32.Mytob.EQ@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: Net-Worm.Win32.Mytob.bi [Kaspersky Lab], W32/Mytob-BL [Sophos], WORM_MYTOB.FI [Trend Micro]

W32.Mytob.EP@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: W32/Mytob-FD [Sophos], WORM_MYTOB.FD [Trend Micro]

W32.Kelvir.DE is a worm that spreads a detection for a family of worms that spreads through MSN Messenger.

W32.Mytob.EO@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.

Also Known As: Win32.Mytob.FK [Computer Associates], W32/Mydoom.gen@MM [McAfee], W32/Mytob-BJ [Sophos], WORM_MYTOB.FP [Trend Micro]

W32.Mytob.DV@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

W32.Mytob.DP@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

W32.Mytob.DO@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

W32.Mytob.DL@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

W32.Mytob.DJ@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

W32.Spybot.PKC is a network-aware worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities.

W32.Mytob.DD@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through the network by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.t [Kaspersky Lab]

W32.Mytob.DF@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

Also Known As: Net-Worm.Win32.Mytob.be [Kaspersky Lab], W32/Mytob-BE [Sophos], WORM_MYTOB.CM [Trend Micro]

W32.Mytob.DC@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send email to addresses that it gathers from the compromised computer. The worm also spreads by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

W32.Bobax.Z@mm is a mass-mailing worm that lowers security settings and allows a compromised computer to be used as a covert proxy. The worm also sends an email to addresses gathered from the compromised computer.

The worm propagates by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011).

Note: W32.Bobax.Z@mm is a minor variant of W32.Bobax.N.

W32.Appflet.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all email addresses that it finds on the compromised computer.

W32.Mytob.DA@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

Also Known As: Win32.Mytob.DT [Computer Associates], Net-Worm.Win32.Mytob.bd [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-P [Sophos], WORM_MYTOB.BY [Trend Micro]

W32.Mytob.DB@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

Also Known As: Net-Worm.Win32.Mytob.bd [Kaspersky Lab], W32/Mytob.bo@MM [McAfee], W32/Mytob-M [Sophos], WORM_MYTOB.CE [Trend Micro]

W32.Mytob.CZ@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

Also Known As: Net-Worm.Win32.Mytob.bd [Kaspersky Lab], W32/Mytob-CU [Sophos]

W32.Mytob.CY@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

Also Known As: Net-Worm.Win32.Mytob.bd [Kaspersky Lab], W32/Mytob.bl@MM [McAfee], W32/Mytob-CZ [Sophos], WORM_MYTOB.BO [Trend Micro]

W32.Kassbot.B is a network-aware worm that propagates by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

W32.Pinkton.A is a worm component that spreads through America Online Instant Messenger (AIM).

W32.Mytob.CU@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

Also Known As: Win32.Mytob.{DM, DO} [Computer Associates], Net-Worm.Win32.Mytob.{bb-bd} [Kaspersky Lab], W32/Mytob.{bh-bk}@MM [McAfee], W32/Mytob-{M, CP} [Sophos], WORM_MYTOB.AR [Trend Micro]

W32.Mydoom.BU@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer and that has back door capabilities.
Also Known As: W32/Mytob.be@MM [McAfee], W32/Mytob-L [Sophos], WORM_MYTOB.FC [Trend Micro]

W32.Qdens.A is a worm that spreads through QQ Messenger and downloads a copy of Backdoor.Powerspider.

Also Known As: Trojan.Win32.VB.xb [Kaspersky Lab], W32/Qeds [McAfee]

W32.Kalel.A@mm is a mass-mailing worm that uses its own SMTP engine to spread. It also attempts to spread through various file-sharing networks.

W32.Mytob.CQ@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.x [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-AM [Sophos], WORM_MYTOB.EX [Trend Micro]

W32.Gabloliz.A is a worm with back door capabilities that spreads through AOL Instant Messenger and Kazaa file-sharing networks.

W32.Lanieca.B@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all e-mail addresses it retrieves from various locations on a compromised computer.

