In recent weeks, a rash of spam has been sent that bear much resemblance to the all-too-familiar tactics of the Storm botnet.
All malware is bad, but some types of malware do more damage than others. That damage can range from loss of files or total loss of security. This list (in no particular order) provides an overview of the most damaging types of malware.
The MonaRonaDona 'virus' is a self-advertised 'virus' that isn't even a virus at all. It's a non-replicating program (i.e., a Trojan) that loads when Windows is started, changing the Internet Explorer title bar to read MonaRonaDona and displaying a message which blocks access to your legitimate running programs.
Many users have experienced repeated warnings of infection by Psyme each time they open their browser. Depending on the antivirus in use, the name given in the warning may be any of the following: Downloader.Psyme (Symantec), Troj/Psyme (Sophos), Trojan.VBS.KillAV (Kaspersky), TrojanDownloader.VBS.Psyme (CA),Trojan.Downloader.JS.Psyme (Kaspersky), VBS/Petch.A (F-Prot), VBS/Psyme (McAfee)
The so-called Storm worm is actually not a worm, but rather a family of Trojans that typically include a backdoor, SMTP relay, P2P communications, email harvester, downloader, and often a rootkit.
The so-called "U.Z.A. O/S Eliminator" worm appears to have originated in Maldives sometime in late July or early August 2007. The worm exploits the autorun feature, enabling it to spread from removable USB/thumb drives to other computers.
The Freedom 'virus' is a worm that infects local and USB drives, disables access to Task Manager, Registry Editor and other system utilities, and may try to delete MP3 files found on infected systems. Here's how to clean it.
Instead of relying on bots to do the dirty work, Trojan.MeSpam makes you the culprit. Once infected, every forum post you make, every webmail you send, and every blog comment you leave will also deposit a link pointing to a nefarious website.
Is Rinbot the little worm that isn't? Or is it simply the worm that no one wants to acknowledge exists? Here's a timeline of this "non-threat".
The Storm worm spreads via email, using a variety of subject lines and message text that may masquerade as news articles or other current events.
Thanks to the Chatosky worm, I uncovered some things about the Skype service that I might not otherwise have known.
A mass-mailing email worm that also spreads via USB and thumb drives, the Rontokbro worm - also know as Brontok - takes a multifacted approach to defy detection and removal.
Stration is a mass-mailing email worm that attempts to download a file from a remote server. The worm may inject itself into certain running processes, potentially causing it to bypass firewalls or other security software.
Stration is a mass-mailing email worm that may attempt to download files from a remote server.
There's a lot of misinformation being disseminated around the recently discovered VML vulnerability. Here's an attempt to address those misconceptions and alleviate some of the fears.
A zero-day vulnerability in the Windows implementation of Vector Markup Language (VML) impacts all supported versions of Internet Explorer, all supported versions of Microsoft Windows 2003, Windows XP, and Windows 2000, and recent versions of Outlook and Outlook Express.
With 12 million infected systems under their control, botnet operators are controlling a population rougly the size of Guatemala. In fact, the number of infected systems would place it at about 70 out of 230 sovereign states and territories worldwide.
The more a story gets told, the more the original story gets changed by each new storyteller. Sometimes, the story gets so far removed from the original, that the entire intent of the story is lost and new intent construed. Such is the case with the story of antivirus effectiveness, which was recently put through the spin cycle, wrung out, and reformed by Charlie White, editor of the Gizmodo gadget blog.
Vulnerability researchers at eEye Digital uncovered serious flaws in McAfee security products that could allow attackers to gain remote control of affected systems.
An early-morning report on a security mailing list led to the discovery of Yamanner, a mass-mailing email worm that impacted Yahoo webmail users.
Every successful gambler knows how to handle a certain amount of risk, and how to minimize their losses. But a free tool that promised to help gamblers get the most out of the game turned out to be a Trojan that scammed them out of their winnings.
It seems a disgruntled employee targeted their enterprise with a worm that causes pictures of a rather odd looking owl to print on nearly 40 printers specific to the targeted firm.
Nugache is a worm that may spread via email, IM, or P2P networks.
