MAJOR SECURITY VIRUS WARNINGS Will be posted here as and when i receive them. It is very important to follow the recommendations from the authors of the relevant software involved

Regards

This is a virus alert for W32/Sober.C, a new Sober variant
first detected on 20 December 2003. This worm has gained
considerable momentum in recent days, particularly in German
speaking areas.

Risk:
Due to its distribution W32/Sober.C@mm is estimated to be
medium risk.

Recommended Reactions:
Users of F-Prot Antivirus should update their virus signature
files immediately. W32/Sober.C is detected by F-Prot
Antivirus using virus signature files dated 20 December 2003
and later.

--
F-Prot Antivirus Alert Service
http://www.f-prot.com

Common name: Jitux.A

Technical name: W32/Jitux.A.worm

Threat level: High

Type: Worm

Subtype: Trojan

Effects:
It spreads via MSN Messenger. It goes memory resident and sends messages every five minutes.



Affected platforms: Windows 2003/XP/2000/NT/ME/98/95


First appeared on: Dec. 30, 2003

In circulation? Yes


Brief Description




Jitux.A is a worm that spreads via the instant messaging program MSN Messenger in a message that only contains a link to the web page . When the user visits this web page, a file called JITUXRAMON.EXE is downloaded.

Once the file JITUXRAMON.EXE is run, the computer is affected. Jitux.A goes memory resident and sends the message specified above to all the active contacts in Messenger's Contact list every five minutes.


Visible Symptoms

Jitux.A is easy to recognize, as it reaches the computer when the user visits a link contained in a message received via MSN Messenger:







Last updated: Dec. 30, 2003

Source courtesy of panda software

Current Virus Warnings
Win32.HLLM.Foo.25632
(W32.Paylap@mm, Win32/Mimail.Variant.Worm, JS.Mimail.I)

The worm spreads as an attachment to a mail message.
The worm is using its own SMTP server.
To secure the launch of the attachment containing the worm's body named PATPAL.ASP.SCR the aggressor employs the so-called social-engineering technique. The subject YOUR PAYPAL.COM ACCOUNT EXPIRES and the message body, sent as if by the administrator of the on-line payment company PayPal, serve to persuade the user to open the infected file.

Mail format:

From:PayPal.com
To:donotreply@paypal.com
Subject: YOUR PAYPAL.COM ACCOUNT EXPIRES
Mail text:
Dear PayPal member,

PayPal would like to inform you about some important information regarding your PayPal account. This account, which is associated with the email address

<your@EMail.Address.is.here>

will be expiring within five business days....

Attached file: www.paypal.com.scr


The worm will be activated only if the user will open the false form!



Win32.HLLM.Foo.25632 is detected and disinfected by Dr.Web since November 14, 2003.
If the SpIDer Mail module is active, it protects against all messages infected by this worm.
INFORMATION COURTESY OF DR WEB SOFTWARE

Trojan.Xombe is a Trojan horse that has at least two components: a 4,096 byte downloader and a 27,136 byte Trojan. The downloader component will retrieve the Trojan file from a predetermined Web site.

The download component has been distributed in an unsolicited email, purporting to be a security update for Windows XP, sent by Microsoft.

The email has the following characteristics:

From: windowsupdate@microsoft.com
Subject: Windows XP Service Pack 1 (Express) - Critical Update.
Attachment: winxp_sp1.exe(4,096 KB)

The Trojan is packed with UPX.


Also Known As: Xombe [FSecure], Downloader-GJ [McAfee], Troj/Dloader-L [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX, Windows 3.x

INFORMATION COURTESY OF NORTON
Please note
Microsoft never send patches or updates via email. So users should become aware that any such message and related file attachment is probably an attempt to compromise the security of their systems.

ATTENTION TO EVERYONE

This is a virus alert for W32/Bagle.A@mm a new mass-mailing
worm first detected on 18 January 2004. This worm has rapidly
gained momentum over the past 24 hours and has spread
considerably.

Risk:
Due to its distribution W32/Bagle.A@mm is estimated to be
medium risk.

Recommended Reactions:
Users of ALL Antivirus should update their virus signature
files immediately. W32/Bagle.A is detected by
Antivirus using virus signature files dated 19 January 2004
and later.
__________________

ATTENTION TO EVERYONE WILL YOU PLEASE MAKE SURE YOUR ANTI VIRUS IS UP TO DATE WITH THE LATEST SIGNATURE FILES
This is a virus alert for W32/Mydoom.A@mm, a new mass-mailing
worm first detected on 26 January 2004. This worm has rapidly
gained momentum in the last few hours and has spread
considerably.

Risk:
Due to its distribution W32/Mydoom.A@mm is estimated to be
medium risk.

Dear nick,
HI EVERYONE PLEASE NOTE THAT THIS WORM IS NOW HIGH RISK
W32/Mydoom@MM is a HIGH-OUTBREAK mass-mailing worm flooding email servers worldwide. When run, the worm steals email addresses from the infected machine and also automatically generates random email addresses for propagation. This email generation engine is similar to technologies spammers use to generate addresses for spam email campaigns.

W32/Mydoom@MM generates emails with a spoofed "From: field", so incoming messages may appear to be from people you know. Furthermore, the subject line and message body are both randomly generated by the worm.


Caution—An infected email can come from addresses you recognize and may contain the following information:

From: randomly generated (spoofed)
Subject: randomly generated
Body: randomly generated—examples:

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.

Attachment: randomly generated
The icon used by the file tries to make it appear as if the attachment is a text file. The attachment type varies [.exe, .pif, .cmd, .scr]—often arrives in a ZIP archive. (filesize = 22,528 bytes)

Aliases: Novarg, W32.Novarg.A@mm, Win32/Shimg, WORM_MIMAIL.R

INFORMATION KINDLY SENT TO ME FROM McAfee

HI EVERYONE PLEASE NOTE THAT THIS WORM W32/Mydoom@MM is still high risk

NEW RISK FOR THE 30-1-04
Dear nick,

W32/Mimail.s@MM is a Medium Risk mass-mailing worm that tries to steal credit card information by displaying a fake Microsoft Windows license expiration message. Stolen credit numbers are sent to addresses within the domains @mail15.com and @ziplip.com.

W32/Mimail.s@MM also forwards itself to contacts it steals from the infected machine.

Caution: Watch out for emails with "here is the file you asked for" in the subject line or body. They may contain an attachment with the W32/Mimail.s@MM worm.


What to look for:

From: An infected email can come from people you know.
Subject: here is the file you asked for
Body: Hi! Here is the file you asked for!
Attachment: example--document.txt.scr
possible file extensions used: .pif, .scr, .exe, .jpg.scr, .jpg.pif, .jpg.exe, .gif.exe, .gif.pif, .gif.scr
Aliases: W32.Mimail.R@mm

INFORMATION KINDLY SENT TO ME FROM McAfee

31-1-04
HI EVERYONE PLEASE NOTE THAT THIS WORM W32/Mydoom@MM IS STILL VERY HIGH RISK

THIS IS THE LATEST UPDATE FOR ALL THE MAJOR VIRUSES AT THE PRESENT TIME. For the Expanded Threat List and Virus Encyclopedia please see the link below

VIRUS NAME

ALIASES

THREAT LEVEL

W32.Novarg.A@mm
I-Worm/Novarg, W32/Mydoom-A, W32/Mydoom@mm, WORM_MIMAIL.R

High

W32.Beagle.A@mm
I-Worm/Bagle, W32/Bagle-A, W32/Bagle@mm, WORM_BAGLE.A

Medium

Downloader-GN
TrojanDownloder.Win32.Small.cz, TrojanDownloaer.Win32.Mimail, Troj/Mmdload-A, Downloader.Mimail.B

Low

W32.Mimail.J@mm
I-Worm/Mimail.J, W32/Mimail-J, W32/Mimail.J@mm, WORM_MIMAIL.J, Mimail.I

Medium

W32.Mimail.C@mm
I-Worm/Mimail.C, W32/Mimail-C, W32/Mimail.c@mm, WORM_MIMAIL.C, I-Worm.NetWatch

Medium

W32.Swen.A
Swen, W32/Gibe.E-mm, I-Worm.Swen, W32/Gibe-F, WORM_SWEN.A

High

W32.Sluter.B
W32.Randex.F, W32/Sluter-B, Backdoor.Sdbot.gen

Medium

Backdoor.Apdoor.c
Bck/Apdoor.c, W32/Apdoor.C

Low

W32.Dumaru@mm
I-Worm/Dumaru, WORM_DUMARU.A, W32/Dumaru-A, W32/Dumaru@mm

Medium

W32.Sobig.F@mm
I-Worm/Sobig.F, WORM_SOBIG.F, Sobig.F, W32/Sobig-F, W32/Sobig.F

Medium

W32.Welchia.Worm
I-Worm/Generic, WORM_MSBLAST.D, Lovsan.D, W32/Nachi-A

High

W32.Blaster.C.Worm
W32/Lovsan.C.Worm, I-Worm/Generic, Worm/Lovsan.B, W32/Blaster-B, WORM_MSBLAST.C

Medium

W32.Blaster.Worm
Worm/Lovsan, W32/Blaster-A, W32/Lovsan.Worm, WORM_MSBLAST.A, Blaster, Lovesan, Win32.Poza

High

W32.Mimail.A@mm
I-Worm/Mimail, W32/Mimail-A, W32/Mimail@mm, WORM_MIMAIL.A, TrojanDropper.Js.Mimail

Medium

Trojan.W32.Webber
Downloader-DI, TrojanProxy.Win32.Webber, Troj/Webber-A, Trojan.Download.Berbew

Medium

W32.Mylife.N@mm
I-Worm/Mylife.N, W32/Mylife-M, Win32.Mylife.M

Low

W32.Mumu.B.Worm
Mumu.B, WORM_MUMU.A, W32.Mumu-C.

Low

W32.Sobig.E@mm
I-Worm.Sobig.gen, WORM_SOBIG.E, W32/Sobig-E, Sobig.E Worm

High

W32.Yaha.T@mm
I-Worm.Lentin.gen, W32/Yaha-T, W32/Yaha.T@mm, Yaha.T

Low

W32.Mapson@mm
I-Worm.Mapson, W32/Mapson-A, WORM_MAPSON.A, W32/Mapson.Worm, W32/Lorraine

Medium

W32.Sobig.D@mm
I-Worm.Sobig.gen, WORM_SOBIG.D, W32/Sobig-D, Sobig.D Worm

Low

W32.Sobig.C@mm
I-Worm.Sobig.c, WORM_SOBIG.C, W32/Sobig-C, Sobig.C Worm

Low

W32.Bugbear.B@mm
I-Worm.Bugbear.B, W32/Bugbear-B, WORM_BUGBEAR.B, Tanatos.b

High

JS/Fortnight.B
JS.Fortnight.M, JS/Fortnight.D , EML.Fortnight, Fortnight.C

Medium

W32.Yaha.P@mm
I-Worm.Lentin.m, I-Worm/Yaha.P, W32/Yaha-P, WORM_YAHA.P

Low

W32.Lovegate.F@mm
I-Worm/Lovegate, I-Worm.Supnot.f, WORM_LOVGATE.F, W32.HLLW.LoveGate.G@mm

Medium

W32.Palyh@mm
I-Worm.Palyh, WORM_SOBIG.B, W32/Palyh-A, W32.HLLW.Mankx@mm, Sobig.B Worm

Low

W32.Fizzer@mm
I-Worm/Fizzer, WORM_FIZZER.A, W32.HLLW.Fizzer@mm, W32.Fizzer-A

Low

W32.Yaha.K@mm
I-Worm.Lentin.I, W32/Yaha-M, WORM_YAHA.K, Yaha.K

Medium

W32.Lirva.A@mm
I-Worm.Lirva, W32/Avril-A, WORM_LIRVA.A, W32.Naith.A

Low

W32.Bugbear@mm
I-Worm.Bugbear, W32/Bugbear-A, WORM_BUGBEAR.A, Tanatos

Medium

W32.Yaha.E@mm
I-Worm.Lentin.g, W32/Yaha-E, WORM_YAHA.G, Yaha.E

Medium

Worm/Opaserv.K
Opaserv.K, WORM_OPASERV_K, W32.Opaserv.M.Worm

Medium

Worm/Opaserv.E
Opaserv.E, WORM_OPASERV_E, W32.Opaserv.E.Worm

Medium

Expanded Threat List and Virus Encyclopedia...
http://www.srnmicro.com/virusinfo/latestvir1.htm

PSS Security Response Team Alert - New Worm: W32/Mydoom@MM
Hi all this is the latest update review from Microsoft regarding the above. If you have not done so already i would suggest you read up on the update as it now stands
https://information.microsoft.com/technet/treeview/default.asp?url=/technet/security/alerts/mydoom.asp

17 February 2004

New Bagle-B worm spreading, warns Sophos
Sophos, a world leader in protecting businesses against spam and viruses, is warning of a new worm called Tanx-A (also known as Bagle-B). Sophos has received several reports of this worm spreading in the wild.