Also Known As: Worm.Win32.Eyeveg.g [Kaspersky Lab], W32/Eyeveg.worm.k [McAfee], W32/Bugbear-B [Sophos], WORM_WURMARK.J [Trend Micro]

W32.Picrate.C@mm is a mass-mailing worm that sends copies of itself to instant messenger contacts and drops a variant of the W32.Randex family of worms.

Also Known As: Email-Worm.Win32.Wurmark.l [Kaspersky Lab], W32/Mugly.m@MM [McAfee]

W32.Elitper.F@mm is a worm that attempts to spreads using MS Outlook and file-sharing networks. It also terminates processes, deletes files, and lowers Windows security settings.

Also Known As: Email-Worm.Win32.Micsur.c [Kaspersky Lab]

W32.Mytob.CP@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.x [Kaspersky Lab], W32/Mytob-AN [Sophos]

W32.Linkbot.M is a worm that exploits the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011) in order to propagate. It also creates a back door on the system accessible through IRC.

Also Known As: Backdoor.Win32.PoeBot.b [Kaspersky Lab], W32/Poebot.gen [McAfee]

W32.Opanki is an IRC worm that spreads through AOL Instant Messenger.

Also Known As: IM-Worm.Win32.Fliz.a [Kaspersky Lab], W32/Sdbot.worm.gen.n [McAfee], W32/Oscabot-H [Sophos], WORM_OPANKI.N [Trend Micro]

W32.Shelp is a worm that propagates by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Bloodhound.Exploit.8, Exploit-MS04-011.gen [McAfee]

W32.Alcra.A is a worm that spreads through file-sharing networks, such as Kazaa, Ares, eMule, Morpheus, Grokster, Bearshare, Limewire eDonkey2000, Gnucleus, Shareaza, and Rapigator. The worm also drops a W32.Spybot.Worm variant into the compromised computer.

Also Known As: W32.Alcan.A, P2P-Worm.Win32.Alcan.a [Kaspersky Lab], W32/Alcan.worm!p2p [McAfee]

W32.Mytob.CH@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

Also Known As: Net-Worm.Win32.Mytob.au [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-CJ [Sophos], WORM_MYTOB.ER [Trend Micro]

W32.Mytob.CF@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm also opens a back door and spreads through the network by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.t [Kaspersky Lab], WORM_MYTOB.EM [Trend Micro]

W32.Randex.DXP is a network-aware worm that spreads to network shares protected by weak passwords. The worm also opens a back door on the compromised computer and may be remotely controlled via IRC channels.

W32.Lanieca.A@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all e-mail addresses it retrieves from various locations on a compromised computer.

Also known as: Worm.Win32.Eyeveg.f [Kaspersky Lab], W32/Eyeveg.worm.gen [McAfee], W32/Eyeveg-F [Sophos], WORM_WURMARK.J [Trend Micro]

W32.Mediakill.A@mm is a mass mailing worm that sends a copy of itself to the first ten addresses in the Windows Address Book.

W32.Beagle.BQ@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of a Trojan.Tooso variant. The worm also opens a back door on the compromised computer on TCP port 80.

W32.Ifbo.A is a worm that spreads by exploiting he Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011) and disables security services.

AKA: Hacktool.DCOMScan, Net-Worm.Win32.Padobot.z [Kaspersky Lab], Exploit-DcomRpc.gen [McAfee]

W32.Imspread.Worm is a worm component that spreads through America Online Instant Messenger (AIM).

W32.Antiman.F@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all email addresses that it finds on the compromised computer. W32.Antiman.F@mm typically arrives as an email attachment.

W32.Mydoom.BQ@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer and has back door capabilities.

AKA: Net-Worm.Win32.Mytob.au [Kaspersky Lab], W32/Mytob-AU [Sophos], WORM_MYTOB.EG [Trend Micro]

W32.Mydoom.BO@mm is a worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm also opens a back door on TCP port 6677.

Also Known As: Net-Worm.Win32.Mytob.au [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-BC [Sophos], W32/Mytob-CF [Sophos], WORM_MYTOB.EC [Trend Micro], WORM_MYTOB.ED [Trend Micro]

W32.Roty@mm is a mass-mailing worm that attempts to send a copy of itself to email addresses gathered from the Windows Address Book and overwrites the contents of Microsoft Word documents.

