Latest Virus 2012

Posted by Stephen thangaraj at 17:02
« W32.Bugbear@mm» — High Risk 

Bugbear packs a treacherous payload: it installs a keylogger on infected systems, so it can watch everything a victim types and steal information like passwords and account numbers. MSNBC

The virus is difficult to spot because the email appears in a myriad of different guises. However identification is possible by looking at the accompanying attachment, which is nearly always 50,688 bytes in size. Ananova

DO NOT OPEN E-MAIL WITH SUBJECT  — The virus is sent as an e-mail attachment with a variety of subject lines including:
Membership Confirmation
Market Update Report
Your Gift
... 


ATTACHMENTS: The attachment name also varies, but may contain some of the following strings:
Setup.exe
Card
Docs
image
... 


SYSTEMS AFFECTED: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me



TECHNICAL DESCRIPTION : McAfee / PandaSoft /Symantec

FREE REMOVAL TOOL: McAfee


« Chet» or «Chet@MM»— Low Risk 

A new e-mail virus is exploiting the first anniversary of the 11 September terrorist attacks. The e-mail attempts to coax users to click on the infected attachment with promises of photographs of Osama bin Laden and the US Secretary of State involved in 'friendly dialogue'. BBC

[Update 18:07] Virus to be or not to be: Is this worm low risk, due to media attention according toTrend Microor is it due to the fact that to date, according to Sophos,there have been no reports of this worm from the wild. (netsurf)


DO NOT OPEN E-MAIL WITH SUBJECT
"All people!!" 

DO NOT OPEN ATTACHMENT WITH:
11September.exe


TECHNICAL DESCRIPTION : McAfee / SophosFREE REMOVAL TOOL: McAfee«Frethem» or « I-Worm.Frethem» — Mild Risk 

The virus has become a common source of infection since the release of two fresh variants last weekend (July 13-14), and attempts to exploit an Outlook bug in order to run automatically when the mail is read. The Register

DO NOT OPEN E-MAIL WITH SUBJECT
Re: Your password! 

ATTACHMENT:
Decrypt-password.exe and Password.txt


TECHNICAL DESCRIPTION : Symantec /

FREE REMOVAL TOOL: Symantec 
/ Bit Defender (Zataz)«W32.Klez.H» or « W32.Klez.H@mm» — High Risk 

That Klez e-mail worm is appearing in yet another, more socially insidious form. It's being spread by people you know, or at least that's the way it appears.

Klez also sends fake "returned" or "undeliverable" e-mails, advising the supposed sender that their original, refused e-mail is contained in the attachment. Clicking on the attachment triggers the virus. Wired

SUBJECT LINE /BODY COPY / ATTACHMENT
The subject line, message bodies, and attachment file names are random. The From address is randomly-chosen from email addresses that the worm finds on the infected computer.


TECHNICAL DESCRIPTION : Symantec /

FREE REMOVAL TOOL: Symantec

REAL TIME SPREAD INFORMATION: Message Labs
«Ariel Sharon» or « W32.Mylife.I-J@mm» 

The Internet vandal behind the MyLife virus released four fresh variants this week, bringing the grand total to 10.

W32.Mylife.I and J@mm are variants of W32.Mylife@mm worm. It is a mass-mailing worm that emails itself to all email addresses in the Microsoft Outlook address book and the MSN Messenger contact list.
When the attachment is executed, it displays an unflattering caricature of Ariel Sharon.

DO NOT OPEN E-MAIL WITH SUBJECT
peeeeep picture or sexyy Screen Saver 

BODY COPY:

hi
look to the screen saver it's very funny
bye


ATTACHMENT:
A link in the body of the message:
 "peeeep~~~.scr " or Sh.scr or USA.scr


TECHNICAL DESCRIPTION : Symantec /

FREE REMOVAL TOOL: Symantec
«My Life» or « Caris» or W32/MyLife.b@MM —Medium Risk

Virus experts today warned of an e-mail worm that is spread when recipients open an attachment bearing a caricature of former president Bill Clinton holding a saxophone with a bra emerging from the horn. The virus was making the rounds Friday and has shown up in 23 countries so far, according to MessageLabs. It has been most active in Australia, the U.K. and the U.S.

