Backdoor:Win32/Berbew.AC is a Trojan that installs silently on your computer. It can capture and send personal information to a Web site. It can also download files from Web sites and run them on your computer. There are no readily apparent indications that your computer is infected with this Trojan.

Backdoor:Win32/Rbot.AG is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

 

Backdoor:Win32/Rbot.AG may be detected as Backdoor:Win32/Rbot.gen!A.

Backdoor:Win32/Rbot.AM is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot.BG is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Win32/Plexus.A@mm is a mass-mailing e-mail worm that targets Microsoft Windows. The worm also spreads through Kazaa peer-to-peer network shares and to computers that have not been patched for the Windows vulnerabilities described in Microsoft Security Bulletins MS03-039 and MS04-011. Win32/Plexus.A@mm opens a backdoor which allows attackers to run arbitrary code on the infected computer.

Win32/Chir.A@mm is a mass-mailing worm. The worm sends a copy of itself as an e-mail attachment to e-mail addresses that it finds on the infected computer and remote shares. The worm runs when a user opens the e-mail attachment. On a computer that has not been patched for the Incorrect MIME Header vulnerability described in Microsoft Security Bulletin MS01-020, the attachment can open automatically under certain conditions.

Trojan:Win32/Alemod.C.dr is a Trojan dropper and data-stealing Trojan. Trojan:Win32/Alemod.C.dr infects wininet.dll; Microsoft detects the infected wininet.dll file as Win32/Nsag.B. The dropper installs Trojan:Win32/Alemod.C and Trojan:Win32/Alemod.C.dll. Together these Trojans perform operations such as capturing data from outbound user Web traffic and displaying a hyperlink and dropping shortcuts to the infected user's desktop. These shortcuts may point to spyware-related Web sites.

This software threat is detected and removed by the Malicious Software Removal Tool. For more information, see the parent variant.

PWS:Win32/Sinowal.K is a data-stealing Trojan. It is dropped by PWS:Win32/Sinowal.E. For more information, see http://www.microsoft.com/security/encyclopedia/details.aspx?Name=PWS:Win32/Sinowal.E

Win32/Bagle.X@mm!CME-328 is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds in certain files on the infected computer. The worm is activated when the e-mail recipient opens the attachment. The worm monitors a random TCP port for instructions from remote attackers.

 

This threat was assigned CME ID 328.

Worm:Win32/Esbot.A is a network worm that targets computers running Microsoft Windows 2000 that do not have Microsoft Security Bulletin MS05-039 installed. The worm can also infect computers running other Windows operating systems if it is delivered through e-mail, instant messaging, or other routes. The worm has a backdoor component that connects to an IRC server to receive commands from attackers.

TrojanDropper:Win32/Bagle.BL is a Trojan that targets computers running certain versions of Microsoft Windows. The dropper spreads as an e-mail attachment sent by an attacker. When a user opens the attachment, TrojanDropper:Win32/Bagle.BL installs itself on the computer and drops TrojanDownloader:Win32/Bagle.BK.dll.

Win32/Netsky.E@mm is a mass-mailing worm that targets computers running certain versions of Microsoft Windows. The worm sends itself to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens an e-mail attachment that contains the worm. There may be no readily apparent indications that a computer is infected with this worm.

Win32/Korgo.AF.worm is a network worm that targets computers running Microsoft Windows XP or Windows 2000 that do not have Microsoft Security Update MS04-011 installed. The worm also monitors TCP ports and opens a backdoor to allow unauthorized access to infected computers. A computer infected with this worm may crash and reboot unexpectedly.

Win32/Msblast.B is a network worm that can spread to a computer running Microsoft Windows 2000 and Windows XP that does not have Security Update MS03-026 or MS03-039 installed. The worm performs a denial of service (DoS) attack against windowsupdate.com, if the day of the month is greater than 15 or the month is greater than 8.

Win32/Bropia.A.worm is a worm that targets computers running certain versions of Microsoft Windows. The worm spreads and is activated when a user clicks a file that is sent through MSN Messenger or Windows Messenger. The worm drops Win32/HLLW.Spybot.AI when it runs.

Win32/Gaobot.ZT.worm is a network worm that targets certain versions of Microsoft Windows. It spreads by exploiting vulnerabilities that are patched in several Microsoft Security Bulletins. To retrieve personal and system information, it also spreads to writeable network shares that have weak administrator passwords. The worm targets certain Web sites for denial of service (DoS) attacks. The worm also has backdoor capabilities, which allow attackers to control an infected computer through an IRC channel.

Win32/Sober.D@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses that it finds on the infected computer. The worm is activated when a user opens the attachment.

W32.Mimail.P@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself as an attachment to e-mail addresses on the infected computer. When the user opens the attachment, it can display a series of dialog boxes that the worm uses to gather and transmit user credit card information.