The Tanx-A (Bagle-B) worm spreads via email and arrives with the subject line 'ID' followed by various random characters and the message text 'Yours ID'. An attached .exe file, has a randomly generated filename. If run, a remote access component allows hackers to gain remote access to infected computers.

The worm harvests email addresses from infected PCs and, when forwarding itself on to other computer users, spoofs the "From:" field using addresses found on the computer's hard drive.

"Bagle-B tries to deceive computer users by spoofing the sender's address, but the worm is easy to spot because of its distinctive subject line," said Carole Theriault, security consultant, Sophos. "The message is simple - don't open unsolicited emails and don't automatically trust emails that appear to come from a known contact. Practising safe computing and blocking executable files at the email gateway will prevent infection from this worm."

Like its predecessor, Bagle-A, this worm has a built in 'dead date' and has been designed to fall dormant on 25 February 2004.

Further information and protection against W32/Tanx-A (Bagle-B)
http://www.sophos.com/virusinfo/analyses/w32tanxa.html

Dear nick,

W32/Netsky.b@MM is a Medium Risk mass-mailing worm that copies itself to folders named "share" or "sharing" on the infected system. It spreads itself to addresses it steals, spoofing or forging the "from: field" or using the address skynet@skynet.de. The worm also tries to deactivate the W32/Mydoom.a@MM and W32/Mydoom.b@MM viruses on the host computer.

Caution: An infected email can come from addresses you recognize.


What to look for:

Subject/Body: Varies. Examples include:
-I have your password!
-about me
-anything ok?
-do you?
-from the chatter
Attachment: Varies but may have a double-extension such as .rtf.pif contained in a .ZIP file.
Aliases: Moodown.B, I-Worm.Moodown.b

Up-to-date McAfee VirusScan users with DAT 4325 are protected from this threat.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101034&cid=9647

Hi all
This is the current security virus update for the 28-2-2004
This week's report on viruses and intrusions focuses on four worms: Netsky.C, Bizex.A, Nachi.D and Mydoom.F.

Netsky.C spreads via e-mail -in a message with variable characteristics- and through peer-to-peer file sharing applications. This malicious code deletes registry entries made by several worms including Mydoom.A and Mimail.T. In addition, when the system date is February 26 2004, Netsky.C emits random noises between 6.00 and 8.59 in the morning.

Bizex.A, on the other hand, spreads through the ICQ instant messaging program. It also downloads and runs a copy of itself by exploiting two recently detected flaws in Internet Explorer.

Bizex.A tries to steal information that users enter in websites of banks or other financial entities as well as information transmitted via HTTPS (HTTP over Secure Socket Layer) related to the login.yahoo.com and .passport domains. The data gathered is sent to an FTP server.

The third worm we'll look at in this report is Nachi.D, which spreads to computers with Windows 2003, XP, 2000 or NT. In order to spread as widely as possible it downloads a copy of itself by exploiting three vulnerabilities: Buffer Overrun in RPC Interface, WebDAV and Workstation Service Buffer Overrun. This action causes an increase in network traffic through TCP ports 80, 135 and 445.

Nachi.D can uninstall the A and B variants of Mydoom and Doomjuice, terminating their processes and removing any associated files. When the system date is June 1 or later, Nachi.D deletes itself.

Finally, we'll look at the F variant of Mydoom, which spreads in an e-mail message with variable characteristics. This is a destructive worm which deletes all files with any of the following extensions: AVI, BMP, DOC, JPG, MDB, SAV y XLS.

Mydoom.F installs a DLL which opens a backdoor and allows antivirus processes to be terminated, which leaves the PC vulnerable to attack from other malware. When the system date is between the 17th and 22nd of any month (and year) this worm carries out a distributed denial of service attack (DDoS) against w w w.microsoft.com and w w w.riaa.com (two out of three of the attacks are against Microsoft).

In seven out of ten cases, Mydoom.F displays an error message in the infected computer.
And lastly don't forget to keep your anti virus updated at all times

Hi all
We have a major outbreak as from today with the following viruses
W32/Bagle-H -
1 Mar (17:15) W32/Netsky-E -
1 Mar (11:38) W32/Netsky-D -
1 Mar (04:26) W32/Bagle-G -
1 Mar (00:18) W32/Bagle-F
Netsky.D and Bagle.E are spreading rapidly around the world.
Netsky.D reaches computers in an e-mail message whose subject, message body and attached file are selected at random from a list of options. Unlike the C variant, Netsky.D launches eight simultaneous threads, which means that from each infected computer, it will send at least eight times more infected mails

Bagle.E is a worm that spreads via e-mail in a message with variable characteristics, and an attached file that has an icon similar to the one belonging to Windows Notepad. Bagle.E contains a backdoor which opens the TCP port 2745. It attempts to connect to several web pages that host a PHP script. By doing this, Bagle.E notifies its author that the affected computer can be accessed through the port mentioned above.
Will you all make sure that you have updated your virus software
Regards

This is a virus alert for six new variants of the Bagle
family and two new variants of the Netsky family:

W32/Bagle.C@mm
W32/Bagle.D@mm
W32/Bagle.E@mm
W32/Bagle.F@mm
W32/Bagle.G@mm
W32/Bagle.H@mm
W32/Netsky.D@mm
W32/Netsky.E@mm

These new variants started spreading between 28 February and
1 March 2004.

Risk:
Most of these new variants are rated low risk and would not
warrant a virus alert on their own. Given the number of new
variants in a relatively short span of time, however, there
is reason for computer users to be careful.

Recommended Reactions:
Users of Antivirus should update their virus signature
files immediately. These variants are all detected by
Antivirus using virus signature files dated 1 March 2004 and
later. Note that multiple virus signature files were
released between 28 February and 1 March, each of which
detected all the variants that had been discovered at the
time of their release.

More information on these new variants of the Bagle and
Netsky families can be found at http://www.f-prot.com/virusinfo/

--
F-Prot Antivirus Alert Service
http://www.f-prot.com

Hi all
Please be aware that there is intense virus activity at the present time. And just a reminder to you all to keep checking that you have installed the latest updates as they will be coming through very fast today and at regular intervals
regards

ATTENTION EVERYONE
With regards to my post above the situation has continued to deteriorate throughout the day. Do please make sure that you check and update at least every 2 to 3 hours even through you may have your settings on automatic it is most wise to check the website and confirm to yourself that you are up to date with your virus signature's and if not download the updates manually
regards

ATTENTION EVERYONE
Virus Profile

Virus Information
Name: W32/Bagle.n@MM
Risk Assessment
- Home Users: Medium
- Corporate Users: Medium
Date Discovered: 3/13/2004
Date Added: 3/13/2004
Origin: Unknown
Length: 21kb
Type: Virus
SubType: E-mail worm
DAT Required: 4337

Quick Links
Virus Characteristics
Indications of Infection
Method of Infection
Removal Instructions
Aliases

Buy or Update
New Users Get Protected Now:
Buy VirusScan Update VirusScan
Virus Characteristics

-- Update March 13,2004 --
Due to increasing prevalence the risk assessment for W32/Bagle.n@MM has been raised to Medium.

PLEASE MAKE SURE YOUR ANTI VIRUS IS UPDATED AT ALL TIMES

HI EVERYONE
Please note there is a very high level of virus activity today the 18-3-04. So just a reminder to you all to make sure you check at your virus software site to make sure you are up to date with your signature's. All virus software has been updated today more then once and in the case of nod five times and kav 10 times so don't forget to keep checking


This is a virus alert for four new variants of the Bagle
family:

W32/Bagle.Q@mm
W32/Bagle.R@mm
W32/Bagle.S@mm
W32/Bagle.T@mm

These variants started spreading on 18 March 2004.

Risk:
These new variants are rated low risk and would not warrant a
virus alert on their own. However, given the number of new
variants in a relatively short span of time there is reason
for computer users to be careful.

Recommended Reactions:
Users of F-Prot Antivirus should update their virus signature
files immediately. These variants are all detected by F-Prot
Antivirus using virus signature files dated 18 March 2004 and
later.

SECURITY UPDATE FOR THE 19-3-04


Three new twists in Bagle virus saga
PETALING JAYA: Antivirus vendors said they have detected the appearance of new Q, R and S variants of the Bagle worm.

The most dangerous of the three is variant Q, which was spreading very rapidly, Panda Software Malaysia said in a statement last night.

Bagle.Q spreads via e-mail in a message with extremely variable characteristics. The e-mail message however does not include an attached file carrying the worm

Instead it uses a "carrier e-mail" method to bypass antivirus protection, said British security software vendor Sophos.

When you open a carrier e-mail, it attempts to exploit a vulnerability in Microsoft Outlook which automatically downloads Bagle.Q from the PC which sent you the "carrier" e-mail.

The downloaded copy of Bagle.Q is placed into your system folder with the name "directs.exe".

It then loads on your PC and terminates a wide range of security applications. It also makes multiple copies of itself into folders which are likely to be part of a file-sharing network, as well infecting programs on your PC by appending itself to existing .exe files -- this is called a "parasitic virus infection," said Sophos.

Panda Software said the carrier e-mail includes HTML code which can be used to download the file carrying the malicious code from the Internet onto the affected computer.

The R and S variants do not seem to be spreading as rapidly, the company said.

Users can detect and disinfect these and other malicious code by downloading the free Panda ActiveScan from www.pandasoftware.com.

You can also get more information on Bagle.Q, Bagle.R and Bagle.S from Panda Software's Virus Encyclopaedia at www.pandasoftware.com/virus_info/encyclopedia/.

Sophos has published an identity to allow Sophos Anti-Virus to detect and disinfect this virus; it is available at www.sophos.com/virusinfo/analyses/w32bagleq.html.

The company also advised users to get and apply the latest Internet Explorer and Outlook Express patches from Microsoft. This would prevent the automatic download of the virus.

Sysadmins should also disallow connections to TCP port 81 on their network firewall.

Blocking outbound port 81 connections stops computers on the network from downloading the worm from outside. Blocking inbound port 81connections means that even if you do get infected you will not pass the virus on to others, Sophos said.

SECURITY UPDATE FOE THE 23-3-04
Virus Profile

Virus Information
Name: W32/Netsky.p@MM
Risk Assessment
- Home Users: Medium
- Corporate Users: Medium
Date Discovered: 3/21/2004
Date Added: 3/21/2004
Origin: Unknown
Length: 29,568 bytes (mailed)
26,624 bytes (dropped)
Type: Internet Worm
SubType: E-mail worm
DAT Required: 4340

-- Update 22nd March 06:20 PST --
Due to increased prevalence, this threat has had its risk assessment raised to MEDIUM.

Dear nick:

Another variant of the W32/Netsky.MM virus, W32/Netsky.p@MM is a Medium Risk mass-mailing worm that arrives inside a .ZIP attachment (e.g., your_document.zip) and spreads itself by stealing email addresses from the infected computer, spoofing or forging the "from: field." Besides using its own SMTP engine, W32/Netsky.p@MM also propagates via peer-to-peer networks (e.g., Morpheus, Kazaa) by copying itself to shared file directories -- often with a celebrity (e.g., Britney Spears, Eminem) as part of the filename.

Note: W32/Netsky.p@MM takes advantage of vulnerable versions of Internet Explorer 5.01 and 5.5 to automatically execute the virus on a user's system. McAfee recommends running Windows Update to ensure you have the latest patches for Internet Explorer.

Up-to-date McAfee VirusScan users with DAT 4340 are protected from this threat.

The latest variant of W32/Bagle@MM, W32/Bagle.u@MM is a Medium Risk mass-mailing worm that:1) installs a dangerous backdoor Trojan-horse program that opens TCP port 4751, 2) opens the Windows game Hearts (if present on the system), and 3) sends itself to email addresses addresses stolen from an infected machine. It arrives as an attachment in an email with a blank subject line and blank body text.
Learn More about W32/Bagle.u@MM
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101141&cid=9929

Dear nick,

Worm.Win32.Sober.E Alert!
Worm.Win32.Sober.E is the 5th variant of the highly spread Sober worm and was first seen by our analysts on 03/28/2004 at 2:30pm CET. Like its predecessors its origin could be found in one of the german speaking countries. The worm is coded in Visual Basic 6 and is packed using UPX. The file size of the packed worm file is 30,720 bytes.

Infection
Worm.Win32.Sober.E comes via email to your PC. Worm mails have the following layout while always one of the subject, mail body and attachment options is chosen to generate the mail:

Subject:
HEY
hey?
Hey!
OK Ok OK!
OK OK
Ok ;-)
Hi :-)
hi
Hi
thx
Thx!
THX
Thx !!!

Mail body:
;-)
ha!
HA :-)
yo!
lol
LoL
LOL
Yo!

