|
|
 |
 |
| SUN |
MON |
TUE |
WED |
THU |
FRI |
SAT |
| |
|
|
|
|
 1
|
2
|
| 3 |
4
|
5
|
6
|
7
|
8
|
9
|
| 10
|
11
|
12
|
13
|
14
|
15
|
16
|
17
|
18
Hasta.884
I-Worm.Win32.K
ickin.249856
|
19
I-Worm.Win32.R
oron.B
|
20
JS.Gigger
X97M.Bdoc2.B
X97M.Bdoc2.A
I-Worm.Win32.Y
aha.44544
|
21
I-Worm.Win32.Y
aha.34304
I-Worm.Win32.Y
aha.28672
|
22
|
23
W95M.Alex.A
W97M.Blee.A
VBS.San.A
VBS.Valentin
Win95.HPS
|
| 24
|
25
|
26
|
27
|
28
|
29
|
30
|
| 31
|
|
|
|
|
|
|
|
|
Active virus list Friday/01/08/2008
|
| |
- JS.Gigger
JS.Gigger is a script virus that is written in JavaScript. It spreads itself through email, mIRC and network shared folder with read/write access.
It emails itself to all addresses in the Microsoft Outlook Address Book with the following content:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachment: Mmsn_offline.htm
|
|
| |
- I-Worm.Win32.PetLil.B
I-Worm.Win32.PetLil.B is a mass-mailing worm that sends itself to all contacts in Microsoft Outlook Address Book. The email has the following characteristics:
Subject: XXX Picture...
Body: A pretty girl waits for you. Click on attached file...
Attachment: XXXPic.exe
Infection Length: 37,376 bytes
|
|
| |
- I-Worm.Win32.Chir.B
This mass-mailing worm sends itself to all the addresses in Windows Address Book.
The message has the following characteristics:
Subject : [Infected computer's name] is comming!
Attachment : pp.exe (10,748 bytes)
It does not contain any email message and the worm will be activated when the user read the email.
|
|
|
Active virus list Saturday/02/08/2008
|
| |
- W97M.Blee.A
W97M.Blee.A is a macro virus that displays the following message box on Saturday.
VicodinES is probably high on painkillers right now
It modifies the infected file's properties:
Author: VicodinES
Title: Another W97M/Blee.Poppy Infected Document
Description: Hello from VicodinES and The Narkotic Network ...we mean you no harm
|
|
| |
- VBS.io
VBS.io is a Trojan Horse script virus. It cannot spread itself and is created and run by PHP.io.
It overwrites '.sys', '.dll', '.ocx', and '.drv' files in C:WindowsSystem. These infected files cannot be recovered.
|
|
| |
- Win95.HPS
Win95.HPS is a polymorphic virus that infects "*.EXE", "*.SRC", and "*.SYS" files.
Upon infection, it displays Windows closing screen on Saturday.
|
|
| |
- VBS.Merlin
VBS.Merlin is a script virus that spreads itself via emails, mIRC, and mapped network drives.
Upon execution, it creates 500 folders with read-only and hidden attributes.
It deletes all '.doc' files and infects '.vbs' and '.vbe' files.
|
|
| |
- Keypress.1236
Keypress.1236 is a memory-resident virus that infects "*.COM" and "*.EXE" files.
5 minutes after the execution of files that are infected, it displays the following text string on 2nd of every even-numbered month:
"SADDAM, the inferiority of the chaos".
|
|
| |
- Win95.CIH.1049
Further virus definitions will be released soon.
|
|
| |
- Win95.CIH.1106
Win95.CIH.1106 was first reported on 14 Nov 2002.
It attempts to infect EXE files on Windows systems. However, it can only infects Windows 95/98/ME systems and is not able to execute itself on Windows NT/2000/XP systems.
|
|
|
Active virus list Monday/04/08/2008
|
| |
- Win95.CIH.1042
Win95.CIH.1042 is one of the variants of Win95.CIH virus and its trigger date is on the 4th of every month.
