W32.Ackantta@mm propagates on computer via removable drives and gathers email addresses from the infected computer to send itself. Once executed, W32.Ackantta@mm will create an autorun.inf file so that it runs automatically when the infected drive is mounted. More
W32.Downadup is a worm that can kill antivirus programs and block infected computers from visiting legitimate security web sites. This worm also spreads on local and network drives by taking advantage of the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability. W32.Downadup also creates its own Service on Windows to run itself each time Windows starts. Its method to spread stretches from local network and the Internet by taking advantages of software and security weaknesses. More
W32.Sober@mm is a mass-mailing worm that utilizes victim’s computer as SMTP engine to email a copy of itself. This infection is a memory-resident worm that specifically targets Windows platform. W32.Sober@mm is written in Microsoft Visual Basic programming language and is UPX compacted. More
W32.Harakit is a worm designed to propagate globally and reach as many computer users as possible to serve as an avenue for malware distribution. The worm may lower security configurations on the affected computer in order to conceal its operation once inside the system. More
W32.Koobface.A is a computer worm that propagates via social networking web sites. It utilizes an infected computer to create a botnet that spreads on peer-to-peer connection. An infected computer will communicate to other compromised machine and receive malicious commands. The main objective of W32.Koobface.A is to drop rogue software on victim’s computer and manipulate search queries to exhibit unexpected advertisements. More
W32.Tufik.E propagates via removable media drives and infects .exe files on the compromised computer. It copies itself as mscrss.exe. In order to run itself, this threat will create a Windows service that will have a display name of ‘Windows Workstation’. The worm may attempt to establish a connection to specified web address and download more harmful files. More
W32.Mariofev.A is a computer worm that propagates by creating a copy of its codes on unsecured network shared drives and removable media drives of target computer. This worm has backdoor functionalities that allow a remote attacker to perform malicious tasks on infected computer. W32.Mariofev.A also deletes registry keys and entries that are associated to anti-virus and other security software. More
JS.Faizal is a worm that duplicate itself on all attached and removable drives of the infected computer. This JavaScript-based worm will utilize the autorun function of Windows for automatic execution once user gain an access on infected drive. JS.Faizal infects the computer on a network also with the same method. It is usually USB, memory stick and flash disk that transmit JS.Faizal to individual computers if not network-connected. More
VBS.Solow.F is a malicious visual basic script that can spread by creating a copy on local and removable media drives. It also displays pop-up messages on the infected computer every time Windows starts. This worm will take advantage of Windows Autorun function so that the worm will load when the infected removable drive is attached to the computer. More
W32.Mandaph is a computer worm that can propagate on mapped network drives and local hard drive. The threat also searches for an attached removable drives and similarly infects when found. This worm will attempt to communicate to a remote server in order to download and execute additional threats. It may establish the same connection to download a configuration file and update itself. More