Attachment name:
Text.zip
Text.pif
Read.zip
Read.pif
Graphic-doc.zip
Graphic-doc.pif
document.zip
document.pif
Word.zip
Word.pif

Sober.E can be detected and removed with a² with the latest signature updates loaded. The a² background guard blocks the worm immediately if it is started.

A more detailed description of the worm can be found at the a² Malware Database:
http://www.emsisoft.com/en/malware/?Worm.Win32.Sober.E


Sincerley yours,

Your a² Team
http://www.emsisoft.com

Dear nick:

Another variant of the W32/Netsky.MM virus, W32/Netsky.q@MM is a Medium Risk mass-mailing worm that arrives inside a .ZIP, .PIF, .SCR or .EML attachment and spreads itself by stealing email addresses from the infected computer, spoofing or forging the "from: field." The worm includes the recipient's name, surrounded by percentage symbols, in the message subject line.

Note: Like W32/Netsky.p@MM, W32/Netsky.q@MM takes advantage of vulnerable versions of Internet Explorer 5.01 and 5.5 to automatically execute the virus on a user's system. McAfee recommends running Windows Update to ensure you have the latest patches for Internet Explorer.
Learn More about W32/Netsky.q@MM
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101145&cid=9938

Security warning for the 6-4-04
Please note that there is a new Bugbear threat; So please make sure you keep up to-date with your virus update signature's :)

Another variant of the W32/Netsky.MM virus, W32/Netsky.s@MM is a Medium Risk mass-mailing worm that arrives inside a .PIF attachment. When run, the worm tries to open a backdoor on TCP Port 6789, which can help a remote hacker download and execute potentially malicious programs on the infected system. W32/Netsky.s@MM will also launch a Denial of Service attack on various domains, including www.kazaa.com, starting in mid-April. The worm spreads itself by stealing email addresses from the infected computer, spoofing or forging the "from: field."
For further info
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101156&cid=9997

Win32.Netsky.V
Detection Published: April 14, 2004
Description Modified: April 15, 2004
Category: Win32
Also known as: HTML.Netsky.V, JS.Netsky.V, Win32/NetSky.V.Worm, W32/Netsky.v@MM (McAfee), I-Worm.Netsky.w (Kaspersky)
Win32.Netsky.V
Detection Published: April 14, 2004
Description Modified: April 15, 2004
Category: Win32
Also known as: HTML.Netsky.V, JS.Netsky.V, Win32/NetSky.V.Worm, W32/Netsky.v@MM (McAfee), I-Worm.Netsky.w (Kaspersky)
Description Method of Infection Method of Distribution Payload
Netsky.V is a worm that propagates by exploiting an object tag vulnerability. E-mail sent by the worm points to an IP address containing the worm executable and exploit script. This script exploits the vulnerability to download and execute the worm locally. The worm is a 19,432 byte, UPX-packed, encrypted, Win32 executable.
When executed, Netsky.V copies itself to
%Windows%\KasperskyAVEng.exe
and modifies the registry to ensure that this copy is executed at each Windows start:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run = "%Windows%\KasperskyAVEng.exe"
Note: '%Windows%' is a variable location. The worm determines the location of the current Windows folder by querying the operating system. The default installation location for the Windows directory for Windows 2000 and NT is C:\Winnt; for 95,98 and ME is C:\Windows; and for XP is C:\Windows.
The worm creates a mutex "_-=oOOSOkOyONOeOtOo=-_" to ensure only one copy of the worm is running on the system.
It also creates a further copy of itself to %Windows%\skyav.tmp.
Please note the risk factor of this worm has been raised to medium

Friday, April 16, 2004
Netsky.W worm found
Today we found another new Netsky variant: Netsky.W. It is similar to previous NetSky.P or NetSky.Q variants and it removes Bagle worm if it finds it on an infected computer.
Further info can be found here
http://www.f-secure.com/v-descs/netsky_w.shtml

VIRUS WARNING FOR THE 20-4-04
Hi all :)
We have had a lot of virus activity today so do please keep checking that you have the latest virus signature's updates for your software

Regards

THESE ARE THE LATEST VIRUS THREATS AS OF THE 26-4-04
Take a look at the latest virus threats including viruses, trojans, and worms.
> Bagle.W - Also known as: (Win32/Bagle.W.CPL, VBS/Bagle.W.HTML, Win32/Bagle.X (Eset), W32/Bagle.Y@mm (F-Secure), W32/Bagle.z@MM (McAfee))
> Omal.C - Also known as: (Trojan.Bookmarker.Gen (Symantec), Trojan.Win32.StartPage.fq (Kaspersky))
> Agobot - Also known as: (Backdoor.Agobot.3.gen (Kaspersky), Win32.Agobot.gen, TROJ_GAO, W32.Gaobot.gen!poly (Symantec), W32/Gaobot.worm.gen (McAfee), W32.HLLW.Gaobot (Symantec), W32.HLLW.Polybot (Symantec), Phatbot)

For more information on WORM_BAGLE.X, you can visit THIS Web site at:
http://www.symantec.com/avcenter/venc/data/w32.beagle.w@mm.html

VIRUS WARNINGS FOR THE 28-4-04
Hi Everyone :) Do please remember to make sure your anti virus software is fully up to date as most anti virus/Trojan software has been updated at least three times today

This is one of the worms causing all sorts of problems in the past couple of days
W32.Netsky.AB@mm
Discovered on: April 27, 2004
Last Updated on: April 28, 2004 04:34:34 PM

Symantec: W32.Netsky.AB@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ab@mm.html

SECURITY WARNING FOR THE 1-5-04
Hi all we have another serious outbreak
W32.Sasser.Worm
Discovered on: April 30, 2004
Last Updated on: May 01, 2004 12:00:08 PM
FOR FURTHER INFO ON THIS LATEST OUTBREAK
What You Should Know About the Sasser Worm
Posted: May 1, 2004
http://www.microsoft.com/security/incident/sasser.asp

SECURITY WARNING FOR THE 05.05.2004
"Sasser" Worm Infections Increase 43% During Second Day of Alert

WORM_SASSER Family Still Infecting Globally, Not Expected to Disappear Soon

May 5, 2004 – Trend Micro Inc. reports that according to its internal monitoring of virus activity, the WORM_SASSER family of variants continues to increase in infections. WORM_SASSER was first detected on May 1, 2004, and variants A through D have been under detection since May 3, 2004, and since then, Trend Micro has regarded this worm family as a “high” risk to computer users.

FOR FURTHER INFO
http://uk.trendmicro-europe.com/enterprise/about_us/spresse.php?&id=307

SECURITY WARNING FOR THE 20.05.2004
Like its predecessors, W32/Lovgate.ab@MM is a Medium Risk mass-mailing worm inside an email attachment that when run:
Drops a dangerous backdoor on an infected machine that can allow a remote hacker to steal information.
Infects executable programs.
Tries to disable anti-virus and security software.
Emails itself to a) stolen contacts or b) as replies to unread MS Outlook or Outlook Express messages on the infected machine, spoofing the "from: field".
FOR FURTHER INFO
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125301&cid=10244

Latest Threats
Real-time information about the latest threats to the security of your computers
Brief Description

Korgo.B is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.

Korgo.B listens to the TCP ports 113, 3067 and 2041 and connects to several IRC servers through the port 6667.

In addition, it is prepared for impeding the system shutdown.

Korgo.B only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.

If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.

Visible Symptoms

Korgo.B is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

However, having problems with the system shutdown can be a clear symptom that your computer has been affected by Korgo.B.

Last updated: May 25, 2004
For further information about these and other computer threats, visit Panda Software's Encyclopedia at:
http://www.pandasoftware.com/virus_info/threats.aspx

Win32.Mimail.W
Description Published: June 4, 2004
Description Modified: June 5, 2004
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39272

Latest Virus Threats, 14-6-04
http://securityresponse.symantec.com/avcenter/vinfodb.html

Latest Virus Threats, 14-6-04

Worm.Win32.Zafi.B Alert!
The new internet worm Zafi.B spreads very fast mainly via email attachments, but also via filesharing networks. The message subject and body text differs depending on the domain extension of the receiver's email address. Target email addresses are collected on the local computer and extracted from several files like temporary internet files and email addressbooks.

Infection
Once opened and installed, the worm sets an autorun entry at the system registry. If it is run, the worm spreads itself to all available email addresses. It also runs a module that attempts to flood some Hungarian websites.

The email text is available in many languages. The text advises the user to open the file attachment which seems to be a greating card. Here is an example of the English email:

Subject: You`ve got 1 VoiceMessage!
Body: Dear Customer!

You`ve got 1 VoiceMessage from voicemessage.com website!
Sender:
You can listen your Virtual VoiceMessage at the following link:
http://virt.voicemessage.com/index.listen.php2=35affv
or by clicking the attached link.

Send VoiceMessage! Try our new virtual VoiceMessage Empire!
Best regards: SNAF.Team (R).

Attachment: link.voicemessage.com.listen.index.php1Ab2c.pif

Zafi.B can be detected and removed with a² with the latest signature updates loaded. The a² background guard blocks the worm immediately if it is started.

A more detailed description of the worm can be found at the a² Malware Database:
http://www.emsisoft.com/en/malware/?Worm.Win32.Zafi.B

Latest Virus Threats, 17-6-04
PWSteal.Bamer.A
PWSteal.Bamer.A steals passwords when you visit Web sites the belong to certain banks.

One indication of possible infections is the display of the message:

Invalid Operation at 0000:FF15



Also Known As: PWS:Win32/Bamer [RAV]

Type: Trojan Horse
Infection Length: 402,808 bytes, 260,096 bytes



Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Systems Not Affected: DOS, EPOC, Linux, Macintosh, Macintosh OS X, Novell Netware, OS/2, UNIX, Windows 3.x, Windows 64-bit (AMD64), Windows 64-bit (IA64)

FOR FURTHER INFO
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bamer.a.html

W32.Korgo.I
Discovered on: June 07, 2004
Last Updated on: June 18, 2004 12:51:56 PM

W32.Korgo.I is a variant of W32.Korgo.F. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 3067, and other random ports (256-8191).




--------------------------------------------------------------------------------
Note: Symantec Security Response has developed a removal tool to clean the infections of W32.Korgo.I

http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.i.html

Latest Virus Threats, 28 6 04
Backdoor.Botex
Discovered on: June 27, 2004
Last Updated on: June 28, 2004 04:45:13 PM

Backdoor.Botex is a Backdoor Trojan horse that allows unauthorized, remote access to a compromised computer. It also attempts to steal system and user information.

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.botex.html

Current Threat as of 2-7-04

--------------------------------------------------------------------------------

W32/Lovgate.ad@MM
Medium Risk


http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126560&cid=11205

latest virus-related threats July 7, 2004
The list below provides a synopsis of the latest virus-related threats discovered by Symantec Security Response, including information on: Category Rating (risk), Name of Threat (threat), the day on which the threat was identified (discovered), and the day on which a virus definition was added to protect against the threat (protection). Please click on the name of the threat for additional information.
W32.Lovgate.AB@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.lovgate.ab@mm.html

Trojan.Ecure.C
http://securityresponse.symantec.com/avcenter/venc/data/trojan.ecure.c.html

Trojan.Ecure.B
http://securityresponse.symantec.com/avcenter/venc/data/trojan.ecure.b.html

latest virus-related threats July 10, 2004
W32.Korgo.X
Discovered on: July 09, 2004
Last Updated on: July 09, 2004 12:17:46 PM

http://securityresponse.symantec.com/avcenter/venc/data/w32.korgo.x.html

TDS WARNING FOR THE 12-7-04
Update for 12-07-2004: +24 references (+24 primaries)

[35749 references - 13992 primaries/9984 traces/11773 variants/other]


WARNING

Do not use the Radius file from the TDS site !!!
That file is corrupted.

Please get your copy of the new radius file at the Turvamies site:

http://radius.turvamies.com/radius.td3
__________________

Take a look at the latest virus threats including viruses, trojans, and worms.
as of the 16-7-04
http://www3.ca.com/securityadvisor/virusinfo/default.aspx

Worm.Win32.Bagle.AF Alert!
A new Bagle variant is spreading. Bagle.AF arrives via email as an attachment like all previous Bagle variants do. The email sender is spoofed to make it difficult to trace it back. Once the file attachment is run, the worm installs a backdoor trojan on the computer to enable remote administration. It seems that the worm author plans to create a large spam server farm which can be used to send tons of emails within a very short time. The installed trojan opens the port 1234 to receive control commands.

Bagle.AF can be detected and removed with a² using the latest signature updates. The a² personal background guard blocks the worm immediately if it is started.

