Lonestar Home
Search Lonestar
Webmail
Texas.Net (Business)
Contact Info
Account Info
Change Password
Add Popmail
Spam Filter
Internet Alerts
Helpdesk
E-mail Support
Disclaimers
Internet Basics
Links
Virus Alerts
Security Alerts
Hoax Alerts
Spam Email
General Settings
Windows 2000
Windows ME
Windows 98
Windows NT 4.0
Macintosh Setup
Other OS Setup
Internet Software
Email Setup
Usenet News Setup
Web Page Setup
Modem Tips
FAQ
Trouble Ticket
Billing Ticket
helpdesk
Terms &
Conditions
Acceptable Use
Privacy Policy
Legal Text
English Text
World-Wide Web
E-mail
USENET News
IRC (Chat)
FTP
Telnet
Staff Picks
Games
Windows 98
Macintosh
Kids' Links
Virus Information
Here are a list of recent viruses that could affect you. More information can be found at Symantec and Sophos.| Virus, Worm, or Trojan Horse | Category | Description |
| W32.Netad.Trojan | 2 | W32.Netad.Trojan
is a Trojan horse that attempts to delete all files on the C: drive. |
| W32.Supova.Z@mm | 2 | W32.Supova.Z@mm
is a mass mailing worm that sends itself to the email addresses in
the Microsoft Outlook address book. The worm also uses IRC to spread. |
| W32.Netsky.AC@mm WORM_NETSKY.AC [Trend], W32/Netsky-AC [Sophos], Win32.Netsky.AC [Computer Associates], I-Worm.NetSky.ad [Kaspersky] | 2 | W32.Netsky.AC@mm
is a worm that scans for the email addresses on all non-CD-ROM drives
on an infected computer. The worm then uses its own SMTP engine to
send itself to the email addresses that it finds.
The From, Body, and attachment of the email vary. The attachment has a .cpl extension. This threat is compressed with
PECompact. |
| W32.Sasser.D W32/Sasser-D [Sophos], WORM_SASSER.D [Trend], W32/Sasser.worm.d [McAfee], Win32.Sasser.D [Computer Associates], Worm.Win32.Sasser.d [Kaspersky] | 2 | The W32.Sasser.D
worm:
|
| W32.Sasser.C.Worm W32/Sasser-C [Sophos], Worm.Win32.Sasser.c [Kaspersky], W32/Sasser.worm.c [McAfee], WORM_SASSER.C [Trend], Win32.Sasser.C [Computer Associates] | 2 |
W32.Sasser.C.Worm is a minor variant of W32.Sasser..Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011 and spreads by scanning randomly selected IP addresses for vulnerable systems. W32.Sasser.C.Worm differs from W32.Sasser.Worm as follows:
|
| 4 |
W32.Sasser.B.Worm is a variant of the Sasser Worm. It attempts to
exploit the LSASS vulnerability described in Microsoft Security
Bulletin MS04-011. Symptoms include odd computer behavior
including frequent disconnects and computer restarts in early
stages of infection, followed by an eventual complete inability
to connect to any internet resource via any port. Every port
but those that Sasser uses to replicate itself with are blocked
in this stage of infection. Sasser spreads itself by scanning
randomly selected IP addresses of unpatched systems.
Symantic Security Response has developed a Removal Tool to remove the Sasser infection. This worm can only infect systems vulnerable to the LSASS vulnerability. The MS04-011 patch can be found here. |
|
|
W32.Netsky.P@mm | 3 | Due to an increase
in the rate of submissions, Symantec Security Response has upgraded
W32.Netsky.P@mm to a Category 3 from a Category 2 threat as of March
22, 2004.