VBS.Ypsan.E@mm is a mass-mailing worm that sends itself to all email addresses gathered from the Windows Address Book and attempts to shut down the compromised computer.

W32.Eshared.A@mm is a mass-mailing worm that uses MAPI to send a copy of itself to email addresses gathered from the compromised computer.

Also Known As: Email-Worm.Win32.Semapi.a [Kaspersky Lab], W32/Semapi.worm [McAfee]

W32.Ezio.A@mm is a mass-mailing worm that can spread through file-sharing networks and prevents access to security-related Web sites.

Also Known As: Net-Worm.Win32.Ezio.a [Kaspersky Lab], W32/Ezio-A [Sophos], WORM_EZIO.A [Trend Micro]

W32.Mytob.BZ@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm also opens a back door and spreads through the network by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

VBS.Spiltron@mm is a mass-mailing worm that may also spread through IRC channels. It also disables the Registry Editor and modifies settings in Windows Explorer.

W32.Kelvir.BF is a worm that downloads a file and sends a message to all MSN messenger contacts on the compromised computer.

W32.Mytob.BV@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm also spreads through network shares by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011).

W32.Kedebe.B@mm is a mass-mailing worm that ends processes and prevents access to some Web sites, some of which are security related.

W32.Antiman.E@mm is a mass-mailing worm that uses its own SMTP engine to send itself to all email addresses that it finds on the compromised computer.

W32.Mydoom.BN@mm is a mass-mailing worm that has back door capabilities and that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
Also Known As: W32/Mytob-CA [Sophos]

W32.Mytob.BU@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm also opens a back door and spreads through the network by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.i [Kaspersky Lab], W32/Mytob.gen@MM [McAfee]

W32.Sober.O@mm is a mass-mailing worm that sends itself as an email attachment to addresses gathered from the compromised computer. It uses its own SMTP engine to spread. The email may be in either English or German.

Also Known As: Win32.Sober.N [Computer Associates], Sober.P [F-Secure], Email-Worm.Win32.Sober.p [Kaspersky Lab], W32/Sober.p@MM [McAfee], W32/Sober-N [Sophos], WORM_SOBER.S [Trend Micro]

W32.Mytob.BT@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm also spreads through network shares by exploiting The Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.aq [Kaspersky Lab], W32/Mydoom.gen@MM [McAfee]

W32.Spybot.OGX is a network-aware worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities.

W32.Kelvir.BD is a worm that downloads a remote file and sends a message to all MSN messenger contacts on the compromised computer.

Also Known As: IM-Worm.Win32.Prex.d [Kaspersky Lab]

W32.Banish.A@mm is a mass-mailing worm that also spreads through the network by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011).

Also Known As: W32/Banish-A [Sophos], WORM_BANISH.A [Trend Micro]

W32.Kelvir.BA is a worm that attempts to spread W32.Spybot.OFN to all MSN Messenger contacts on the compromised computer through MSN Messenger.

W32.Mytob.BS@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm also spreads through network shares by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011).

W32.Topion.A is a network-aware worm that copies itself to network shares.

W32.Mytob.BR@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm also spreads through network shares by exploiting The Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011).

W32.Spybot.OFN is a network-aware worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities. W32.Spybot.OFN may be downloaded by W32.Kelvir.AZ.

W32.Kelvir.AZ is a worm that sends a message to all MSN messenger contacts on the compromised computer.

W32.Netsky.AI@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it gathers from certain files on the compromised computer, and copies itself to mapped network drives. The worm also downloads a copy of Backdoor.Nemog.D.

W32.Mydoom.BL@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer.

Also Known As: Email-Worm.Win32.Mydoom.as [Kaspersky Lab], W32/Mydoom.bn@MM [McAfee], W32/MyDoom-BN [Sophos], WORM_MYDOOM.AQ [Trend Micro]

W32.Kelvir.AW is a worm that downloads a file and sends a message to all MSN messenger contacts on the compromised computer.

Note: Virus Definitions dated prior to April 28, 2005 may detect this threat as Trojan.KillAV.

Also Known As: Trojan.KillAV, IM-Worm.Win32.Kelvir.af [Kaspersky Lab], W32/Generic.worm!p2p [McAfee], WORM_KELVIR.AH [Trend Micro]

W32.Nopir.A is a worm that deletes files on the infected computer and attempts to place itself in a shared eMule folder.

Also Known As: P2P-Worm.Win32.VB.cz [Kaspersky Lab], W32/Nopir-B [Sophos], WORM_NOPIR.B [Trend Micro]

W32.Allim.B is a worm that spreads through America Online Instant Messenger (AIM) and drops a variant of Backdoor.Sdbot.

Also Known As: IM-Worm.Win32.Opanki.a [Kaspersky Lab]

W32.Gaobot.DEY is a network-aware worm with back door capabilities that spreads to network shares protected by weak passwords and can be controlled through IRC channels. It also attempts to lower security settings by blocking access to security related Web sites and terminating processes.

Also Known As: Backdoor.Win32.Rbot.gen [Kaspersky Lab], W32/Sdbot.worm.gen.j [McAfee]

W32.Allim!gen is a generic detection for the W32.Allim family of worms. These worms spread through AOL Instant Messenger and drop a variant of Backdoor.Sdbot.

W32.Allim.A is a worm that spreads a variant of the W32.Spybot.Worm through America Online Instant Messenger (AIM).

W32.Kelvir.AP is a worm that sends a message to all MSN messenger contacts on the compromised computer and attempts to download a file.

Also Known As: W32/Kelvir.worm.gen [McAfee]

W32.Antiman.A@mm is a mass-mailing worm that uses its own SMTP engine to send a copy of itself to all email addresses that it finds on the compromised computer.

W32.Kelvir.AO is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

W32.Mytob.BO@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.x [Kaspersky Lab]

W32.Mytob.BN@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads through the network by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.gen [Kaspersky Lab], W32/Mydoom.gen@MM [McAfee]

W32.Mytob.BM@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through network shares protected by weak passwords.

Also Known As: Net-Worm.Win32.Mytob.af [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], WORM_MYTOB.CA [Trend Micro]

W32.Mytob.BL@mm is a mass-mailing worm that exploits the Microsoft Windows Local Security Authority Service Remote Buffer Overflow vulnerability (as described in Microsoft Security Bulletin MS04-011). It also copies itself to network shares with weak passwords.

Also Known As: Net-Worm.Win32.Mytob.gen [Kaspersky Lab]

W32.Kedebe@mm is a mass-mailing worm that ends processes and prevents access to several Web sites, most of which are security-related. It uses its own SMTP engine to send a copy of itself to all email addresses gathered from files with predetermined extensions.

This threat is written in Visual Basic and only works on NT based systems.

W32.Spybot.OBZ is a worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities. The worm may be dropped by W32.Kelvir.AN.

W32.Kelvir.AN is a worm that spreads W32.Spybot.OBZ through MSN Messenger.

Also Known As: IM-Worm.Win32.Kelvir.y [Kaspersky Lab], W32/Generic.worm!p2p [McAfee], WORM_KELVIR.AB [Trend Micro]

W32.Velkbot.A is a worm with back door capabilities that spreads through MSN Messenger, Yahoo Messenger and AOL Instant Messenger.

Also Known As: Backdoor.Win32.SdBot.gen [Kaspersky Lab], W32/Sdbot.worm.gen.j [McAfee]

W32.Kelvir.AL is a worm that spreads a variant of Backdoor.Sdbot through MSN Messenger.

W32.Kelvir.AJ is a worm that spreads a variant of W32.Spybot.Worm through MSN Messenger and by exploiting remote vulnerabilities.

Also Known As: IM-Worm.Win32.Prex.d [Kaspersky Lab], W32/Bropia.worm.ag [McAfee]

W32.Kelvir.AI is a worm that spreads a variant of W32.Spybot.Worm through MSN Messenger and exploits remote vulnerabilities.

Also Known As: W32/Kelvir.worm.gen [McAfee]

W32.Mytob.BJ@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The email has a variable subject and attachment name. The attachment has a .bat, .cmd, .exe, .pif, .scr, or .zip file extension.