A more detailed description of the worm can be found at the a² Malware Database:
http://www.emsisoft.com/en/malware/?Worm.Win32.Bagle.AF

latest virus-related threats July 19, 2004

Win32.Bagle.AC
Description Published: July 18, 2004
Description Modified: July 19, 2004
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39624

VIRUS ALERT:
Win32.Bagle.AE
RISK LEVEL: High







On Tuesday, July 20, 2004 , the CA Security Advisory Team is issuing an alert regarding a high risk level virus threat called Win32.Bagle.AE.

Further details can be found here

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39641

New Bagle Spreads Fast By Shutting Down Defenses

July 20, 2004
By Gregg Keizer, TechWeb News

The latest version of the mass-mailing worm aims to shut down a computer's anti-virus and firewall systems, leaving the machine open to further attacks.
By Gregg Keizer, TechWeb News

The latest Bagle three-worm wave includes one that's using a more aggressive twist on an old tactic, security firms said Tuesday.
Of the trio of Bagle variants that have hit the Internet since Saturday--that day's Bagle.ag, Sunday's Bagle.ah. and Monday's Bagle.ai--the worst is the also the most recent, said Patrick Hinojosa, chief technology officer at Panda Software. "When we saw it appear yesterday, it just sort of took off," Hinojosa said. As of midday Tuesday, it was the second-most prevalent worm on Panda's real-time list.
http://www.informationweek.com/story/showArticle.jhtml?articleID=23902534

Current Threat

--------------------------------------------------------------------------------

W32/Bagle.aq@MM
Medium Risk

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=127423&cid=11413

Dear nick,

Worm.Win32.Bagle.AL Alert!
Worm.Win32.Bagle.AL is a new variant in the Bagle worm family which arrives via email attachment and uses a faked sender email address. Like it's predecessors the worm comes with it's own SMTP engine to spread itself.

Worm.Win32.Bagle.AL emails look like this:

Subject: <empty>

Text: new price

The attachments has one of this file names:

price.zip
price2.zip
price_new.zip
price_08.zip
08_price.zip
newprice.zip
new_price.zip
new__price.zip

Bagle.AL can be detected and removed with a² using the latest signature updates. The a² personal background guard blocks the worm immediately if it is started.

A more detailed description of the worm can be found at the a² Malware Database:
http://www.emsisoft.com/en/malware/?Worm.Win32.Bagle.AL

MyDoom.S - MEDIUM RISK
McAfee, Trend, and other AV vendors have declared this as MEDIUM RISK due to prevelance in-the-wild.
http://www.f-secure.com/v-descs/mydoom_s.shtml

Doomed. Again.
Another variant makes the rounds

Yet another MyDoom variant is making the rounds this morning, Symantec rating it a category three on their security scale. Posing under the guise of humorous photos, the worm propagates by sending e-mails with the subject line: "photos" and message body "LOL!;))))". "System administrators may also want to block access to domains [www richcolour com] and zenandjuice.com from their network for a while," notes one analyst to the Register. "This variant tries to download components from these addresses but the sites themselves have nothing to do with the virus group."

Security Information



No Virus Alert
There are no medium or high risk alerts at this time.

LATEST THREAT AS IF 31-8-04

Bagle.AVThreat Level:
Brief Description

Bagle.AV is a worm that ends processes belonging to several antivirus update programs, among other applications.

Bagle.AV has been seeded via e-mail, in a message with "foto" subject and body. an attached file with a random name and a ZIP extension. This file contains an HTML file, together with a hidden EXE file. This executable file is run when the user opens the HTML file.

Once it has affected the computer, Bagle.AV attempts to download a fake JPG file from several websites. If successful, Bagle.AV will start spreading from the computer.
Visible Symptoms

Bagle.AV is easy to recognize, as it reaches the computer in an e-mail message with the following characteristics:

Subject:
foto
Message:
foto
Attachments:
The attached file is variable. It has a random name and a ZIP extension. It contains an HTML file, and a hidden EXE file.


Last updated: Aug. 31, 2004

http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?IdVirus=51651&sind=0

SECURITY WARNINGS FOR THE 1-9-04
1 Bagle.AW Worm 09/01/2004
2 Bagle.AV Worm 08/31/2004
Are still causing concern there has been a lot of activity today with many updates to the anti virus and Trojan software so do please make sure you are up to date

Warning: New MyDoom Variant is spreading
http://forum.emsisoft.com/viewtopic.php?p=9884

W32.IRCBot.G
Discovered on: September 07, 2004
Last Updated on: September 07, 2004 04:34:18 PM
W32.IRCBot.G is a Trojan horse program that opens a backdoor on the infected computer by connecting to an IRC server and receives commands from a remote attacker.

http://securityresponse.symantec.com/avcenter/venc/data/w32.ircbot.g.html

W32.Mydoom.Y@mm
Discovered on: September 15, 2004
Last Updated on: September 16, 2004 02:59:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.y@mm.html

W32.Mexer.E@mm
Discovered on: September 15, 2004
Last Updated on: September 16, 2004 09:33:46 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mexer.e@mm.html

Backdoor.Sdbot.AB
Discovered on: September 15, 2004
Last Updated on: September 16, 2004 02:05:58 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ab.html

Latest threats
Virus information
W32/Agobot-MX

http://www.sophos.com/virusinfo/analyses/w32agobotmx.html

FOR THE ATTENTION OF USERS OF THE Symantec Enterprise Firewall/VPN and Gateway Security 300 Series
SYM04-013
September 22, 2004
Symantec Enterprise Firewall/VPN and Gateway Security 300 Series Appliances Multiple Issues
Revision History
None

Risk Impact
High

Overview
Symantec resolved three high-risk vulnerabilities that had been identified in the Symantec Firewall/VPN Appliance 100, 200 and 200R models. The Symantec Gateway Security 320, 360 and 360R are vulnerable to only two of the issues, which have been resolved.

All of these vulnerabilities are remotely exploitable and can allow an attacker to perform a denial of service attack against the firewall appliance, identify active services in the WAN interface, and exploit one of these services to collect and alter the firewall's configuration. All three vulnerabilities are addressed and resolved in available updated firmware release builds.

Further information can be found here
http://www.sarc.com/avcenter/security/Content/2004.09.22.html

Latest threats
PWSteal.Bancos.M
Discovered on: September 28, 2004
Last Updated on: September 28, 2004 10:37:48 AM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.m.html

W32.Beagle.AR@mm
Discovered on: September 28, 2004
Last Updated on: September 28, 2004 01:00:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ar@mm.html

Trojan.Moo
Discovered on: September 28, 2004
Last Updated on: September 28, 2004 10:34:31 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.moo.html

Backdoor.Roxe
Discovered on: September 27, 2004
Last Updated on: September 28, 2004 10:10:54 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxe.html

W32.Randex.BLD
Discovered on: September 27, 2004
Last Updated on: September 28, 2004 10:15:31 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.bld.html

W32.Spybot.EAS
Discovered on: September 30, 2004
Last Updated on: October 01, 2004 10:54:54 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.eas.html

Trojan.AdRmove
Discovered on: October 07, 2004
Last Updated on: October 07, 2004 11:01:13 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.adrmove.html

JPEG/Exploit.gen
JPEG/Exploit.gen Destructivity: Spreading: Overall risk:
• Detected by virus detection files published:
• Virus characteristics first published: 11 Oct. 2004
• Virus characteristics latest update: 11 Oct. 2004
• Type: Security Risk
• Spreading mechanism:
• Overall risk: None

Type Spreading mechanism Destructivity & payload Additional descriptions Detection & removal

JPEG/Exploit.gen is a generic detection for all JPEGs that exploit the vulnerability described in “Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)"

http://www.norman.com/Virus/Virus_descriptions/17903/en

MSN Messenger hit by virus, outage
http://news.zdnet.co.uk/internet/0,39020369,39169941,00.htm

W32.Funner
Discovered on: October 11, 2004
Last Updated on: October 12, 2004 11:09:02 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.funner.html

W32.Netsky.AD@mm
Discovered on: October 13, 2004
Last Updated on: October 14, 2004 12:07:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ad@mm.html

Backdoor.Roxe.B
Discovered on: October 19, 2004
Last Updated on: October 19, 2004 02:48:18 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.roxe.b.html

W32.Mydoom.AG@mm
Discovered on: October 25, 2004
Last Updated on: October 26, 2004 04:51:55 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ag@mm.html

W32.Netsky.AE@mm
Discovered on: October 25, 2004
Last Updated on: October 26, 2004 12:32:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ae@mm.html

Backdoor.Sdbot.AE
Discovered on: October 25, 2004
Last Updated on: October 25, 2004 04:36:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ae.html

10-29-04
W32.Beagle.AV@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.av@mm.html

2
10-29-04
W32.Beagle.AW@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.aw@mm.html

2
10-29-04
W32.Beagle.AU@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.au@mm.html


1
10-29-04
W32.Beagle@mm!cpl

http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle@mm!cpl.html

Trojan.Ducky.C
Discovered on: October 30, 2004
Last Updated on: November 01, 2004 05:35:15 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.ducky.c.html

Important information about a² and all related news.

Flux spreads wider

Flux is the name of a new pest spreading covertly through the internet. Flux is a trojan that is making the life of most anti malware vendors much harder.

Flux is a reverse backdoor type of trojan. Reverse means that rather than the infected machine waiting for a connection to be made from outside, the infected machine trys to make the connection itself. Standard trojans are made up of two parts - the server and the client.

The client is downloaded to infect the machine. The server is another pc somewhere in the world that then tries to communicate with the client. The problem with standard trojans is that if the infected machine has a good firewall, then the server cannot connect to the client. So although the machine is infected, no data is transferred to the server from the client.

To overcome the blocked connection, malware writers now use this reverse logic to make the client machine responsible for the connection. Many standard firewalls will block requests coming in from the internet to connect, but do not block about outgoing requests to connect. Trojans like flux can therefore operate even through most firewalls.

The really dangerous thing about Flux is not its ability to use this reverse connection feature, but the way that feature is implemented. Flux introduces a new technique of code injection. Code Injecting is a term that describes ways to execute code in other processes. Until now Code Injection worked by loading a DLL file into a foreign process - much like the cookoo lays an egg in another birds nest. This method (called DLL Injection) is quite easy to detect as the anti-malware program just asks the process which DLLs it uses - a trojan DLL is one that is not on the list generated.

Flux doesn't use a DLL. Flux writes its connection code directly into a host process and executes it there. Apart from the fact that this behaviour would circumwent several Desktop Firewalls, it also makes Flux nearly invisible to current anti malware software because the Flux code isn't linked to any module or DLL of the process and will be simply overlooked by anti malware software. That makes complete cleaning very difficult.

Here at a² we have already thought about trojans using this direct injection method and why we already developed an advanced memory scan for a² v2.0 that can detect trojans using this technique. Version 2.0 is not quite ready for release but due to trojans like Flux we have decided to provide our customers with the advanced memory scan now.

What does all this mean for you?
a² is one of the first anti malware product that is able to detect and deactivate Flux. On top of that we have also developed a special free detection tool. This tool allows users of other anti-malware software to benefit from a² anti-malware technology too. The free tool detects and terminates an active Flux to ensure a proper cleaning of the infection.

You can download the free Flux Scanner tool from the a² download page:
http://www.emsisoft.com/en/software/download


Sincerely yours,

Your a² Team
http://www.emsisoft.com

Backdoor.IRC.Bifrut
Discovered on: November 08, 2004
Last Updated on: November 08, 2004 10:31:10 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.bifrut.html

W32.Gaobot.BQJ
Discovered on: November 08, 2004
Last Updated on: November 08, 2004 10:16:13 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.bqj.html

11-10-04
W32.Mydoom.AJ@mm
Discovered on: November 10, 2004
Last Updated on: November 10, 2004 04:11:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.aj@mm.html

11-10-04
Trojan.Beagooz.D
Discovered on: November 10, 2004
Last Updated on: November 10, 2004 04:03:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.beagooz.d.html


11-10-04
Trojan.Moo.B
Discovered on: November 10, 2004
Last Updated on: November 10, 2004 04:43:42 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.moo.b.html

11-09-04
W32.Orpheus.A
Discovered on: November 09, 2004
Last Updated on: November 10, 2004 04:45:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.orpheus.a.html

11-08-04
W32.Mydoom.AI@mm
Discovered on: November 08, 2004
Last Updated on: November 10, 2004 04:12:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ai@mm.html

latest virus-related threats
http://securityresponse.symantec.com/avcenter/vinfodb.html

W32.Envid.A@mm
Discovered on: November 13, 2004
Last Updated on: November 15, 2004 12:01:30 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.envid.a@mm.html

W32.Beagle.AX@mm
Discovered on: November 15, 2004
Last Updated on: November 16, 2004 02:02:53 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ax@mm.html

Ng.695
Discovered on: November 16, 2004
Last Updated on: November 17, 2004 11:49:50 AM
http://securityresponse.symantec.com/avcenter/venc/data/ng.695.html

Backdoor.Berbew.L
Discovered on: November 16, 2004
Last Updated on: November 16, 2004 02:16:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.l.html

Backdoor.Netjoe
Discovered on: November 16, 2004
Last Updated on: November 16, 2004 12:29:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.netjoe.html

W32.Sober.I@mm
Discovered on: November 19, 2004
Last Updated on: November 19, 2004 06:51:46 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.i@mm.html

SymbOS.Skulls
Discovered on: November 19, 2004
Last Updated on: November 19, 2004 01:30:49 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.skulls.html

Warning! Worm.Win32.Sober.I!