Upon execution, it resides in the memory and infects all ".exe" files in Windows 95/98. It destroys the flash memory and puts useless data in the fore part of the hard disk on the 4th of every month. However, this virus cannot be activated on Windows NT system due to its memory-residing feature.
|
|
| |
- VBS.Merlin
VBS.Merlin is a script virus that spreads itself via emails, mIRC, and mapped network drives.
Upon execution, it creates 500 folders with read-only and hidden attributes.
It deletes all '.doc' files and infects '.vbs' and '.vbe' files.
|
|
| |
- I-Worm.Win32.Kickin.249856
I-Worm.Win32.Kickin.249856, found on 1 May 2003, has various propagating paths such as E-mail, P2P, IRC, and etcetera.
1. The worm terminates the following processes:
- ALERTSVC
- AMON.EXE
- ANTI-TROJAN
- ATRACK
- AVCONSOL
- AVP.EXE
- AVP32
- AVPCC.EXE
- AVPM.EXE
- AVSYNMGR
- BLACKICE
- CCAPP.EXE
- CFINET
- CFINET32
- CLEANER
- COMMAND
- ESAFE.EXE
- F-PROT
- FP-WIN
- FRW.EXE
- F-STOPW
- IAMAPP
- IAMSERV.EXE
- ICMON
- IOMON98
- LOCKDOWN2000
- LOCKDOWNADVANCED
- LUALL.EXE
- LUCOMSERVER
- MCAFEE
- MSCONFIG
- NAVAPSVC
- NAVAPW32
- NAVLU32
- NAVRUNR
- NAVW32
- NAVWNT
- NETSERVICES
- NISSERV
- NMAIN.EXE
- NPROTECT
- NSCHED32
- NVC95
- PCCIOMON
- PCCMAIN
- PCCWIN98
- PCFWALLICON
- POP3TRAP
- PVIEW.EXE
- RAVMOND
- REGEDIT
- RESCUE32
- SAFEWEB
- SCAN32
- SPHINX.EXE
- SYMPROXYSVC
- SYSHELP
- TASKMGR
- TDS2-NT
- VETTRAY
- VSECOMR
- VSHWIN32
- VSMON.EXE
- VSSTAT
- WEBSCANX
- WEBTRAP
- WINDRIVER
- WINGATE
- WINHELP
- WINRPC
- ZAPRO.EXE
- ZONEALARM
* These are mostly processes of security programs (some processes have been targeted by other worms).
2. The worm drops "cyberwolf.txt" into the Windows folder.
3. The worm attempts to connect to the following URL:
www.india-------kes.cjb.net
www.brai------ck.com
www.christ-------guilera.com
4. The worm attempts to change Browser's home page to the following website on every Monday.
www.catholi-------as.org/superfuntime/
|
|
| |
- I-Worm.WIn32.Mapson.180736
Further virus definitions will be released soon.
|
|
|
Active virus list Tuesday/05/08/2008
|
| |
- VBS.Merlin
VBS.Merlin is a script virus that spreads itself via emails, mIRC, and mapped network drives.
Upon execution, it creates 500 folders with read-only and hidden attributes.
It deletes all '.doc' files and infects '.vbs' and '.vbe' files.
|
|
| |
- VBS.Reality.C
VBS.Reality.C is a variant of VBS.Reality.A.
A warning message will be displayed when the virus file is executed. The virus will only be activated when the user clicks "Yes". Since the virus changes the key value of the registry, this warning message is not displayed when the system restarts.
|
|
| |
- JS.Gigger
JS.Gigger is a script virus that is written in JavaScript. It spreads itself through email, mIRC and network shared folder with read/write access.
It emails itself to all addresses in the Microsoft Outlook Address Book with the following content:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachment: Mmsn_offline.htm
|
|
| |
- X97M.Bdoc2.B
Further virus definitions will be released soon.
|
|
| |
- X97M.Bdoc2.A
Further virus definitions will be released soon.
|
|
|
Active virus list Wednesday/06/08/2008
|
| |
- I-Worm.Win32.Yaha.44544
I-Worm.Win32.Yaha.44544 was found on 13 March 2003. Its executable file size is 44,544 bytes, and it is compressed using the UPX compressor.