Having your computer infected with a virus or other malicious software is upsetting enough. But over the past year, a new type of attack promises to be even more disconcerting. Dubbed ransomware, this new attack infects the system, encrypts the files, and then demands payment from its victims.
There is no such thing as a good virus, but some viruses are more despicable than others. Case in point, the newly discovered W32/QuickBatch.G!tr Trojan that specifically targets members of the blind community.
Bagle worm variant that spreads via email and fileshares/P2P networks warns of 'Lawsuit Against You'
Discovered on January 17, 2006, the Nyxem worm has a dangerous payload that executes on the 3rd of each month, overwriting files with specific extensions.
Here's the best and worst of 2005 from a malware perspective.
It seems appropriate that the Chinese dubbed 2003 as the Year of the Black Sheep. Among other things, the sheep is a symbol of untidiness - and from a virus standpoint, the year was indeed a mess.
The year 2002 ushered in a new era of malicious marketing code
Detecting email-borne viruses every 18 seconds, MessageLabs calls 2001 The Year of the Virus
A serious vulnerability in Windows Fax and Picture Viewer can allow remote attackers to use .WMF image files to gain control of your system.
Sober.X is a mass-mailing email worm that sends itself in either English or German depending on the recipient's domain. In addition to mass-mailing, Sober.X terminates processes related to various antivirus and security programs.
Sober.U arrives in an email message that may be in either German or English language, depending on the recipient's domain.
Sober.T arrives in an email message that may be in either German or English language, depending on the recipient's domain.
sober.s arrives in an email message that may be in either German or English language, depending on the recipient's domain.
Sober.R arrives in an email message that may be in either German or English language, depending on the recipient's domain.
The Sony Stinx Trojan exploits the Sony DRM cloaking technology (aka rootkit) installed by music CDs published by Sony after March 2005. This allows the malware to be hidden from view - effectively masking its presence even from most antivirus scanners. The Sony Stinx Trojan installs an IRC Backdoor Trojan that allows remote access to compromised PCs, downloads other malware, and disables the Windows XP firewall.
The Linux Slapper worm has been given a facelift and this time BBS admins and web bloggers are the target. The new worm has been given a half dozen new names, including Linux/Lupper worm Linux.Plupi, Backdoor.Linux.Smal, ELF_LUPPER.A and Exploit.Linux.Lupii.
the President of Sony BMG's Global Digital Business, Thomas Hesse, defends Sony's installation of a rootkit by declaring, "Most people, I think, don't even know what a Rootkit is, so why should they care about it?"
If you've purchased a Sony-labeled music CD since March 2005 and used it on your PC, chances are it installed a rootkit that can be easily exploited by virus writers.
Dutch police have announced the arrests of the alleged author of W32.Toxbot and two alleged accomplices.
PSP.Brick impacts the Sony PSP game console, flashing critical system files and rendering the console unbootable. The newly discovered PSP.Brick isn't technically a virus - it's a Trojan. But the news surrounding PSP.Brick could be described as a polymorphic virus - it spreads fast and the story changes with each reporter it infects.
Since January 1, 2005, at least 358 descriptions have been published for specific IM threats.
The most prevalent IM worm is Kelvir family of worms that target MSN Messenger users.
Just hours after BBC published a news report titled "London attackers 'meant to kill'", the Agent.AD Trojan email stole the headline and part of the copy, using it as a ruse to entice victims into opening its infected attachment.
IM worms continue to expand their repertoire of social engineering tricks. W32/Olameg-net, a.k.a. Opanki.Y and AIM/Megalo, installs itself to the Windows System directory as itunes.exe, presumably trying to disguise itself as the popular Apple iTunes application.
Malware authors eager to capitalize on the Michael Jackson trial have been sending booby-trapped spam messages claiming the pop-singer has attempted suicide.
Discovered May 31, 2005, Mytob.BI is a mass-mailing email worm that compromises system security by terminating processes related to various antivirus software, disabling the XP SP2 firewall, and modifying the HOSTS file to prevent access to antivirus updates and certain other websites.