The latest version of the Sober worm is spreading fast. As with it's predecessors, Sober.I spreads by email attachments. The email text suggests that it is an error message from the mailserver and the undelivery report is attached.

Current email clients like Outlook or Outlook Express are able to block harmful file extensions like EXE, COM or SCR, but Sober.I sometimes comes packed in a ZIP file to bypass outlook security. The ZIP file itself is not harmful, but the content inside (an executable file with variable file name) contains the worm and must not be opened!

A more detailed description of the worm can be found at the a² Malware Database:
http://www.emsisoft.com/en/malware/?Worm.Win32.Sober.I

Sober.I can be detected and removed with a² Free and a² Personal with the latest signature updates. The latest versiona² Personal background guard will block the worm if it is started. Please run the a² Online-Update immediately and ensure that the new automatic update feature in a² Personal is enabled.

Backdoor.Jupdate
Discovered on: November 21, 2004
Last Updated on: November 22, 2004 12:15:22 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.jupdate.html

W32.Inzae.B@mm
Discovered on: November 23, 2004
Last Updated on: November 24, 2004 12:36:01 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.inzae.b@mm.html

Trojan.Favadd
Discovered on: November 24, 2004
Last Updated on: November 25, 2004 05:40:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.favadd.html

W32.Netsky.Z@mm!enc
Discovered on: December 03, 2004
Last Updated on: December 03, 2004 12:14:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.z@mm!enc.html (http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.z@mm%21enc.html)

Trojan.Wlogo
Discovered on: December 04, 2004
Last Updated on: December 05, 2004 04:46:58 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.wlogo.html



Trojan.Frutca
Discovered on: December 04, 2004
Last Updated on: December 06, 2004 04:51:06 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.frutca.html

W32.Atak.E@mm
Discovered on: December 07, 2004
Last Updated on: December 07, 2004 03:43:22 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.atak.e@mm.html

W32.Gaobot.BUU
Discovered on: December 07, 2004
Last Updated on: December 09, 2004 05:00:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.buu.html

W32.Maslan.A@mm
Discovered on: December 07, 2004
Last Updated on: December 09, 2004 05:25:17 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.maslan.a@mm.html

W32.Janx
Discovered on: December 11, 2004
Last Updated on: December 12, 2004 03:26:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.janx.html

This is a virus alert for W32/Zafi.D@mm,
a new member of the
Zafi family of mass-mailers. This worm started spreading
today, 14 December 2004, and has gained considerable
distribution in a short period of time.

VBS.Sorpe.A@mm
Discovered on: December 14, 2004
Last Updated on: December 15, 2004 10:40:45 AM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.sorpe.a@mm.html

W32.Erkez.D@mm
Discovered on: December 14, 2004
Last Updated on: December 15, 2004 03:34:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.d@mm.html

W32.PEQ@mm
Discovered on: December 20, 2004
Last Updated on: December 20, 2004 12:00:04 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.peq@mm.html

W97M.Sapattra
Discovered on: December 22, 2004
Last Updated on: December 22, 2004 04:39:40 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.peq@mm.html

W32.Envid.C@mm
Discovered on: December 22, 2004
Last Updated on: December 22, 2004 12:06:06 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.envid.c@mm.html

Perl.Santy.B
Discovered on: December 25, 2004
Last Updated on: December 26, 2004 08:25:28 AM
http://securityresponse.symantec.com/avcenter/venc/data/perl.santy.b.html


Perl.Santy.C
Discovered on: December 25, 2004
Last Updated on: December 26, 2004 11:02:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/perl.santy.c.html

Backdoor.Lifefournow
Discovered on: December 28, 2004
Last Updated on: December 28, 2004 12:23:18 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lifefournow.html

W32.Protoride.B
Discovered on: December 28, 2004
Last Updated on: December 29, 2004 12:17:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.protoride.b.html

Backdoor.Zins
Discovered on: January 01, 2005
Last Updated on: January 01, 2005 10:05:40 AM

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zins.html

W32.Rahack
Discovered on: January 06, 2005
Last Updated on: January 06, 2005 11:30:54 AM

http://securityresponse.symantec.com/avcenter/venc/data/w32.rahack.html



Backdoor.Alets.B
Discovered on: January 06, 2005
Last Updated on: January 06, 2005 11:07:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.alets.b.html

Trojan.Hako
Discovered on: January 06, 2005
Last Updated on: January 06, 2005 11:13:51 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.hako.html

Backdoor.XTS.B
Discovered on: January 06, 2005
Last Updated on: January 07, 2005 10:23:38 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.xts.b.html

Backdoor.Tjserv.C
Discovered on: January 06, 2005
Last Updated on: January 07, 2005 11:19:45 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tjserv.c.html

W32.Linkbot.H
Discovered on: January 12, 2005
Last Updated on: January 12, 2005 12:00:44 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.h.html
Backdoor.Ranky.Q
Discovered on: January 12, 2005
Last Updated on: January 12, 2005 12:15:07 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.q.html

Trojan.Wimad
Discovered on: January 12, 2005
Last Updated on: January 12, 2005 01:49:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.wimad.html

Backdoor.Ranky.R
Discovered on: January 12, 2005
Last Updated on: January 12, 2005 11:51:10 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ranky.r.html

W32.Zar.A@mm
Discovered on: January 18, 2005
Last Updated on: January 18, 2005 10:27:04 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.zar.a@mm.html

VBS.Rowam.A
Discovered on: January 18, 2005
Last Updated on: January 18, 2005 10:01:34 AM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.rowam.a.html

Downloader.Admincash
Discovered on: January 19, 2005
Last Updated on: January 19, 2005 02:53:37 PM
http://securityresponse.symantec.com/avcenter/venc/data/downloader.admincash.html

W32.Nodmin@mm
Discovered on: January 21, 2005
Last Updated on: January 22, 2005 12:30:49 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.nodmin@mm.html

W32.Mirsa.A@mm
Discovered on: January 21, 2005
Last Updated on: January 22, 2005 12:22:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mirsa.a@mm.html

Backdoor.Berbew.P
Discovered on: January 25, 2005
Last Updated on: January 25, 2005 10:40:31 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.p.html

W32.Ahker.B@mm
Discovered on: January 26, 2005
Last Updated on: January 26, 2005 04:37:52 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.b@mm.html

W32.Mydoom@mm Removal Tool January 26, 2004

--------------------------------------------------------------------------------

W32.Mydoom@mm Removal Tool

Discovered on: January 26, 2004
Last Updated on: January 27, 2005 03:01:36 PM GMT
http://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.removal.tool.html
__________________

W32.Mugly.H@mm
Discovered on: January 31, 2005
Last Updated on: January 31, 2005 03:35:43 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mugly.h@mm.html

VBS.Gormlez@mm
Discovered on: January 31, 2005
Last Updated on: January 31, 2005 10:58:22 AM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.gormlez@mm.html

PWSteal.Bancos.N
Discovered on: January 31, 2005
Last Updated on: January 31, 2005 02:12:39 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.n.html

Virus information
W32/Bobax-F
http://www.sophos.com/virusinfo/analyses/w32bobaxf.html

W32.Dopbot
Discovered on: February 03, 2005
Last Updated on: February 04, 2005 12:32:14 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.dopbot.html

W32.Gaobot.CII
Discovered on: February 05, 2005
Last Updated on: February 06, 2005 11:24:30 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.cii.html

W32.Mydoom.AR@mm
Discovered on: February 07, 2005
Last Updated on: February 08, 2005 11:23:06 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ar@mm.html

Bloodhound.Exploit.25
Discovered on: February 08, 2005
Last Updated on: February 08, 2005 04:46:10 PM
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.25.html

PWSteal.Bankash.A
Discovered on: February 10, 2005
Last Updated on: February 10, 2005 12:59:00 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.bankash.a.html

W32.Mydoom.AU@mm
Discovered on: February 10, 2005
Last Updated on: February 10, 2005 09:54:25 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.au@mm.html

St Valentine's Day worm massacre
by David Quainton

Virus writers are targeting the world's lovers by creating Valentine's Day related malicious code. Two worms, Kipis-H and VBSWG-D, are spreading their love and destructive payload, via email and peer-to-peer networks.
Cashing in on nostalgic lovers VBSWG-D spreads under the subject line "First Love Story...!!!". The grumpy worm, echoing echoing the days of Al Capone, then swears at users before murdering the computer by shutting it down.

Victims receiving an email with the subject line "Happy Valentine's Day" will find the Kipis-H worm. It turns off anti-virus protection, inserts a trojan and forwards emails to other contacts.

"Virus writers will exploit any excuse to dupe innocent computer users," said Graham Cluley, senior technology consultant at Sophos. "Hackers send viral valentines to take control of users' PCs, steal personal information, or take screenshots of confidential information, usernames, passwords and credit card numbers."

Valentine's Day has traditionally been a bumper period for virus writers. Sophos claim The Love Bug worm, released in May 2000, was the biggest virus outbreak in history. Despite its ruinous nature the Filipino author was not prosecuted because of the embryonic nature of local computer crime laws.

www.sophos.com

Trojan.KillAV.E
Discovered on: February 15, 2005
Last Updated on: February 15, 2005 11:56:32 AM

http://securityresponse.symantec.com/avcenter/venc/data/trojan.killav.e.html

W32.Derdero.B@mm
Discovered on: February 19, 2005
Last Updated on: February 19, 2005 02:13:15 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.derdero.b@mm.html

What is it?
The latest in a wave of Medium Risk mass-mailing worms,W32/Mydoom.be@MM carries the dangerous BackDoor-CEB.f Trojan, which tries to disable anti-virus updating and help a remote user hijack an infected machine. Like earlier variants, the worm spreads using stolen email addresses harvested from the victim PC and search engine queries. Watch out for messages pretending to be fake bounces from Postmaster or Mail Administrator.

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=131868&cid=13692

This update courtesy of member N5638J
For Immediate Release
February 22 , 2005
Washington D.C.
FBI National Press Office

FBI ALERTS PUBLIC TO RECENT E-MAIL SCHEME

E-mails purporting to come from FBI are phony

Washington, D.C. - The FBI today warned the public to avoid falling victim to an on-going mass e-mail scheme wherein computer users receive unsolicited e-mails purportedly sent by the FBI. These scam e-mails tell the recipients that their Internet use has been monitored by the FBI’s Internet Fraud Complaint Center and that they have accessed illegal web sites. The e-mails then direct recipients to open an attachment and answer questions. The attachments contain a computer virus.

These e-mails did not come from the FBI. Recipients of this or similar solicitations should know that the FBI does not engage in the practice of sending unsolicited e-mails to the public in this manner.

Opening e-mail attachments from an unknown sender is a risky and dangerous endeavor as such attachments frequently contain viruses that can infect the recipient’s computer. The FBI strongly encourages computer users not to open such attachments.