W32.Netsky.P@mm (also known as W32.Netsky.Q@mm) is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders. |
|
W32.Beagle.T@mm | 2 | W32.Beagle.T@mm is a variant of W32.Beagle.R@mm. This worm attempts to send an HTML email to the addresses found in the files on an infected computer. The email does not contain an attachment of the worm. Instead, the HTML email uses the Microsoft Internet Explorer Object Tag Vulnerability that allows for the automatic download and execution of a file hosted on a remote Web site. This file is a copy of the worm, but may change in the future. |
| W32.Netsky.O@mm | 2 | W32.Netsky.O@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The "sender" of the email is spoofed, and its subject line and message body of the email vary. |
|
W32.Mydoom.H@mm W32/Mydoom.h@MM [McAfee], Win32.Mydoom.H, [Computer Associates], WORM_MYDOOM.H [Trend] |
2 | The worm arrives as an attachment with the file extension .bat, .com, .cmd, .exe, .pif, .scr, or .zip. The From: line of the email may be spoofed. |
|
W32.Welchia.D.Worm W32.Alua@mm, Win32/Bagle.B.Worm [Computer Associates], Bagle.B [F-Secure], W32/Bagle.b@MM [McAfee], W32/Bagle.B@mm [Norman], WORM_BAGLE.B [Trend Mirco], W32/Bagle.B.worm [Panda], W32/Tanx-A [Sophos] |
2 | W32.Welchia.D.Worm is a minor variant of W32.Welchia.C.Worm. |
| Trojan.Qhosts | 2 | This is a trojan that will modify settings in TCP/IP to point to a different DNS server. This trojan does not have the ability to spread, a web page must be opened that has the capacity to open the viral html file on the target's machine in order to infect it. |
| W32.Swen.A@mm | 3 | This is a mass emailing worm that uses its own SMTP engine to replicate. It also attempts to spread through file sharing networks and IRC, as well as attempting to kill antivirus and personal firewall programs. This worm can arrive as an attachment in email. The forms vary. This worm utilizes a vulnerability in Microsoft Outlook and Outlook Express. Information and patches can be found here. This worm poses as the Microsoft Security Update. The worm installs itself no matter what choice is taken. |
| W32.HLLW.Syney@@mm | 2 |
This is a mass email worm that deletes Windows system files and spreads
via Microsoft Outlook. Subject: Fwd: None Attachment: Attach.exe |
| W32.HLLW.Gaobot.AA | 2 | W32.HLLW.Gaobot.AA is a worm that spreads to network shares with weak passwords. This worm utilizes two Microsoft Windows vulnerabilities: MS03-039 and MS03-001. This worm will only affect Windows 2000, NT, and XP. This worm also allows unauthorized remote access via irc. |
| W32.Sobig.F@@mm, |
4 |
W32.Sobig.F@@mm is a mass-mailing, network-aware worm that sends itself
to all the email addresses that it finds in the
files with the following extensions:
.dbx, .eml, .hlp, .htm, .html, .mht, .wab, .txt. The worm utilizes it's
own SMTP engine to propagate and
will attempt to create a copy of itself on accessible
network shares. It uses a spoofed from address, with the subject using:
Details, Approved, My details, Thank you!,
That movie, Wicked screensaver, Your application.
(It may even spoof it being a reply by putting Re: in front of any of
the above.) The body of the text
will have either "See the attached file for details" or "Please see
the attatched file for details."
The attatchment may be one of the following: your_document.pif,
document_all.pif, thank_you.pif,
your_details.pif, document_9446.pif, application.pif, wicked_scr.scr,
movie0045.pif.
See
Removal Instructions
at the bottom of the Symantec page for
W32.Sobig.f@@mm. Note: This worm deactivated on 09/10/03 and is no longer a threat. |
| W32.Blaster.F.Worm |
2 |
W32.Blaster.F.Worm is a worm that exploits the DCOM RPC vulnerability as
described in Microsoft Security Bulletin
MS03-039 using TCP port 135. The worm targets only Windows 2000 and
Windows XP computers. White Windows NT and Windows 2003 Servers are
vulnerable to this exploit (if not properly patched), the worm is not
coded to replicate to those systems. The worm attempts to download
the Enbiei.exe file into the %Windir%\System32 folder, then execute it.
W32.Blaster.F.Worm does not have mass-mailing functionality. Additional
information is available in the Microsoft article
"
What You Should Know About the Blaster Worm and Its Variants."
Symantec Blaster Worm Removal Tools: W32.Blaster.Worm (This removal tool works for all variations of the W32.Blaster.Worm.) Microsoft Security Bulletin MS03-039 Patches |
Last Update: $Date: 2004/06/03 21:27:43 $