(The uncompressed file size is 98,304 bytes.)
|
|
|
Active virus list Thursday/07/08/2008
|
| |
- W97M.Bentbasha.A
W97M.Bentbasha.A is a macro virus that triggers the opening or closing of infected or new document.
It will disable the macro protection function.
It opens Notepad and displays the following message on the 7th of every month.
Nazalost, Vas kompjuter je inficiran sa W97M.Bentbasha by e[ax] / SpeciesVL!
|
|
| |
- VBS.Merlin
VBS.Merlin is a script virus that spreads itself via emails, mIRC, and mapped network drives.
Upon execution, it creates 500 folders with read-only and hidden attributes.
It deletes all '.doc' files and infects '.vbs' and '.vbe' files.
|
|
| |
- I-Worm.Win32.Yaha.34304
I-Worm.Win32.Yaha.34304, which was found on 24 Dec 2002, is another variant of I-Worm.Win32.Yaha.
How it spreads
The worm selects mail recipients from the following files or address books:
- .NET messenger user's address book
- Yahoo pager user's address book
- *.ht* files in a local drive
- Windows address book
- MSN massenger user's address book
|
|
| |
- I-Worm.Win32.Lirva.A
I-Worm.Win32.Lirva.A spreads itself via email.
Subject :
- Fw: Prohibited customers...
- Re: Brigade Ocho Free membership
- Re: According to Daos Summit
- Fw: Avril Lavigne - the best
- Re: Reply on account for IIS-Security
- Re: ACTR/ACCELS Transcriptions
- Re: The real estate plunger
- Fwd: Re: Admission procedure
- Re: Reply on account for IFRAME-Security breach
- Fwd: Re: Reply on account for Incorrect MIME-header
|
|
| |
- I-Worm.Win32.Yaha.28672
Further virus definitions will be released soon.
|
|
|
Active virus list Friday/08/08/2008
|
| |
- VBS.San.A
VBS.San.A is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane.
It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal/acaymo.
|
|
| |
- VBS.Valentin
VBS.Valentin is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane.
It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal2/sereson
|
|
|
Active virus list Saturday/09/08/2008
|
| |
- W97M.Blee.A
W97M.Blee.A is a macro virus that displays the following message box on Saturday.
VicodinES is probably high on painkillers right now
It modifies the infected file's properties:
Author: VicodinES
Title: Another W97M/Blee.Poppy Infected Document
Description: Hello from VicodinES and The Narkotic Network ...we mean you no harm
|
|
| |
- I-Worm.Win32.Roron.B
I-Worm.Win32.Roron is a worm that can spread itself in a number of ways. These include sending itself out by email, copying itself to shared drives in networks, and placing copies of itself in folders that are likely to be shared via KaZaa peer to peer system.
|
|
| |
- Win95.HPS
Win95.HPS is a polymorphic virus that infects "*.EXE", "*.SRC", and "*.SYS" files.
Upon infection, it displays Windows closing screen on Saturday.
|
|
|
Active virus list Sunday/10/08/2008
|
| |
- VBS.io
VBS.io is a Trojan Horse script virus. It cannot spread itself and is created and run by PHP.io.
It overwrites '.sys', '.dll', '.ocx', and '.drv' files in C:WindowsSystem. These infected files cannot be recovered.
|
|
| |
- JS.Gigger
JS.Gigger is a script virus that is written in JavaScript. It spreads itself through email, mIRC and network shared folder with read/write access.
It emails itself to all addresses in the Microsoft Outlook Address Book with the following content:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachment: Mmsn_offline.htm
|
|
| |
- X97M.Bdoc2.B
Further virus definitions will be released soon.
|
|
| |
- X97M.Bdoc2.A
Further virus definitions will be released soon.
|
|
|
Active virus list Monday/11/08/2008
|
| |
- I-Worm.Win32.Lirva.A
I-Worm.Win32.Lirva.A spreads itself via email.
Subject :
- Fw: Prohibited customers...
- Re: Brigade Ocho Free membership
- Re: According to Daos Summit
- Fw: Avril Lavigne - the best
- Re: Reply on account for IIS-Security
- Re: ACTR/ACCELS Transcriptions
- Re: The real estate plunger
- Fwd: Re: Admission procedure
- Re: Reply on account for IFRAME-Security breach
- Fwd: Re: Reply on account for Incorrect MIME-header
|
|
| |
- I-Worm.Win32.Kickin.249856
I-Worm.Win32.Kickin.249856, found on 1 May 2003, has various propagating paths such as E-mail, P2P, IRC, and etcetera.
1. The worm terminates the following processes:
- ALERTSVC
- AMON.EXE
- ANTI-TROJAN
- ATRACK
- AVCONSOL
- AVP.EXE
- AVP32
- AVPCC.EXE
- AVPM.EXE
- AVSYNMGR
- BLACKICE
- CCAPP.EXE
- CFINET
- CFINET32
- CLEANER
- COMMAND
- ESAFE.EXE
- F-PROT
- FP-WIN
- FRW.EXE
- F-STOPW
- IAMAPP
- IAMSERV.EXE
- ICMON
- IOMON98
- LOCKDOWN2000
- LOCKDOWNADVANCED
- LUALL.EXE
- LUCOMSERVER
- MCAFEE
- MSCONFIG
- NAVAPSVC
- NAVAPW32
- NAVLU32
- NAVRUNR
- NAVW32
- NAVWNT
- NETSERVICES
- NISSERV
- NMAIN.EXE
- NPROTECT
- NSCHED32
- NVC95
- PCCIOMON
- PCCMAIN
- PCCWIN98
- PCFWALLICON
- POP3TRAP
- PVIEW.EXE
- RAVMOND
- REGEDIT
- RESCUE32
- SAFEWEB
- SCAN32
- SPHINX.EXE
- SYMPROXYSVC
- SYSHELP
- TASKMGR
- TDS2-NT
- VETTRAY
- VSECOMR
- VSHWIN32
- VSMON.EXE
- VSSTAT
- WEBSCANX
- WEBTRAP
- WINDRIVER
- WINGATE
- WINHELP
- WINRPC
- ZAPRO.EXE
- ZONEALARM
* These are mostly processes of security programs (some processes have been targeted by other worms).
2. The worm drops "cyberwolf.txt" into the Windows folder.
3. The worm attempts to connect to the following URL:
www.india-------kes.cjb.net
www.brai------ck.com
www.christ-------guilera.com
4. The worm attempts to change Browser's home page to the following website on every Monday.
www.catholi-------as.org/superfuntime/
|
|
|
Active virus list Tuesday/12/08/2008
|
| |
- VBS.io
VBS.io is a Trojan Horse script virus. It cannot spread itself and is created and run by PHP.io.
It overwrites '.sys', '.dll', '.ocx', and '.drv' files in C:WindowsSystem. These infected files cannot be recovered.
|
|
|
Active virus list Wednesday/13/08/2008
|
| |
- I-Worm.Win32.Yaha.44544
I-Worm.Win32.Yaha.44544 was found on 13 March 2003. Its executable file size is 44,544 bytes, and it is compressed using the UPX compressor.
(The uncompressed file size is 98,304 bytes.)
|
|
|
Active virus list Thursday/14/08/2008
|
| |
- O97M.Jerk.B
O97M.Jerk.B, a macro virus, is polymorphic and infects Microsoft Word 97 and Excel 97 files. It displays the following message from every 14th of June to December.
www.all.net
V guvax [User Name] vf n ovt fghcvq wrex!
|
|
| |
- O97M.Jerk.A
O97M.Jerk.A, a macro virus, is polymorphic and infects Microsoft Word 97 and Excel 97 files. It displays the following message from every 14th of June to December.
Class.Poppy
I think [User name] is a big stupid jerk!
|
|
| |
- VBS.San.A
VBS.San.A is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane.
It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal/acaymo.
|
|
| |
- VBS.Valentin
VBS.Valentin is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane.
It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal2/sereson
|
|
| |
- I-Worm.Win32.Yaha.34304
I-Worm.Win32.Yaha.34304, which was found on 24 Dec 2002, is another variant of I-Worm.Win32.Yaha.
How it spreads
The worm selects mail recipients from the following files or address books:
- .NET messenger user's address book
- Yahoo pager user's address book
- *.ht* files in a local drive
- Windows address book
- MSN massenger user's address book
|
|
| |
- I-Worm.Win32.Yaha.28672
Further virus definitions will be released soon.
|
|
|
Active virus list Friday/15/08/2008
|
| |
- Casino.2330
Casino.2330 is a DOS memory-resident file virus.
It infects files with ".COM" extension and "COMMAND.COM" files.
|
|
| |
- VBS.Reality.C
VBS.Reality.C is a variant of VBS.Reality.A.
A warning message will be displayed when the virus file is executed. The virus will only be activated when the user clicks "Yes". Since the virus changes the key value of the registry, this warning message is not displayed when the system restarts.
|
|
| |
- JS.Gigger
JS.Gigger is a script virus that is written in JavaScript. It spreads itself through email, mIRC and network shared folder with read/write access.
It emails itself to all addresses in the Microsoft Outlook Address Book with the following content:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachment: Mmsn_offline.htm
|
|
| |
- X97M.Bdoc2.B
Further virus definitions will be released soon.
|
|
| |
- X97M.Bdoc2.A
Further virus definitions will be released soon.
|
|
| |
- I-Worm.Win32.PetLil.B
I-Worm.Win32.PetLil.B is a mass-mailing worm that sends itself to all contacts in Microsoft Outlook Address Book. The email has the following characteristics:
Subject: XXX Picture...
Body: A pretty girl waits for you. Click on attached file...
Attachment: XXXPic.exe
Infection Length: 37,376 bytes
|
|
|
Active virus list Saturday/16/08/2008
|
| |
- W97M.Blee.A
W97M.Blee.A is a macro virus that displays the following message box on Saturday.
VicodinES is probably high on painkillers right now
It modifies the infected file's properties:
Author: VicodinES
Title: Another W97M/Blee.Poppy Infected Document
Description: Hello from VicodinES and The Narkotic Network ...we mean you no harm
|
|
| |
- VBS.io
VBS.io is a Trojan Horse script virus. It cannot spread itself and is created and run by PHP.io.
It overwrites '.sys', '.dll', '.ocx', and '.drv' files in C:WindowsSystem. These infected files cannot be recovered.
|
|
| |
- Win95.HPS
Win95.HPS is a polymorphic virus that infects "*.EXE", "*.SRC", and "*.SYS" files.
Upon infection, it displays Windows closing screen on Saturday.
|
|
|
Active virus list Monday/18/08/2008
|
| |
- Hasta.884
Hasta.884 is a DOS virus that infects files that have ".com" extension.
It increases the infected file size by 844 bytes.
When the infected file is executed, the speed is slower since it
searches for ".com" files to propagate.
|
|
| |
- I-Worm.Win32.Kickin.249856
I-Worm.Win32.Kickin.249856, found on 1 May 2003, has various propagating paths such as E-mail, P2P, IRC, and etcetera.