The FBI takes this matter seriously and is investigating. Users receiving e-mails of this nature are encouraged to report it to the Internet Crime Complaint Center via http://www.ic3.gov/

W32.Beagle.BH@mm
Discovered on: March 01, 2005
Last Updated on: March 01, 2005 10:03:56 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bh@mm.html

Trojan.Tooso.C
Discovered on: March 01, 2005
Last Updated on: March 01, 2005 03:47:18 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.c.html

W32.Beagle.BG@mm
Discovered on: March 01, 2005
Last Updated on: March 01, 2005 10:17:38 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bg@mm.html

W32.Kobot.L
Discovered on: March 05, 2005
Last Updated on: March 06, 2005 03:29:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kobot.l.html

W32.Beagle.BK@mm
Discovered on: March 05, 2005
Last Updated on: March 05, 2005 12:22:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bk@mm.html

Backdoor.Haiyangweng
Discovered on: March 10, 2005
Last Updated on: March 10, 2005 12:54:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haiyangweng.html

Trojan.Tabela.B
Discovered on: March 10, 2005
Last Updated on: March 10, 2005 12:22:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tabela.b.html

W32.Toxbot
Discovered on: March 10, 2005
Last Updated on: March 10, 2005 03:28:57 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.toxbot.html

W32.Mytob.F@mm
Discovered on: March 14, 2005
Last Updated on: March 14, 2005 10:53:30 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.f@mm.html


Trojan.Adwareloader
Discovered on: March 14, 2005
Last Updated on: March 14, 2005 02:59:58 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.adwareloader.html

Trojan.Mdropper
Discovered on: March 19, 2005
Last Updated on: March 19, 2005 03:56:06 AM

http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.html

PWSteal.Bancos.S
Discovered on: March 21, 2005
Last Updated on: March 21, 2005 10:00:26 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.html

Trojan.Sientok
Discovered on: March 21, 2005
Last Updated on: March 21, 2005 02:02:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.sientok.html

W32.Sory.A
Discovered on: March 29, 2005
Last Updated on: March 29, 2005 10:22:17 AM

http://securityresponse.symantec.com/avcenter/venc/data/w32.sory.a.html

W32.Kelvir.K
Discovered on: March 31, 2005
Last Updated on: April 01, 2005 04:06:40 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.k.html

W32.Dreffort
Discovered on: April 05, 2005
Last Updated on: April 06, 2005 12:29:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.dreffort.html

W32.Randex.DFJ
Discovered on: April 05, 2005
Last Updated on: April 06, 2005 03:36:08 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.dfj.html

W32.Spybot.LXJ
Discovered on: April 05, 2005
Last Updated on: April 06, 2005 10:13:58 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.lxj.html

W32.Spybot.LZI
Discovered on: April 06, 2005
Last Updated on: April 06, 2005 11:07:31 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.lzi.html

X97M.Yini
Discovered on: April 06, 2005
Last Updated on: April 06, 2005 04:48:16 PM
http://securityresponse.symantec.com/avcenter/venc/data/x97m.yini.html

SymbOS.Fontal.A
Discovered on: April 06, 2005
Last Updated on: April 06, 2005 04:47:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.fontal.a.html

W32.Mytob.AN@mm
Discovered on: April 11, 2005
Last Updated on: April 11, 2005 11:59:50 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.an@mm.html

W32.Kelvir.W
Discovered on: April 15, 2005
Last Updated on: April 15, 2005 03:31:08 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.w.html

W32.Spybot.NPS
Discovered on: April 15, 2005
Last Updated on: April 15, 2005 01:46:10 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.nps.html

Trojan.Tooso.F
Discovered on: April 15, 2005
Last Updated on: April 15, 2005 03:30:08 PM http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.f.html

Trojan.Esteems
Discovered on: April 15, 2005
Last Updated on: April 15, 2005 04:05:15 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.esteems.html

W32.Kelvir.V
Discovered on: April 14, 2005
Last Updated on: April 15, 2005 01:01:19 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.v.html

W32.Kelvir.S
Discovered on: April 14, 2005
Last Updated on: April 15, 2005 11:16:45 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.s.html

W32.Kelvir.AA
Discovered on: April 18, 2005
Last Updated on: April 18, 2005 12:19:58 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.aa.html

W32.Kelvir.AH
Discovered on: April 22, 2005
Last Updated on: April 22, 2005 02:22:13 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.ah.html

W32.Spybot.OBB
Discovered on: April 22, 2005
Last Updated on: April 22, 2005 02:34:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.obb.html

Backdoor.Ripgof
Discovered on: April 22, 2005
Last Updated on: April 22, 2005 02:25:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ripgof.html

W32.Ahker.G@mm
Discovered on: April 21, 2005
Last Updated on: April 22, 2005 02:49:26 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.g@mm.html

W32.Spybot.OBZ
Discovered on: April 24, 2005
Last Updated on: April 24, 2005 07:44:14 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.obz.html

W32.Gaobot.DEY
Discovered on: April 27, 2005
Last Updated on: April 27, 2005 10:38:38 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.dey.html

W32.Allim.A
Discovered on: April 26, 2005
Last Updated on: April 27, 2005 02:54:15 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.allim.a.html

W32.Netsky.AI@mm
Discovered on: April 27, 2005
Last Updated on: April 28, 2005 12:18:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.ai@mm.html

W32.Kelvir.AX
Discovered on: April 28, 2005
Last Updated on: April 29, 2005 10:05:02 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.ax.html

W32.Topion.A
Discovered on: April 30, 2005
Last Updated on: April 30, 2005 09:49:24 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.topion.a.html

W32.Kelvir.BA
Discovered on: May 01, 2005
Last Updated on: May 01, 2005 04:09:22 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.ba.html

W32.Mytob.BU@mm
Discovered on: May 03, 2005
Last Updated on: May 03, 2005 11:34:15 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.bu@mm.html

W32.Sober.O@mm
Discovered on: May 02, 2005
Last Updated on: May 03, 2005 10:59:43 AM http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.o@mm.html

W32.Kelvir.BF
Discovered on: May 04, 2005
Last Updated on: May 05, 2005 12:16:07 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.bf.html

W32.Ezio.A@mm
Discovered on: May 06, 2005
Last Updated on: May 06, 2005 04:53:21 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.ezio.a@mm.html

VBS.Ypsan.E@mm
Discovered on: May 07, 2005
Last Updated on: May 07, 2005 10:52:10 AM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.ypsan.e@mm.html

W32.Mydoom.BO@mm
Discovered on: May 08, 2005
Last Updated on: May 08, 2005 04:19:50 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.bo@mm.html

W32.Beagle.BQ@mm
Discovered on: May 10, 2005
Last Updated on: May 10, 2005 01:33:21 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bq@mm.html

Trojan.Esteems.C
Discovered on: May 12, 2005
Last Updated on: May 12, 2005 05:01:41 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.esteems.c.html

W32.Linkbot.M http://securityresponse.symantec.com/avcenter/venc/data/w32.linkbot.m.html

W32.Yami.A
http://securityresponse.symantec.com/avcenter/venc/data/w32.yami.a.html

Trojan.Dazheb http://securityresponse.symantec.com/avcenter/venc/data/trojan.dazheb.html

W32.Mytob.CM@mm http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.cm@mm.html

W32.Spybot.PEN http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.pen.html

W32.Stubbot.A@mm http://securityresponse.symantec.com/avcenter/venc/data/w32.stubbot.a@mm.html

W32.Lanieca.B@mm
Discovered on: May 23, 2005
Last Updated on: May 23, 2005 01:18:49 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.lanieca.b@mm.html

W32.Mydoom.BU@mm
Discovered on: May 26, 2005
Last Updated on: May 26, 2005 01:13:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.bu@mm.html

W32.Mydoom.BU@mm
Discovered on: May 26, 2005
Last Updated on: May 27, 2005 09:55:09 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.bu@mm.html

W32.Kassbot.B
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 10:38:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kassbot.b.html

W32.Pinkton.A
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 02:27:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.pinkton.a.html


Trojan.Tooso.I
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 02:21:58 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.i.html

Backdoor.Omerta
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 09:26:39 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.omerta.html

Backdoor.Kotilla
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 09:43:34 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kotilla.html

Trojan.Abwiz.B
Discovered on: May 31, 2005
Last Updated on: May 31, 2005 02:51:25 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.abwiz.b.html

VBS.Ypsan.F@mm
Discovered on: June 01, 2005
Last Updated on: June 01, 2005 04:46:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.ypsan.f@mm.html

W32.Bobax.Z
Discovered on: June 03, 2005
Last Updated on: June 03, 2005 04:37:54 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.bobaxz.html

Download.BBX
Discovered on: June 03, 2005
Last Updated on: June 03, 2005 04:56:35 PM
http://securityresponse.symantec.com/avcenter/venc/data/download.bbx.html

W32.Spybot.PKC
Discovered on: June 06, 2005
Last Updated on: June 06, 2005 11:51:14 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.pkc.html


W97M.Minceme
Discovered on: June 06, 2005
Last Updated on: June 06, 2005 11:46:39 AM
http://securityresponse.symantec.com/avcenter/venc/data/w97m.minceme.html

PWSteal.Lemir
Discovered on: June 10, 2005
Last Updated on: June 10, 2005 12:37:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.lemir.html

W32.Mytob.DY@mm
Discovered on: June 09, 2005
Last Updated on: June 09, 2005 04:46:04 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.dy@mm.html

W32.Mytob.EY@mm
Discovered on: June 16, 2005
Last Updated on: June 16, 2005 03:56:34 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ey@mm.html

W32.Mytob.FA@mm
Discovered on: June 16, 2005
Last Updated on: June 16, 2005 03:46:27 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.fa@mm.html


W32.Mytob.EZ@mm
Discovered on: June 16, 2005
Last Updated on: June 16, 2005 11:37:42 AM http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ez@mm.html

Trojan.Chost.B
Discovered on: June 16, 2005
Last Updated on: June 16, 2005 04:32:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.chost.b.html

W97M.Arai.A
Discovered on: June 16, 2005
Last Updated on: June 17, 2005 01:42:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/w97m.arai.a.html

W32.Opanki.B
Discovered on: June 15, 2005
Last Updated on: June 16, 2005 09:21:07 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.b.html

W32.Beagle.BT@mm
Discovered on: June 18, 2005
Last Updated on: June 18, 2005 03:54:55 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.bt@mm.html

W32.Mytob.FO@mm
Discovered on: June 19, 2005
Last Updated on: June 19, 2005 01:36:46 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.fo@mm.html

Trojan.Floodblack
Discovered on: June 21, 2005
Last Updated on: June 21, 2005 11:10:42 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.floodblack.html

Backdoor.Nibu.L
Discovered on: June 21, 2005
Last Updated on: June 21, 2005 12:06:14 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.l.html

W32.Mytob.FX@mm
Discovered on: June 23, 2005
Last Updated on: June 23, 2005 02:45:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.fx@mm.html

W32.Mytob.FU@mm
Discovered on: June 22, 2005
Last Updated on: June 23, 2005 12:28:53 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.fu@mm.html

W32.Mytob.GC@mm
Discovered on: June 24, 2005
Last Updated on: June 25, 2005 10:55:33 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.gc@mm.html

W32.Kelvir.DQ
Discovered on: June 26, 2005
Last Updated on: June 26, 2005 04:40:32 PM

http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.dq.html

W32.Alcra.B
Discovered on: June 27, 2005
Last Updated on: June 27, 2005 12:38:52 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.b.html

W32.Meetot
Discovered on: June 28, 2005
Last Updated on: June 28, 2005 02:05:39 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.meetot.html

W32.Spybot.RDW
Discovered on: June 29, 2005
Last Updated on: June 29, 2005 12:26:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.rdw.html

W32.Mytob.GP@mm
Discovered on: June 30, 2005
Last Updated on: June 30, 2005 10:35:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.gp@mm.html

W32.Kelvir.DY
Discovered on: July 02, 2005
Last Updated on: July 02, 2005 12:59:11 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.dy.html

Backdoor.Berbew.T
Discovered on: July 05, 2005
Last Updated on: July 05, 2005 10:53:49 AM http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.t.html

Bloodhound.Exploit.40
Discovered on: July 07, 2005
Last Updated on: July 07, 2005 02:41:46 PM
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.40.html

The menace of Worms
http://www.emsisoft.com/en/kb/articles/tec050629/

Trojan.Aemonet
Discovered on: July 09, 2005
Last Updated on: July 09, 2005 11:04:58 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.aemonet.html

W32.Mytob.HH@mm
Discovered on: July 11, 2005
Last Updated on: July 11, 2005 11:55:22 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.hh@mm.html

W32.Mytob.HG@mm
Discovered on: July 11, 2005
Last Updated on: July 11, 2005 11:01:01 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.hg@mm.html

W32.Kelvir.ER
Discovered on: July 13, 2005
Last Updated on: July 13, 2005 11:47:10 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.er.html

W32.Mytob.HM@mm
Discovered on: July 14, 2005
Last Updated on: July 14, 2005 12:40:04 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.hm@mm.html

W32.Reatle.C@mm
Discovered on: July 15, 2005
Last Updated on: July 16, 2005 02:54:45 PM

http://securityresponse.symantec.com/avcenter/venc/data/w32.reatle.c@mm.html

W32.Mytob.IA@mm
Discovered on: July 18, 2005
Last Updated on: July 18, 2005 10:47:51 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ia@mm.html

W32.Mytob.IC@mm
Discovered on: July 19, 2005
Last Updated on: July 19, 2005 05:11:24 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ic@mm.html

W32.Opanki.D
Discovered on: July 21, 2005
Last Updated on: July 21, 2005 01:11:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.opanki.d.html

W32.Mytob.IH@mm
Discovered on: July 25, 2005
Last Updated on: July 25, 2005 11:28:26 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ih@mm.html

BAT.Trojan
Discovered on: July 27, 2005
Last Updated on: July 27, 2005 09:32:05 AM
http://securityresponse.symantec.com/avcenter/venc/data/bat.trojan.html

W32.Mytob.IK@mm
Discovered on: July 29, 2005
Last Updated on: July 29, 2005 12:17:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ik@mm.html

PWSteal.Wowcraft
Discovered on: July 30, 2005
Last Updated on: July 31, 2005 08:01:05 AM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.wowcraft.html

W32.Bratle.A
Discovered on: July 31, 2005
Last Updated on: August 01, 2005 03:05:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.bratle.a.html

Backdoor.Mousey
Discovered on: August 05, 2005
Last Updated on: August 05, 2005 05:08:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mousey.html

W32.Zotob.B
Discovered on: August 14, 2005
Last Updated on: August 15, 2005 03:03:18 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.b.html

Important information about current security risks.

