OIT Help Desk
Archived Computer Viruses
January 2003 - December 2003
Virus Threat: Hijackware
A virus threat that is spreading across
campuses in the form of Trojan horses is called "hijackware". This
hijackware is usually downloaded from programs such as AOL Instant
Messenger, mIRC, and KaZaA; it can pose as any other file (screensaver,
picture, games, etc)...[original
article]
Updated by: Andrea at 2:00 pm
December 19, 2003
Windows Vulnerabilities as well as Blaster and Nachi
October 17, 2003:
The following Windows Operating Systems have security vulnerabilities
that allow viruses to enter the system with no user action: Windows
2000, Windows XP...[original
article]
Updated by: Andrea at 10:44
am
November 14, 2003:
This new variant of the Mimail virus, W32/Mimail.i@MM,
attempts to steal credit card information by displaying a fake PayPal
message....[original
article]
Updated by: Andrea at 12:48 pm
November 3, 2003:
W32.Mimail.D@mm is a variant of
W32.Mimail.C@mm that spreads by email...[original
article]
Updated by: Andrea at 11:34 am
October 31, 2003:
W32.Mimail.C@mm is a mass-mailing worm that spreads by email and steals
information from infected computers...[original
article]
Updated by: Andrea at 3:56 pm
Microsoft Windows Critical Update Available
October 30, 2003:
Microsoft announced a newly discovered vulnerability in all versions of
Windows NT, XP and 2000 which could allow a malicious hacker to access
an unprotected Windows box and crash it, run software with local system
privileges or perhaps even take control of the machine...[original
article]
Updated by: Andrea at 11:02
am
New Windows Vulnerability Exploited
September 17, 2003:
Software has been discovered that can infect computers that are not
updated with the latest Microsoft Windows patch... [original
article]
Updated by: Andrea at 2:41
pm
September 22, 2003: The
following e-mail is a hoax. Do not give your AOL account information to
any websites or through e-mail. The e-mail content is as follows: Dear
Aol member... [original
article]
Updated by: Andrea at 1:33
pm
September 18, 2003:
W32.Swen.A@mm is a mass-mailing worm that may pose as a Microsoft
security patch and also attempt to spread through network shares,
file-sharing networks... [original
article]
Updated by: Andrea at 1:37
pm
New Windows Vulnerability Exploited
September 17, 2003:
Software has been discovered that can infect computers that are not
updated with the latest Microsoft Windows patch... [original
article]
Updated by: Andrea at 2:41
pm
New Windows Vulnerability Announced Similar to Blaster Vulnerability
September 12, 2003: A new
vulnerability in certain versions of Microsoft Windows was announced
yesterday. This vulnerability is extremely similar to the one that
allowed the Blaster worm to infect computers last month...[original
article]
Updated by: Andrea at 12:38
pm
August 20, 2003:
W32.Welchia.Worm (also known as W32/Nachi.worm) is a worm that will
exploit a vulnerability in unpatched Windows NT 4.0, 2000, XP and 2003
systems.... [original
article]
Updated by: Andrea at 8:26
am
August 20, 2003:
W32.Sobig.F@mm is a mass-mailing worm that e-mails itself to addresses
found on the local system. The sender address is "spoofed", or forged,
it may appear to come from someone you know. The virus extracts
addresses from many common address books.... [original
article]
Updated by: Andrea at 8:05
am
August 12, 2003:
W32.Blaster.Worm (also known as W32/Lovsan.worm) is a worm that will
exploit a vulnerability in unpatched Windows NT 4.0, 2000, XP and 2003
systems. ... [original
article]
Updated by: Andrea at 8:17
am
August 4, 2003:
W32.Mimail.A@mm is a mass-mailing worm that e-mails itself to addresses
found on the local system. The sender address is "spoofed", or forged,
as admin@indstate.edu... [original
article]
Updated by: Andrea at 8:22
am
June 26, 2003:
W32.Sobig.E@mm is a mass-mailing worm that e-mails itself to addresses
found on the local system. The sender address is "spoofed", or forged,
and not a direct indication of an infected user. The virus extracts
addresses from many common address books.