1. The worm terminates the following processes:
- ALERTSVC
- AMON.EXE
- ANTI-TROJAN
- ATRACK
- AVCONSOL
- AVP.EXE
- AVP32
- AVPCC.EXE
- AVPM.EXE
- AVSYNMGR
- BLACKICE
- CCAPP.EXE
- CFINET
- CFINET32
- CLEANER
- COMMAND
- ESAFE.EXE
- F-PROT
- FP-WIN
- FRW.EXE
- F-STOPW
- IAMAPP
- IAMSERV.EXE
- ICMON
- IOMON98
- LOCKDOWN2000
- LOCKDOWNADVANCED
- LUALL.EXE
- LUCOMSERVER
- MCAFEE
- MSCONFIG
- NAVAPSVC
- NAVAPW32
- NAVLU32
- NAVRUNR
- NAVW32
- NAVWNT
- NETSERVICES
- NISSERV
- NMAIN.EXE
- NPROTECT
- NSCHED32
- NVC95
- PCCIOMON
- PCCMAIN
- PCCWIN98
- PCFWALLICON
- POP3TRAP
- PVIEW.EXE
- RAVMOND
- REGEDIT
- RESCUE32
- SAFEWEB
- SCAN32
- SPHINX.EXE
- SYMPROXYSVC
- SYSHELP
- TASKMGR
- TDS2-NT
- VETTRAY
- VSECOMR
- VSHWIN32
- VSMON.EXE
- VSSTAT
- WEBSCANX
- WEBTRAP
- WINDRIVER
- WINGATE
- WINHELP
- WINRPC
- ZAPRO.EXE
- ZONEALARM
* These are mostly processes of security programs (some processes have been targeted by other worms).
2. The worm drops "cyberwolf.txt" into the Windows folder.
3. The worm attempts to connect to the following URL:
www.india-------kes.cjb.net
www.brai------ck.com
www.christ-------guilera.com
4. The worm attempts to change Browser's home page to the following website on every Monday.
www.catholi-------as.org/superfuntime/
|
|
|
Active virus list Tuesday/19/08/2008
|
| |
- I-Worm.Win32.Roron.B
I-Worm.Win32.Roron is a worm that can spread itself in a number of ways. These include sending itself out by email, copying itself to shared drives in networks, and placing copies of itself in folders that are likely to be shared via KaZaa peer to peer system.
|
|
|
Active virus list Wednesday/20/08/2008
|
| |
- JS.Gigger
JS.Gigger is a script virus that is written in JavaScript. It spreads itself through email, mIRC and network shared folder with read/write access.
It emails itself to all addresses in the Microsoft Outlook Address Book with the following content:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachment: Mmsn_offline.htm
|
|
| |
- X97M.Bdoc2.B
Further virus definitions will be released soon.
|
|
| |
- X97M.Bdoc2.A
Further virus definitions will be released soon.
|
|
| |
- I-Worm.Win32.Yaha.44544
I-Worm.Win32.Yaha.44544 was found on 13 March 2003. Its executable file size is 44,544 bytes, and it is compressed using the UPX compressor.
(The uncompressed file size is 98,304 bytes.)
|
|
|
Active virus list Thursday/21/08/2008
|
| |
- I-Worm.Win32.Yaha.34304
I-Worm.Win32.Yaha.34304, which was found on 24 Dec 2002, is another variant of I-Worm.Win32.Yaha.
How it spreads
The worm selects mail recipients from the following files or address books:
- .NET messenger user's address book
- Yahoo pager user's address book
- *.ht* files in a local drive
- Windows address book
- MSN massenger user's address book
|
|
| |
- I-Worm.Win32.Yaha.28672
Further virus definitions will be released soon.
|
|
|
Friday/22/08/2008 There is no Active Virus.
|
|
Active virus list Saturday/23/08/2008
|
| |
- W95M.Alex.A
W95M.Alex.A is a macro virus that displays an illegible message. If the user clicks OK, it deletes c:autoexec.bat, c:config.sys, and c:command.com on 23rd of every month.
On every 1st of the month, it displays a message box. If the user clicks OK, it deletes c:et3*.*, c:dos*.*, c:windows*.*, c:dos, and c:et3.
|
|
| |
- W97M.Blee.A
W97M.Blee.A is a macro virus that displays the following message box on Saturday.
VicodinES is probably high on painkillers right now
It modifies the infected file's properties:
Author: VicodinES
Title: Another W97M/Blee.Poppy Infected Document
Description: Hello from VicodinES and The Narkotic Network ...we mean you no harm
|
|
| |
- VBS.San.A
VBS.San.A is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane.