Mytob (Zotob) Worm Alert!

The latest variants of the Mytob worm use a vulnerability in the Windows Plug&Play interface to infect Windows systems. a-squared detects the worm as Net-Worm.Win32.Mytob.cd, Mytob.cf, Mytob.ch and its automatically installed backdoor trojan as Backdoor.Win32.IRCBot.et. Online newspapers usually use the name Zotob-Worm.

The vulnerability mainly affects Windows 2000, but may be used to exploit Windows XP and 2003 Servers too, Microsoft says. Windows 98 and ME systems are not affected.

Once active, the worm downloads an IRC backdoor trojan from the internet which is used to remotely control the computer.

Protection:

Ensure, that you have already applied the Windows patch with the number KB899588 with your system. You can download the patch on the Microsoft website or use the automatic Windows-Update to install it automatically.

KB899588:
http://www.microsoft.com/technet/security/bulletin/ms05-039.mspx

CURRENT THREAT W32/IRCbot.worm!MS05-039
High Risk
Virus Alert

What is it?
A fast-spreading Internet Relay Chat (IRC) bot worm affecting systems worldwide, W32/IRCbot.worm!MS05-039 exploits a recently announced Microsoft operating system vulnerability to spread and possibly help a remote hacker control an infected system.

You can be infected simply by going online. Once infected, your system may continually reboot.

What can I do?

Besides making sure you have the latest VirusScan® virus definition updates installed, always recommends installing operating system patches from Microsoft. Learn more here.
http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx?cid=16000

How do I know if I've been infected?

The virus copies itself to the Windows System directory (e.g. C:\Windows\System32\ on Windows XP) as WINTBP.EXE.

The file can be run automatically by exploiting the MS05-039 vulnerability or by a user directly executing the worm.

Should you find yourself infected then you can run the stinger tool which can be found here
http://www.majorgeeks.com/McAfee_AVERT_Stinger_d4063.html

08/17/05: The biggest virus epidemic since Klez, Zotob (Bozori) worm strikes down Windows 2000/XP systems!
Please be aware of the new dangerous worm firstly discovered this Tuesday. It attacks computer systems using Microsoft operating systems and shuts down computers all over the world. While the worm affects primary computers running Windows 2000, it’s also possible to get infected with some early versions of WindowsXP.

Symptoms of Zotob (Bozori) worm include the repeated shutdown and rebooting of a computer.


Do please make sure you are currently up to date on all your anti virus/ Trojan software

Backdoor.Darkmoon
Discovered on: August 19, 2005
Last Updated on: August 19, 2005 11:44:32 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.darkmoon.html

W32.Gaobot.DXO
Discovered on: August 22, 2005
Last Updated on: August 22, 2005 10:58:23 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.dxo.html

W32.Spybot.UOL
Discovered on: August 22, 2005
Last Updated on: August 22, 2005 04:25:49 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.uol.html

W32.Zotob.J@mm
Discovered on: August 23, 2005
Last Updated on: August 23, 2005 02:58:03 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.j@mm.html

W32.Zotob.K
Discovered on: August 24, 2005
Last Updated on: August 24, 2005 12:23:55 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.k.html

Backdoor.Mepcod
Discovered on: August 24, 2005
Last Updated on: August 24, 2005 12:35:11 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.mepcod.html

W32.Kelvir.HI
Discovered on: August 23, 2005
Last Updated on: August 24, 2005 12:35:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html

W32.Zotob.L
Discovered on: August 25, 2005
Last Updated on: August 25, 2005 11:48:51 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.zotob.l.html



W32.Reatle.I@mm
Discovered on: August 25, 2005
Last Updated on: August 25, 2005 04:02:12 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.reatle.i@mm.html


W32.Mytob.JF@mm
Discovered on: August 25, 2005
Last Updated on: August 25, 2005 11:11:07 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.jf@mm.html

Trojan.Webus.I
Discovered on: August 27, 2005
Last Updated on: August 27, 2005 11:37:49 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.webus.i.html

W32.Mytob.JH@mm
Discovered on: August 29, 2005
Last Updated on: August 29, 2005 09:45:53 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.jh@mm.html

W97M.Anisc.B
Discovered on: August 31, 2005
Last Updated on: August 31, 2005 05:02:29 PM http://securityresponse.symantec.com/avcenter/venc/data/w97m.anisc.b.html

Backdoor.Graybird.O
Discovered on: September 01, 2005
Last Updated on: September 01, 2005 10:59:13 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.o.html

SYM05-013
September 02, 2005
Local LiveUpdate server username / password information revealed by client
Discovery Date:
August 31, 2005 - Bugtraq posting (Vulnerability in Symantec Anti Virus Corporate Edition v9.x)

Revision History
None

Risk Impact
Medium

Remote Access Yes
Local Access Yes
Authentication Required Yes
Exploit publicly available No


Details
LiveUpdate server login name and password are written to a local log file in clear text. This happens when the LiveUpdate client checks for updates from the server. This is only an issue when a local LiveUpdate server is used with a login name and password.

The login name and password belong to the account configured by the LiveUpdate server administrator for accessing LiveUpdate packages. Symantec strongly recommends that this user account be unique for accessing LiveUpdate packages only, and have no other system access. The system administrator account should never be used for this purpose.

Note: As stated in the LiveUpdate download readme file: LiveUpdate version 2.7.x does not support the LiveUpdate Administration Utility, Version 1.5.x. If you are running a system as a Central LiveUpdate server please go to http://www.symantec.com/techsupp/files/lu/lu.html and download Version 1.5.4.15 update for the LiveUpdate Administration Utility.

Affected Products

Product Version Build Solution
LiveUpdate Client 2.7 34 LiveUpdate Client Update


Non-Affected Products

Product Version Build
LiveUpdate Client 2.5 All
LiveUpdate Client 2.6 All


Symantec Response
An update for the LiveUpdate 2.7 client has been released and can be downloaded from the following location:

http://www.symantec.com/techsupp/files/lu/lu.html

Symantec is not aware of any active attempts against or organizations impacted by this issue.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.

Credit
Symantec thanks Arthur Freyman, for notification of this issue and coordination of disclosure as it was resolved.


--------------------------------------------------------------------------------

Symantec takes the security and proper functionality of its products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability guidelines outlined by the National Infrastructure Advisory Council (NIAC). Please contact secure@symantec.com if you feel you have discovered a potential or actual security issue with a Symantec product. A Symantec Product Security team member will contact you regarding your submission.

Symantec has developed a Product Vulnerability Handling Process document outlining the process we follow in addressing suspected vulnerabilities in our products. We support responsible disclosure of all vulnerability information in a timely manner to protect Symantec customers and the security of the Internet as a result of vulnerability. This document is available from the location provided below.

Symantec strongly recommends using encrypted email for reporting vulnerability information to secure@symantec.com. The Symantec Product Security PGP key can be obtained from the location provided below.

http://securityresponse.symantec.com/avcenter/security/Content/2005.09.02.html

W32.Spybot.WON
Discovered on: September 07, 2005
Last Updated on: September 08, 2005 12:13:41 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.won.html

W32.Mytob.JI@mm
Discovered on: September 09, 2005
Last Updated on: September 09, 2005 04:14:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ji@mm.html

Backdoor.Graybird.Q
Discovered on: September 10, 2005
Last Updated on: September 10, 2005 01:11:27 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.q.html

Trojan.Hugesot
Discovered on: September 11, 2005
Last Updated on: September 11, 2005 04:17:08 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.hugesot.html

W32.Starimp
Discovered on: September 12, 2005
Last Updated on: September 12, 2005 02:41:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.starimp.html

W32.Kelvir.II
Discovered on: September 14, 2005
Last Updated on: September 14, 2005 10:12:32 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.ii.html

VBS.Inker.B@mm
Discovered on: September 13, 2005
Last Updated on: September 14, 2005 10:37:54 AM
http://securityresponse.symantec.com/avcenter/venc/data/vbs.inker.b@mm.html

W32.Esbot.D
Discovered on: September 14, 2005
Last Updated on: September 15, 2005 03:46:56 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.esbot.d.html

W32.Iberio
Discovered on: September 16, 2005
Last Updated on: September 16, 2005 11:37:10 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.iberio.html

W32.Pexmor@mm
Discovered on: September 16, 2005
Last Updated on: September 16, 2005 04:47:25 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.pexmor@mm.html

W32.Looked.F
Discovered on: September 18, 2005
Last Updated on: September 18, 2005 06:00:35 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.looked.f.html

Trojan.Tooso.O
Discovered on: September 19, 2005
Last Updated on: September 19, 2005 10:54:20 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.o.html

Trojan.Tooso.P
Discovered on: September 19, 2005
Last Updated on: September 19, 2005 11:34:58 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.p.html

W32.Peerload.A
Discovered on: September 18, 2005
Last Updated on: September 19, 2005 04:48:11 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.peerload.a.html

W32.Ahker.N@mm
Discovered on: September 20, 2005
Last Updated on: September 20, 2005 02:23:51 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.ahker.n@mm.html

Trojan.Tooso.Q
Discovered on: September 20, 2005
Last Updated on: September 20, 2005 02:55:04 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.q.html

Trojan.Tooso.O
Discovered on: September 19, 2005
Last Updated on: September 20, 2005 02:53:02 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.tooso.o.html

W32.Mytob.JS@mm
Discovered on: September 21, 2005
Last Updated on: September 21, 2005 01:46:53 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.js@mm.html

Backdoor.Brakkeshell
Discovered on: September 21, 2005
Last Updated on: September 21, 2005 05:13:21 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.brakkeshell.html


PWSteal.Ragnarok
Discovered on: September 21, 2005
Last Updated on: September 21, 2005 03:51:47 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.ragnarok.html

Discovered on: September 22, 2005
Last Updated on: September 22, 2005 10:06:36 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.lanieca.i@mm.html

SymbOS.Cardtrp.A
Discovered on: September 22, 2005
Last Updated on: September 22, 2005 05:22:36 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.cardtrp.a.html

Keylogger.Stranget
Discovered on: September 22, 2005
Last Updated on: September 22, 2005 10:02:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/keylogger.stranget.html

SymbOS.Cardtrp.B
Discovered on: September 23, 2005
Last Updated on: September 23, 2005 03:16:00 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.cardtrp.b.html

W32.Lanieca.I@mm
Discovered on: September 22, 2005
Last Updated on: September 23, 2005 03:18:00 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.lanieca.i@mm.html

W32.Erkez.F@mm
Discovered on: September 25, 2005
Last Updated on: September 25, 2005 10:10:21 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.f@mm.html

W32.Autex.C
Discovered on: September 24, 2005
Last Updated on: September 24, 2005 11:05:34 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.autex.c.html

W32.Netsky.AN@mm
Discovered on: September 26, 2005
Last Updated on: September 26, 2005 02:21:29 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.an@mm.html

PWSteal.Gamanlock
Discovered on: September 27, 2005
Last Updated on: September 27, 2005 03:09:35 PM http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.gamanlock.html

Trojan.Mdropper.C
Discovered on: September 28, 2005
Last Updated on: September 28, 2005 12:10:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.c.html

Backdoor.Novacal
Discovered on: September 29, 2005
Last Updated on: September 29, 2005 11:47:31 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.novacal.html

W32.Alcra.D
Discovered on: September 28, 2005
Last Updated on: September 29, 2005 02:58:32 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.alcra.d.html

Backdoor.Sparta.D
Discovered on: September 30, 2005
Last Updated on: September 30, 2005 05:41:39 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sparta.d.html

Trojan.Startpage.Q
Discovered on: September 30, 2005
Last Updated on: September 30, 2005 04:43:48 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.q.html

W32.Mytob.JW@mm
Discovered on: October 03, 2005
Last Updated on: October 03, 2005 04:21:32 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.jw@mm.html

W32.Comdor.K@mm
Discovered on: October 05, 2005
Last Updated on: October 05, 2005 05:27:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.comdor.k@mm.html

W32.Spybot.YCL
Discovered on: October 04, 2005
Last Updated on: October 05, 2005 02:56:15 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.ycl.html

Backdoor.Tjserv.D
Discovered on: October 04, 2005
Last Updated on: October 04, 2005 11:42:26 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tjserv.d.html

W32.Erkez.G@mm
Discovered on: October 06, 2005
Last Updated on: October 07, 2005 04:32:36 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.erkez.g@mm.html

W32.Beagle.CK@mm
Discovered on: October 06, 2005
Last Updated on: October 07, 2005 11:00:17 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ck@mm.html