The subject and body of the email containing the virus is random and the
name of the attachment will be one of the following names:
your_details.zip (contains details.pif), application.zip (contains
application.pif), document.zip (contains document.pif), screensaver.zip
(contains sky.world.scr), movie.zip (contains Movie.pif)..
[original
article]
Updated by: Andrea at 9:34
am
June 5, 2003:
W32/Bugbear.b@MM is a mass-mailing worm that emails itself to addresses
found on the local system. This goes for both the TO and FROM fields.
Thus the sender address is "spoofed", or forged, and not a direct
indication of an infected user. It extracts addresses from many common
address books. [original
article]
Updated by: Andrea at 10:27
am
May 19,
2003: W32.HLLW.Mankx@mm is a
mass-mailing worm that sends itself to all contacts in the Windows
Address Book as well as contacts stored in other files.
The subject of the email is random and the name of the attachment is
random but it will have a .pif extension. The body of the message will
say "All information is in the attached file". It will also attempt to
copy itself to all shared resources. [original
article]
Updated by: Andrea at 8:27
am
May 12,
2003: W32.HLLW.Fizzer@mm is a
mass-mailing worm that sends itself to all contacts in the Windows
Address Book. It contains a backdoor that uses mIRC to communicate with
a remote attacker. It also contains a keylogger.
The subject and body of the message are random. [original
article]
Updated by: Andrea at 8:47
am
CodeRed.F & Virus Hoax Resurgances
March 13, 2003:
CodeRed.F is a new variant of CodeRed II, it scans IP addresses for
vulnerable Microsoft IIS 4.0 and 5.0 Web servers and uses a buffer
overflow vulnerability to infect the remote computers. The worm injects
itself directly into memory, rather than copying itself as a file on the
system. In addition, CodeRed.F creates a file detected as
Trojan.VirtualRoot. Trojan.VirtualRoot gives the hacker full remote
access to the Web server. [original
article]
Updated by: Andrea at 9:04
am
February 26, 2003:
This is a mass-mailing worm that sends email to people in the address
book of many popular email programs. It may also reply to emails in the
inbox.
The email arrives with an attachment that could be named fun.exe,
images.exe, news_doc.exe, s3msong.exe, pics.exe, billgt.exe,
midsong.exe, PsPGame.exe, hamster.exe, setup.exe, tamagotxi.exe,
joke.exe, docs.exe, searchurl.exe, card.exe, pics.exe. The subject and
body of the message can vary. [original
article]
Updated by: Andrea at 9:04
am
Resurgence of W32.Klez.H
January 27, 2003:
There has been a resurgence of Klez.H emails recently. Klez.H is a
variant of the Klez worm series discovered in April of 2002. One common
email format for Klez.H, are emails that claim to have an immunity tool
for the Klez virus included in the email. Do not run this tool. It is in
fact the virus. It is best not to open any files attached in emails that
you are not expecting. Since Klez spoofs an address from the infected
user's address book, the email can appear to be from someone you know
well. [original
article]
Updated by: Andrea at 9:04
am
January 27, 2003:
SQL Slammer Worm targets systems running Microsoft SQL Server 2000, as
well as Microsoft Desktop Engine (MSDE) 2000. MSDE is included with
Visual Studio and the full install of MS Access. Details for determining
whether or not you could be affected are in the Microsoft bulletin links
below... [full
article]
Updated by: Andrea at 8:59
am
January 2, 2003:
W32.Yaha.K@mm is a mass-mailing worm that sends itself to email
addresses found in the Microsoft Outlook address book, MSN Messenger,
.NET Messenger, Yahoo Pager and also infects any files that have HT in
the file extension... [full
article]
Updated by: Andrea at 8:21
am
Archived Virus and Security Alerts: