Latest Virus Alert: W32.Swen.A@mm
NOTE: This threat was previously detected as Worm.Automat.AHB by definitions
automatically created by Symantec's Digital Immune System.
Due to an increase in submissions, Symantec Security Response has upgraded
W32.Swen.A@mm to Category 3, as of 6:30pm Thursday, September 18, 2003.
W32.Swen.A@mm is a mass-mailing worm that uses its own SMTP engine to
spread itself. It attempts to spread through file-sharing networks, such
as KaZaA and IRC, and attempts to kill antivirus and personal firewall
programs running on a computer.
The worm can arrive as an email attachment. The subject, body, and From:
address of the email may vary. Some examples claim to be patches for Microsoft
Internet Explorer, or delivery failure notices from qmail.
More
information and removal instructions for the W32.Swen.A@mm
Download
Removal Tool
Latest Virus Alert: W32.Blaster.E.Worm
W32.Blaster.E.Worm is a new variant on the previous
W32.Blaster.Worm.
W32.Blaster.E.Worm is a worm that exploits the DCOM RPC vulnerability
(described in Microsoft Security Bulletin MS03-026) using TCP port 135.
The worm targets only Windows 2000 and Windows XP machines. While Windows
NT and Windows 2003 Server machines are vulnerable to the aforementioned
exploit (if not properly patched), the worm is not coded to replicate
to those systems. This worm attempts to download the mslaugh.exe file
to the %WinDir%\system32 directory and then execute it. W32.Blaster.E.Worm
does not have a mass-mailing functionality.
More
information and removal instructions for the W32.Blaster.E.Worm
Latest Virus Alert: W32.Mimail.A@mm
W32.Mimail.A@mm is a worm that spreads by email and steals information from a user's machine.
The email has the following characteristics:
From: admin@
(The from address may be spoofed to appear that it is coming from the
current domain)
Subject: your account [random string]
Message: Hello there, I would like to inform you about important information
regarding your email address. This email address will be expiring. Please
read attachment for details.
Best regards, Administrator
Attachment: Message.zip
More
Information about the W32.Mimail.A@mm virus.
Free
Removal Tool.
Latest Virus Alert: W32.Yaha.F@mm
W32.Yaha.F@mm is a mass-mailing worm that sends itself to all email addresses that exist in the Microsoft Windows Address Book, the MSN Messenger List, the Yahoo Pager list, the ICQ list, and files that have extensions that contain the letters ht. The worm randomly chooses the subject and body of the email message. The attachment will have a .bat, .pif or .scr file extension. Depending upon the name of the Recycled folder, the worm either copies itself to that folder or to the %Windows% folder.
The name of the file that the worm creates consists of four randomly generated characters between c and y.
It also attempts to terminate antivirus and firewall processes.
More Information about the W32.Yaha.F@mm virus.
Free Removal Tool.
| 