W32.Mytob.KC@mm
Discovered on: October 06, 2005
Last Updated on: October 07, 2005 11:14:49 AM http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.kc@mm.html

Trojan.Satiloler
Discovered on: October 06, 2005
Last Updated on: October 07, 2005 04:31:23 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.satiloler.html

Trojan.PSPBrick
Discovered on: October 06, 2005
Last Updated on: October 06, 2005 04:43:16 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.pspbrick.html

W32.Sober.Q@mm
Discovered on: October 05, 2005
Last Updated on: October 07, 2005 12:02:57 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.q@mm.html

W32.Toxbot.AL
Discovered on: October 07, 2005
Last Updated on: October 09, 2005 01:21:45 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.toxbot.al.html

W32.Beagle.CL@mm
Discovered on: October 07, 2005
Last Updated on: October 09, 2005 01:23:38 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.cl@mm.html

Backdoor.Nibu.O
Discovered on: October 10, 2005
Last Updated on: October 10, 2005 12:45:09 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nibu.o.html

W32.Mytob.KM@mm
Discovered on: October 12, 2005
Last Updated on: October 12, 2005 04:59:31 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.km@mm.html

Backdoor.Graybird.R
Discovered on: October 12, 2005
Last Updated on: October 12, 2005 03:05:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.r.html

Bloodhound.Exploit.48
Discovered on: October 11, 2005
Last Updated on: October 11, 2005 04:53:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.48.html

W32.Mytob.KP@mm
Discovered on: October 14, 2005
Last Updated on: October 14, 2005 11:14:47 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.kp@mm.html

W32.Rontokbro.D@mm
Discovered on: October 12, 2005
Last Updated on: October 14, 2005 10:57:43 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.rontokbro.d@mm.html

W32.Mytob.KU@mm
Discovered on: October 16, 2005
Last Updated on: October 15, 2005 11:09:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ku@mm.html

W32.Mytob.KR@mm
Discovered on: October 15, 2005
Last Updated on: October 15, 2005 11:05:35 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.kr@mm.html

W32.Spybot.YQW
Discovered on: October 15, 2005
Last Updated on: October 15, 2005 04:28:31 PM http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.yqw.html

W32.Mytob.LE@mm
Discovered on: October 17, 2005
Last Updated on: October 18, 2005 02:08:40 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.le@mm.html

W32.Dabora.A@mm
Discovered on: October 17, 2005
Last Updated on: October 18, 2005 05:19:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.dabora.a@mm.html

W32.Fanbot.A@mm
Discovered on: October 17, 2005
Last Updated on: October 18, 2005 02:08:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.fanbot.a@mm.html

W32.Mytob.LD@mm
Discovered on: October 17, 2005
Last Updated on: October 18, 2005 11:52:24 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ld@mm.html

W32.Mytob.KU@mm
Discovered on: October 16, 2005
Last Updated on: October 18, 2005 10:17:32 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ku@mm.html

W32.Mytob.KR@mm
Discovered on: October 15, 2005
Last Updated on: October 18, 2005 10:13:19 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.kr@mm.html

Backdoor.Darkmoon.B
Discovered on: October 21, 2005
Last Updated on: October 21, 2005 04:28:17 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.darkmoon.b.html

Trojan.Gamqowi
Discovered on: October 20, 2005
Last Updated on: October 20, 2005 03:15:49 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.gamqowi.html

Trojan.Elzio.A
Discovered on: October 22, 2005
Last Updated on: October 22, 2005 09:37:00 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.elzio.a.html

PWSteal.Wowcraft.B
Discovered on: October 22, 2005
Last Updated on: October 22, 2005 04:17:09 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.wowcraft.b.html

Backdoor.Darkmoon.B
Discovered on: October 21, 2005
Last Updated on: October 22, 2005 12:42:52 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.darkmoon.b.html

Backdoor.Hesive.dr
Discovered on: October 21, 2005
Last Updated on: October 22, 2005 12:43:22 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hesive.dr.html

PWSteal.Tarno.P
Discovered on: October 24, 2005
Last Updated on: October 24, 2005 05:04:17 PM
http://securityresponse.symantec.com/avcenter/venc/data/pwsteal.tarno.p.html

W32.Mocbot.A
Discovered on: October 23, 2005
Last Updated on: October 24, 2005 02:35:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mocbot.a.html

Bloodhound.Exploit.51
Discovered on: October 23, 2005
Last Updated on: October 24, 2005 11:18:08 AM
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.51.html

Bloodhound.Exploit.50
Discovered on: October 23, 2005
Last Updated on: October 24, 2005 11:16:25 AM
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.50.html

Backdoor.Eparssa
Discovered on: October 23, 2005
Last Updated on: October 23, 2005 04:29:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.eparssa.html

Trojan.Elzio.A
Discovered on: October 22, 2005
Last Updated on: October 22, 2005 09:37:00 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.elzio.a.html

W32.Mydoom.FP@mm
Discovered on: October 25, 2005
Last Updated on: October 25, 2005 11:48:25 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.fp@mm.html

Trojan.Finfanse
Discovered on: October 25, 2005
Last Updated on: October 25, 2005 09:58:07 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.finfanse.html

Trojan.Zlob.D
Discovered on: October 25, 2005
Last Updated on: October 25, 2005 04:58:09 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.zlob.d.html

W97M.Exedrop
Discovered on: October 25, 2005
Last Updated on: October 25, 2005 11:21:03 AM
http://securityresponse.symantec.com/avcenter/venc/data/w97m.exedrop.html

W32.Looksky.B
Discovered on: October 25, 2005
Last Updated on: October 25, 2005 11:18:42 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.looksky.b.html

Trojan.Popper
Discovered on: October 25, 2005
Last Updated on: October 25, 2005 12:17:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.popper.html

Backdoor.Bifrose.D
Discovered on: October 26, 2005
Last Updated on: October 26, 2005 02:14:39 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.bifrose.d.html

Trojan.Goldun.G
Discovered on: October 27, 2005
Last Updated on: October 28, 2005 11:42:03 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.goldun.g.html

W32.Loxbot.B
Discovered on: October 31, 2005
Last Updated on: October 31, 2005 10:22:48 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.loxbot.b.html

W32.Mytob.LM@mm
Discovered on: October 31, 2005
Last Updated on: October 31, 2005 01:20:07 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.lm@mm.html

Backdoor.Civcat
Discovered on: October 31, 2005
Last Updated on: October 31, 2005 12:54:03 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.civcat.html

Backdoor.Sedepex
Discovered on: October 31, 2005
Last Updated on: October 31, 2005 10:11:47 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sedepex.html

W32.Beagle.CO@mm
Discovered on: November 03, 2005
Last Updated on: November 03, 2005 01:03:29 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.co@mm.html

Backdoor.Zagaban
Discovered on: November 03, 2005
Last Updated on: November 03, 2005 11:42:45 AM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zagaban.html

Trojan.Lodear.C
Discovered on: November 03, 2005
Last Updated on: November 03, 2005 02:43:04 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodear.c.html

Trojan.Bankem
Discovered on: November 03, 2005
Last Updated on: November 03, 2005 02:50:35 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.bankem.html

W32.Beagle.CN@mm
Discovered on: November 02, 2005
Last Updated on: November 03, 2005 12:16:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.cn@mm.html

W32.Monikey@mm
Discovered on: November 02, 2005
Last Updated on: November 03, 2005 02:43:32 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.monikey@mm.html

Backdoor.Haxdoor.G
Discovered on: November 04, 2005
Last Updated on: November 04, 2005 03:12:49 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.g.html

Trojan.Lodear.D
Discovered on: November 04, 2005
Last Updated on: November 04, 2005 02:30:44 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodear.d.html

Backdoor.Zagaban
Discovered on: November 03, 2005
Last Updated on: November 04, 2005 01:53:20 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.zagaban.html

Linux.Plupii
Discovered on: November 06, 2005
Last Updated on: November 06, 2005 01:20:05 PM
http://securityresponse.symantec.com/avcenter/venc/data/linux.plupii.html

Trojan.Totmau
Discovered on: November 04, 2005
Last Updated on: November 06, 2005 01:59:28 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.totmau.html

Backdoor.Ryknos
Discovered on: November 10, 2005
Last Updated on: November 10, 2005 04:05:22 PM
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ryknos.html

SymbOS.Doomboot.N
Discovered on: November 10, 2005
Last Updated on: November 10, 2005 03:55:12 AM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.doomboot.n.html

SymbOS.Doomboot.M
Discovered on: November 10, 2005
Last Updated on: November 10, 2005 01:24:45 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.doomboot.m.html

Trojan.Heoms
Discovered on: November 09, 2005
Last Updated on: November 10, 2005 08:17:39 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.heoms.html

Linux.Plupii
Discovered on: November 06, 2005
Last Updated on: November 10, 2005 02:38:13 PM
http://securityresponse.symantec.com/avcenter/venc/data/linux.plupii.html

Bloodhound.Exploit.52
Discovered on: November 11, 2005
Last Updated on: November 12, 2005 02:13:32 PM
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.52.html

W32.Sober.S@mm
Discovered on: November 15, 2005
Last Updated on: November 15, 2005 01:13:45 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.s@mm.html

W32.Sober.W@mm
Discovered on: November 15, 2005
Last Updated on: November 15, 2005 12:30:46 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.w@mm.html

W32.Sober.T@mm
Discovered on: November 15, 2005
Last Updated on: November 15, 2005 12:23:37 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.t@mm.html

W32.Sober.V@mm
Discovered on: November 14, 2005
Last Updated on: November 15, 2005 12:53:57 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.v@mm.html

Trojan.Muquest
Discovered on: November 14, 2005
Last Updated on: November 15, 2005 04:02:46 AM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.muquest.html

SymbOS.Cardtrp.F
Discovered on: November 14, 2005
Last Updated on: November 15, 2005 11:36:00 AM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.cardtrp.f.html

W32.Mytob.LZ@mm
Discovered on: November 20, 2005
Last Updated on: November 20, 2005 03:24:47 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.lz@mm.html

W32.Sober.X@mm
Discovered on: November 19, 2005
Last Updated on: November 19, 2005 05:54:57 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.x@mm.html

W32.Mytob.MC@mm
Discovered on: November 22, 2005
Last Updated on: November 22, 2005 10:32:04 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.mc@mm.html

Trojan.Lodear.D
Discovered on: November 23, 2005
Last Updated on: November 23, 2005 03:04:59 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodear.d.html

W32.Mytob.ME@mm
Discovered on: November 22, 2005
Last Updated on: November 23, 2005 03:13:50 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.me@mm.html[/ur]

Trojan.Danmec
Discovered on: November 22, 2005
Last Updated on: November 23, 2005 11:33:40 AM
[url]http://securityresponse.symantec.com/avcenter/venc/data/trojan.danmec.html

Secunia issued a HIGH RISK alert for this virus.
2005-11-23 11:46
http://secunia.com/virus_information/23836/sober.x/

W32.Beagle.CQ@mm
Discovered on: November 25, 2005
Last Updated on: November 25, 2005 04:46:02 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.cq@mm.html

W32.Secefa.A
Discovered on: November 23, 2005
Last Updated on: November 24, 2005 12:59:30 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.secefa.a.html

SymbOS.Drever.D
Discovered on: November 28, 2005
Last Updated on: November 29, 2005 03:07:33 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.drever.d.html

Trojan.Spamforo
Discovered on: November 28, 2005
Last Updated on: November 29, 2005 03:01:13 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.spamforo.html

Trojan.Lodav.C
Discovered on: November 28, 2005
Last Updated on: November 29, 2005 03:05:57 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.lodav.c.html

W32.Secefa.B
Discovered on: November 30, 2005
Last Updated on: November 30, 2005 04:12:45 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.secefa.b.html

W32.Yimper
Discovered on: November 30, 2005
Last Updated on: November 30, 2005 10:57:12 AM
http://securityresponse.symantec.com/avcenter/venc/data/w32.yimper.html

Trojan.Esteems.E
Discovered on: December 01, 2005
Last Updated on: December 01, 2005 01:07:53 PM
http://securityresponse.symantec.com/avcenter/venc/data/trojan.esteems.e.html

W32.Gudeb
Discovered on: December 01, 2005
Last Updated on: December 01, 2005 04:34:27 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.gudeb.html


W32.Secefa.B
Discovered on: November 30, 2005
Last Updated on: December 01, 2005 02:13:10 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.secefa.b.html

W32.Feldor.A
Discovered on: December 03, 2005
Last Updated on: December 03, 2005 02:18:31 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.feldor.a.html

SymbOS.Hidmenu.A
Discovered on: December 03, 2005
Last Updated on: December 03, 2005 02:56:32 PM
http://securityresponse.symantec.com/avcenter/venc/data/symbos.hidmenu.a.html

W32.Mytob.ML@mm
Discovered on: December 02, 2005
Last Updated on: December 03, 2005 01:35:19 PM
http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.ml@mm.html