Discovered May 30, 2005, Mytob.AR is a mass-mailing email worm that compromises system security by terminating processes related to various antivirus software, disabling the XP SP2 firewall, and modifying the HOSTS file to prevent access to antivirus updates and certain other websites.
The Mytob variants are mass-mailing email worms that compromise system security by terminating processes related to various antivirus software and modifiying the Registry to disable the XP SP2 firewall.
The Sober.P worm has morphed into a spam Trojan, sending politically-charged messages from infected systems.
The Sober.P worm abruptly stopped its mass-mailing at midnight GMT on May 9th, presumably entering its second stage of infection.
Firefox flaws rated extremely critical
Discovered May 2, 2005, Sober.P (also known as Sober.O) is a mass-mailing email that sends itself in either German or English language, depending on the intended recipient's domain.
The Crog worm edits the system registry to lower security settings, modifies the HOSTS file to redirect access to various security sites and shuts down processes associated with various security software.
Three new IM worms, Kelvir.A, Kelvir.B, and Kelvir.C were discovered by antivirus vendors on March 6th and 7th, 2005.
Discovered on March 1, 2005 in conjunction with several mass-spammed Bagle-like Trojans, Bagle.BE arrives in an email with a blank subject line
Troj/BagleDl-L is a Trojan, not a worm, and does not contain mass-mailing capabilities. However, Troj/BagleDl-L was mass-spammed via email during the morning of March 1st, 2005.
Like Bagle.AY, Bagle.AZ is a mass mailing email and P2P filesharing worm with downloader capabilites.
Bagle.AY is a mass mailing email and P2P filesharing worm with backdoor and downloader capabilites. As with previous variants and most modern email worms, the worm uses its own SMTP engine to spread via email and the From address is spoofed.
MyDoom.AM is a mass-mailing email and P2P filesharing worm that modifies the HOSTS file to prevent infected users from accessing certain antivirus vendor sites.
A mass-mailing email and filesharing worm, Lovgate.W also contains backdoor capabilities
Ever wonder what Bill Gates gets for Christmas? This year, the Chinese security firm VenusTech delivered three new Windows exploits just in time for the holidays.
A new variant of the Zafi worm, dubbed Zafi.D, sends itself as a Christmas greeting - in a variety of languages depending on the recipient's domain.
Dubbed TrojanDropper.FakeSpamFighter and Troj/Mdrop-IT, the Trojan masquerades as the Lycos infamous MakeLOVEnotSPAM screensaver
Sober.I is a mass-mailing email worm that sends itself in both German and English, depending on the infected users' operating system language. Sober.I uses is own SMTP engine to send itself to email address found on infected systems, spoofing the From address.
Bofra.A worm exploits SHDOCVW.DLL flaw
The Klez virus uses a variety of techniques to fool and aggravate users
Also known as Homepage, this e-mail worm was discovered in the wild on May 8th, 2001
Alleged movie of Timothy McVeigh execution really the Subseven remote access Trojan.
The Sobig.E worm spreads via email. The Sobig.E worm attachment is a ZIP file.
From your Antivirus.About.com guide, an encyclopedia of virus and hoax descriptions. Includes PC, Macintosh, Unix, Active Content, and Wireless infectors.
Timely and searchable information concerning viruses currently in-the-wild and even those that are not.
So comprehensive, it might be somewhat difficult to navigate. Well worth the effort, AVP delivers the definitive virus encyclopedia.
Though not a virus, hoaxes and myths can still cause downtime and loss of productivity due to unwarranted panic. Rob Rosenberger maintains a plethora of information concerning these non-threatening threats.
From F-Secure, an alphabetized database of virus descriptions. Search by exact name or keyword.
From the makers of Panda Antivirus, an encyclopedia searchable by name, category or family. The database is prefaced by an introduction to computer viruses and a handy glossary of terms.
Compiled from various reporting agencies and individuals. Listing all viruses actually causing active infections worldwide, the wildlist is updated monthly.
One very long list of just some of the viruses detected by Sophos.
The McAfee AVERT Virus Information Library includes detailed information on viruses as well as popular hoaxes and myths.
F-Secure simplifies the WildList by linking descriptions to the names of the viruses reported to be in the wild. Updated monthly.