Also Known As: Net-Worm.Win32.Mytob.am [Kaspersky Lab], W32/Mytob.gen@MM [McAfee]

W32.Kelvir.AH is a worm that spreads through MSN Messenger and attempts to drop W32.Spybot.OBB.

W32.Spybot.OBB is a worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities.

W32.Spybot.OBB is a worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities.

W32.Ahker.G@mm is a mass-mailing worm that uses MAPI to send a copy of itself to email addresses gathered from the compromised computer. The worm lowers security settings, prevents access to several Web sites, and blocks access to several programs.

W32.Mytob.BH@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

Also Known As: Net-Worm.Win32.Mytob.gen [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], WORM_MYTOB.CH [Trend Micro]

W32.Beagle.BP@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of a Trojan.Tooso variant. The worm also opens a back door on the compromised computer on TCP port 80.

W32.Mytob.BE@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

Also Known As: Net-Worm.Win32.Mytob.gen [Kaspersky Lab], W32/Mytob.gen@MM [McAfee]

W32.Mytob.BC@mm is a mass-mailing worm that has back door capabilities and uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through the network by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.gen [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], WORM_MYTOB.CC [Trend Micro]

W32.Mytob.BD@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer and has back door capabilities.

The worm spreads through the network by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow vulnerability (as described in Microsoft Security Bulletin MS04-011).

Also Known As: Net-Worm.Win32.Mytob.gen [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], WORM_MYTOB.CD [Trend Micro]

W32.Kelvir.AF is a worm that spreads through MSN Messenger and attempts to drop a variant of W32.Spybot.Worm.

W32.Mytob.BB@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer and has back door capabilities.

The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

Also Known As: Net-Worm.Win32.Mytob.t [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], WORM_MYTOB.BW [Trend Micro]

W32.Kelvir.AE is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

W32.Beagle.BO@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of a Trojan.Tooso variant. The worm also opens a back door on TCP port 80.

Also Known As: Email-Worm.Win32.Bagle.bj [Kaspersky Lab], WORM_BAGLE.BI [Trend Micro]

W32.Mytob.AW@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).

W32.Kelvir.AC is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

W32.Kelvir.I is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

Also Known As: IM-Worm.Win32.Bropia.q [Kaspersky Lab], W32/Kelvir.worm.i [McAfee]

W32.Sober.N@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.

Also Known As: Win32.Sober.M [Computer Associates], Email-Worm.Win32.Sober.o [Kaspersky Lab], W32/Sober.o@MM [McAfee], W32/Sober-M [Sophos], WORM_SOBER.N [Trend Micro]

W32.Kelvir.AA is a worm that spreads through MSN Messenger and drops W32.Spybot.NLI. The worm also attempts to lower security settings.

W32.Kelvir.AB is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

W32.Picrate.B@mm is a worm that sends copies of itself to instant messenger contacts and drops a variant of W32.Spybot.Worm.

W32.Spybot.NYT is a worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities. The worm may be dropped by W32.Kelvir.Y.

W32.Kelvir.Y is a worm that spreads through MSN Messenger and drops W32.Spybot.NYT.

W32.Serflog.C is a worm that spreads through file-sharing networks and MSN Messenger. The worm also lowers security settings.

AKA: Win32.Sumom.C [Computer Associates], IM-Worm.Win32.Sumom.c [Kaspersky Lab], W32/Crog.worm [McAfee], W32/Sumom-C [Sophos], WORM_FATSO.C [Trend Micro]

W32.Kelvir.X is a worm that spreads through MSN Messenger and drops a copy of W32.Spybot.Worm.

W32.Sinnaka.A@mm is a worm that uses its own SMTP engine to send itself as an email attachment.

W32.Beagle.BN@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of Trojan.Tooso.F. The worm also opens a back door on the compromised computer through TCP port 80.

W32.Beagle.BN@mm may be downloaded by Trojan.Tooso.G.

W32.Kelvir.W is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

W32.Spybot.NPS is a worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities.

W32.Myfip.AC is a network-aware worm that steals information from a compromised computer and lowers security settings.

The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

W32.Kelvir.V is a worm that spreads through MSN Messenger and drops W32.Spybot.NNT.

W32.Kelvir.S is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

W32.Kelvir.U is a worm that spreads through MSN Messenger and drops a copy of W32.Spybot.NLI.

W32.Picrate.A@mm is a worm that sends copies of itself to instant messenger contacts and drops a copy of a W32.Spybot.Worm variant.

W32.Kelvir.T is a worm that spreads through MSN Messenger and drops a variant of W32.Randex.

W32.Spybot.NNT is a worm that has back door and distributed denial of service capabilities. The worm spreads through network shares protected by weak passwords and by exploiting computer vulnerabilities.

W32.Mytob.AV@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Mytob.AU@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through network shares protected by weak passwords. The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

Also Known As: WORM_MYTOB.BH [Trend Micro]

W32.Kelvir.R is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

It also spreads by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026), the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011), and the vulnerabilities in the Microsoft SQL Server 2000 or MSDE 2000 audit (as described in Microsoft Security Bulletin MS02-061) using UDP port 1434.

W32.Spybot.NLX is a worm that has distributed denial of service and back door capabilities.

The worm spreads through network shares protected by weak passwords and by exploiting the following vulnerabilities:

* The Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).
* The Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011).
* The Microsoft Windows SSL Library Denial of Service Vulnerability (described in Microsoft Security Bulletin MS04-011).
* The Vulnerabilities in the Microsoft SQL Server 2000 or MSDE 2000 audit (as described in Microsoft Security Bulletin MS02-061) using UDP port 1434.
* The UPnP NOTIFY Buffer Overflow vulnerability (as described in Microsoft Security Bulletin MS01-059).
* The Workstation Service Buffer Overrun vulnerability (as described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049.
* The DameWare Mini Remote Control Server Pre-Authentication Buffer Overflow vulnerability (described in CAN-2003-0960.)

W32.Kelvir.Q is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.Worm.

W32.Mytob.AS@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads through the network by exploiting vulnerabilities and opens a back door on the compromised computer.

W32.Mytob.AR@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer with back door capabilities.

The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

W32.Mytob.AO@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Mytob.AQ@mm is a mass-mailing worm with back door capabilities that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

W32.Mytob.AN@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads through the network by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in the Microsoft Security Bulletin MS04-011).

W32.Mytob.AP@mm is a mass-mailing worm with back door capabilities that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Kelvir.P is a worm that spreads through MSN Messenger and drops a variant of W32.Spybot.NLI.

W32.Spybot.NLI is a worm that opens a back door on the compromised computer. The worm may be dropped by W32.Kelvir.P.

W32.Mytob.AM@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Mytob.AL@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Mytob.AJ@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Mytob.AK@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Mytob.AI@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Mytob.AF@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011) and the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026).

Also Known As: Win32.Mytob.AJ [Computer Associates], Net-Worm.Win32.Mytob.x [Kaspersky Lab], W32/Mytob.gen@MM [McAfee], W32/Mytob-AB [Sophos], WORM_MYTOB.AM [Trend Micro]

W32.Mytob.AH@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

Also Known As: WORM_MYTOB.AD [Trend Micro]

W32.Mytob.AG@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.

The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

Also Known As: WORM_MYTOB.AC [Trend Micro]

W32.Mytob.AE@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

VBS.Ypsan.D@mm is a mass-mailing worm that sends itself to all email addresses gathered from the Windows Address Book and attempts to shut down the compromised computer.

W32.Myfip.AB is a network-aware worm that steals files from the compromised computer.

W32.Aprilcone.A@mm is a mass-mailing worm that uses JMail to send emails to addresses that it gathers from the compromised computer.

Also Known As: Email-Worm.Win32.Dushit.a [Kaspersky Lab], W32/Dushit@MM [McAfee], WORM_APRIFUL.A [Trend Micro]

W32.Mytob.AD@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer. The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

W32.Kipis.N@mm is a mass-mailing, network-aware worm that spreads by sending an email to addresses it finds on an compromised computer. The worm also copies itself to folders which contain the string "share".

W32.Kelvir.O is a worm that spreads through MSN Messenger.

W32.Spybot.LZI is a worm that opens a back door and attempts to lower security settings on a compromised computer. The worm spreads by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026)