It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal/acaymo.
|
|
| |
- VBS.Valentin
VBS.Valentin is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane.
It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal2/sereson
|
|
| |
- Win95.HPS
Win95.HPS is a polymorphic virus that infects "*.EXE", "*.SRC", and "*.SYS" files.
Upon infection, it displays Windows closing screen on Saturday.
|
|
|
Active virus list Sunday/24/08/2008
|
| |
- I-Worm.Win32.Lirva.A
I-Worm.Win32.Lirva.A spreads itself via email.
Subject :
- Fw: Prohibited customers...
- Re: Brigade Ocho Free membership
- Re: According to Daos Summit
- Fw: Avril Lavigne - the best
- Re: Reply on account for IIS-Security
- Re: ACTR/ACCELS Transcriptions
- Re: The real estate plunger
- Fwd: Re: Admission procedure
- Re: Reply on account for IFRAME-Security breach
- Fwd: Re: Reply on account for Incorrect MIME-header
|
|
|
Active virus list Monday/25/08/2008
|
| |
- X97M.Barisada.I
X97M.Barisada.I is an Excel Macro virus.
While the original virus creates a 'HJB.XLS' file, this variant creates a 'HD.XLS' file in the XLSTART folder to infect systems.
|
|
| |
- X97M.Barisada.T
This Macro virus is a variant of X97M.Barisada.I.
Since it only infects a system when you are working on the infected document,
the possibility of the virus-infection is comparatively low.
|
|
| |
- X97M.Bdoc2.B
Further virus definitions will be released soon.
|
|
| |
- X97M.Bdoc2.A
Further virus definitions will be released soon.
|
|
| |
- I-Worm.Win32.Kickin.249856
I-Worm.Win32.Kickin.249856, found on 1 May 2003, has various propagating paths such as E-mail, P2P, IRC, and etcetera.
1. The worm terminates the following processes:
- ALERTSVC
- AMON.EXE
- ANTI-TROJAN
- ATRACK
- AVCONSOL
- AVP.EXE
- AVP32
- AVPCC.EXE
- AVPM.EXE
- AVSYNMGR
- BLACKICE
- CCAPP.EXE
- CFINET
- CFINET32
- CLEANER
- COMMAND
- ESAFE.EXE
- F-PROT
- FP-WIN
- FRW.EXE
- F-STOPW
- IAMAPP
- IAMSERV.EXE
- ICMON
- IOMON98
- LOCKDOWN2000
- LOCKDOWNADVANCED
- LUALL.EXE
- LUCOMSERVER
- MCAFEE
- MSCONFIG
- NAVAPSVC
- NAVAPW32
- NAVLU32
- NAVRUNR
- NAVW32
- NAVWNT
- NETSERVICES
- NISSERV
- NMAIN.EXE
- NPROTECT
- NSCHED32
- NVC95
- PCCIOMON
- PCCMAIN
- PCCWIN98
- PCFWALLICON
- POP3TRAP
- PVIEW.EXE
- RAVMOND
- REGEDIT
- RESCUE32
- SAFEWEB
- SCAN32
- SPHINX.EXE
- SYMPROXYSVC
- SYSHELP
- TASKMGR
- TDS2-NT
- VETTRAY
- VSECOMR
- VSHWIN32
- VSMON.EXE
- VSSTAT
- WEBSCANX
- WEBTRAP
- WINDRIVER
- WINGATE
- WINHELP
- WINRPC
- ZAPRO.EXE
- ZONEALARM
* These are mostly processes of security programs (some processes have been targeted by other worms).
2. The worm drops "cyberwolf.txt" into the Windows folder.
3. The worm attempts to connect to the following URL:
www.india-------kes.cjb.net
www.brai------ck.com
www.christ-------guilera.com
4. The worm attempts to change Browser's home page to the following website on every Monday.
www.catholi-------as.org/superfuntime/
|
|
|
Active virus list Tuesday/26/08/2008
|
| |
- X97M.Bdoc2.B
Further virus definitions will be released soon.
|
|
| |
- X97M.Bdoc2.A
Further virus definitions will be released soon.
|
|
|
Active virus list Wednesday/27/08/2008
|
| |
- I-Worm.Win32.Yaha.44544
I-Worm.Win32.Yaha.44544 was found on 13 March 2003. Its executable file size is 44,544 bytes, and it is compressed using the UPX compressor.
(The uncompressed file size is 98,304 bytes.)
|
|
|
Active virus list Thursday/28/08/2008
|
| |
- VBS.io
VBS.io is a Trojan Horse script virus. It cannot spread itself and is created and run by PHP.io.
It overwrites '.sys', '.dll', '.ocx', and '.drv' files in C:WindowsSystem. These infected files cannot be recovered.
|
|
| |
- I-Worm.Win32.Yaha.34304
I-Worm.Win32.Yaha.34304, which was found on 24 Dec 2002, is another variant of I-Worm.Win32.Yaha.
How it spreads
The worm selects mail recipients from the following files or address books:
- .NET messenger user's address book
- Yahoo pager user's address book
- *.ht* files in a local drive
- Windows address book
- MSN massenger user's address book
|
|
| |
- I-Worm.Win32.Yaha.28672
Further virus definitions will be released soon.
|
|
|
Active virus list Friday/29/08/2008
|
| |
- VBS.San.A
VBS.San.A is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane.
It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal/acaymo.
|
|
| |
- VBS.Valentin
VBS.Valentin is written with Visual Basic Script and spreads via emails. It utilizes the security vulnerability of MS Outlook Express, infecting the system through opening of the email or through Preview Pane.
It deletes all folders in C drive on 8th, 14th, 23rd, and 29th of every month and changes the home page of MS Internet Explorer to http://www.terra.es/personal2/sereson
|
|
|
Active virus list Saturday/30/08/2008
|
| |
- W97M.Blee.A
W97M.Blee.A is a macro virus that displays the following message box on Saturday.
VicodinES is probably high on painkillers right now
It modifies the infected file's properties:
Author: VicodinES
Title: Another W97M/Blee.Poppy Infected Document
Description: Hello from VicodinES and The Narkotic Network ...we mean you no harm
|
|
| |
- Win95.HPS
Win95.HPS is a polymorphic virus that infects "*.EXE", "*.SRC", and "*.SYS" files.
Upon infection, it displays Windows closing screen on Saturday.
|
|
| |
- VBS.Reality.C
VBS.Reality.C is a variant of VBS.Reality.A.
A warning message will be displayed when the virus file is executed. The virus will only be activated when the user clicks "Yes". Since the virus changes the key value of the registry, this warning message is not displayed when the system restarts.
|
|
| |
- X97M.Bdoc2.B
Further virus definitions will be released soon.
|
|
| |
- X97M.Bdoc2.A
Further virus definitions will be released soon.
|
|
|
Active virus list Sunday/31/08/2008
|
| |
- W97M.Class
W97M.Class is a macro virus that infects "Normal.dot" when the infected Microsoft Word 97 file is opened, then propagates itself to other files.
It drops "Class.sys" under the root directory and adds itself if there is another macro virus. Infected "Normal.dot" file has two macros - AutoClose and ToolsMacro. It hides its code using ToolsMacro, which removes the macro menu in the toolbar.
|
|
| |
- W97M.Bleck.A
W97M.Bleck.A is a Word macro virus. It infects "Normal.dot" file by running a macro that contains the virus codes when any of the infected documents is opened.
|
|
| |
- I-Worm.Win32.PetLil.B
I-Worm.Win32.PetLil.B is a mass-mailing worm that sends itself to all contacts in Microsoft Outlook Address Book. The email has the following characteristics:
Subject: XXX Picture...
Body: A pretty girl waits for you. Click on attached file...
Attachment: XXXPic.exe
Infection Length: 37,376 bytes
|
|
|
