The W32.Sober.I@mm worm - November 19, 2004 - High

This is a mass-mailing worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the infected computer.

The email sender address is spoofed. The name of the email attachment varies, and it will have a .bat, .com, .pif, .scr, or .zip file extension.

Previous serious threats

The W32.Beagle.M@mm worm March 13 - Moderate

This is a mass-mailing worm that uses its own SMTP engine to spread through email. This worm opens a backdoor on TCP port 2556 and attempts to spread through file-sharing networks by copying itself to folders that contain "shar" in their names. W32.Beagle.M@mm also infects files with the EXE extension.

W32.Beagle.J@mm worm March 2, 2004 - High

Is a mass-mailing worm that opens TCP port 2745 on your computer and spreads through email. It also Attempts to spread through file-sharing networks, such as Kazaa and iMesh.

W32.Netsky.D@mm from March 1, 2004 - High

W32.Netsky.D@mm is a mass-mailing worm that scans drives C through Z for email addresses and sends itself to those addresses.

W32.Beagle.E@mm February 28, 2004 - Moderate

This is a mass-mailing worm that opens a backdoor on TCP port 2745 on your computer. It uses its own SMTP engine to propagate email.

W32.Netsky.C  February 24, 2004

This is a variation of W32.Netsky.B but searches for folders containing "Shar" as opposed to "Share" or "Sharing".

W32.Netsky.B - February 18, 2004

This is a mass-mailing worm that uses its own SMTP software to send itself to email addresses it finds on your local drives or any network mapped drives. It also searches all local drives for folder names containing "Share" or "Sharing," and copies itself to those folders.

W32.Welchia.B & W32.Welchia.B - February 17, 2004

This worm is a variant of W32.Welchia.Worm. This worm will attempt to download the a buffer overrun patch from the Microsoft Windows Update Web site (which itself had an exploit), install it, and then restart the computer which will render the computer vulnerable to remote exploits using port 135.
 

W32.HLLW.Doomjuice - February 9, 2004

W32.HLLW.Doomjuice uses W32.Mydoom.A@mm or W32.Mydoom.B@mm to spread. It launches a DoS attack on the Microsoft site. The existence of the file intrenat.exe is an indication of a possible infection.

W32.Dumaru.AD@mm - February 3, 2004

W32.Dumaru.AD@mm is a mass-mailing worm that downloads and runs a keylogger, records personal information, and starts an FTP server on port 10000.
 

W32/Mydoom.B - January 28, 2004

This worm will perform a Denial of Service (DoS) against www.microsoft.com starting February 3, 2004 and www.sco.com starting February 1, 2004.

W32/Mydoom.A - January 26, 2004

Also known as W32.Novarg.A@mm. This  is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

The main problems facing internet users today are spam and viruses or worms. Spam can attack your Inbox which is very frustrating, but it is nothing compared to the damage that can be inflicted by a virus or worm.

Viruses (or Virii) come in all types of files, executable viruses, macro viruses even MP3 viruses! They can arrive by email, FTP (File transfer), Clicking on a link on some website, from a  floppy disk, memory cartridge, CD-ROM (pirated or illegally copied) or virtually any readable media you can find out there.

• Always update your operating system and software with the latest security patches, most viruses exploit security vulnerabilities to perform their attack. Using a good anti-virus software and keeping your system patched will keep 99% of viruses away.
• Do not open emails that you are not expecting.
• Always scan any floppy disk for viruses before using or copying it.
• Schedule a daily virus-scan or even twice a day.

If you have any ideas or experiences you would like to share with us, please email us at security@moomia.com and mention if you'd like to post your experience on the web for public viewing.

Moomia.com security administrator