If the attachment is opened, the worm copies itself to the computer's system folder and spreads via Outlook e-mail, sending itself to every address in the recipient's address book. The worm can also delete Windows system files from infected users' hard drives. (WashTech.com) / WSJ)

DO NOT OPEN E-MAIL WITH SUBJECT
bill caricature 

BODY COPY:
No viruse (sic) found" followed by "McAfee.com

ATTACHMENT:
A link in the body of the message:
 "cari.scr"

RELATED ARTICLES: WashTech.com / WSJ / MSNBC
TECHNICAL DESCRIPTION : McAfee / F-Secure/Sophos /

FREE REMOVAL TOOL: McAfee
«W32/Fbound.C» — Medium Risk

In what is believed to be the first of its kind, a new nondestructive computer worm has been found that apparently can e-mail itself out in either English or Japanese, depending on the native language of the recipient. If executed by the recipient, the worm launches the e-mails to the Outlook address book entries (USA Today)

DO NOT OPEN E-MAIL WITH SUBJECT
Important (or a Japanese subject) 

BODY COPY:

[ Empty ]

ATTACHMENT:
A link in the body of the message:
 "patch.exe"

RELATED ARTICLES: USA Today / Yahoo News
TECHNICAL DESCRIPTION : McAfee

FREE REMOVAL TOOL: 
McAfee

TECHNICAL DESCRIPTION : McAfee / F-Secure / Trend Micro

FREE REMOVAL TOOL: McAfee
 / Sophos

«Gokar» or W32/Gokar@mm, Karen — Medium

Gokar sends itself via Microsoft Outlook, using a long list of variable subject fields, contents and attachment names. Gokar also modifies mIRC chat client configuration to spread to worm further via IRC chats.

DO NOT OPEN E-MAIL WITH ANY OF THE FOLLOWING SUBJECTS
— If I were God and didn't belive in myself would it be blasphemy
— The A-Team VS KnightRider ... who would win
— Just one kiss, will make it better. just one kiss, and we will be alright.
— I can't help this longing, comfort me.
— And I miss you most of all, my darling ...
— ... When autumn leaves start to fall
— It's dark in here, you can feel it all around. The underground.
— I will always be with you sometimes black sometimes white ...
— .. and there's no need to be scared, you re always on my mind.
— You just take a giant step, one step higher.
— The air will hold you if you try, trust my wings of desire. Glory, Glorified.......
— The horizons lean forward, offering us space to place new steps of change.
— I like this calm, moments before the storm
— Darling, when did you fall..when was it over ?
— Will you meet me .... and we'll fly away ?! 


BODY COPY CAN BE ANY OF THE FOLLOWING:

— You should like this, it could have been made for you speak to you later

— Hey
They say love is blind ... well, the attachment probably proves it. Pretty good either way though, isn't it ?

— Happy Birthday
Yeah ok, so it's not yours it's mine :) still cause for a celebration though, check out the details I attached

— This made me laugh
Got some more stuff to tell you later but I can't stop right now so I'll email you later or give you a ring if thats ok ?! Speak to you later


Attachments can any of the following:
.PIF, .SCR, .EXE, .BAT and .COM

RELATED ARTICLES: News.com / Ananova /Newsbytes /
TECHNICAL DESCRIPTION : F-Secure / Symantec /McAfee /

FREE REMOVAL TOOL: F-Secure 
Symantec / McAfee/
«Goner» or W32/Goner, Pentagone, or Gone —High Risk

This is a HIGH RISK virus which masquerades as a screen saver. It spreads via Microsoft Outlook and can be spread via ICQ if it's installed on an infected computer. This is a mass mailing worm that attempts to send itself to all entries in the Outlook Address book. DO NOT OPEN EMAIL WITH ATTACHMENT"GONE.SRC"

DO NOT OPEN E-MAIL WITH SUBJECT
Hi 

BODY COPY:
How are you ? When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it! 

Attachment:
GONE:SRC

RELATED ARTICLES: MSNBC / NY Times / WSJ /News.com / CNN BBC / ABCNews / Wired /WashTech / FT / 01net / Multimédium /
TECHNICAL DESCRIPTION : McAfee / F-Secure / C/netSymantec /
FREE REMOVAL TOOL: McAfee
 / Symantec
«Badtrans.b» Upgraded to Maximum Risk

FRANCAIS: Le virus qui espionne votre clavier. Le "ver" Badtrans.B se propage par e-mail et exploite les failles de sécurité d'Internet Explorer. Grande nouveauté, il "surveille" les touches utilisées sur votre clavier. Explications et solutions pour s'en prémunir sur le site de l'Internaute.

ENGLISH: An Internet worm which began spreading throughout the United States and Europe over the Thanksgiving weekend, sends itself out through Microsoft's Outlook and Outlook Express e-mail programs.

Most Internet worms and viruses need a recipient to click on an attachment in order for them to execute. Badtrans is capable of spawning itself even if a user reads e-mail in the preview mode of Outlook.

DO NOT OPEN E-MAIL WITH SUBJECT
"Re" subject line that appears to be a response to an e-mail actually sent by the user. 

BODY COPY:
Take a look to the attachment. 

RELATED ARTICLES: CNN / BBC / L'Internaute ZDNet

TECHNICAL DESCRIPTION : McAfee
 / Symantec
FREE REMOVAL TOOL: McAfee / Symantec 
«Nimda.E» or «or «W32. Nimda.E@mm»Medium Risk

A new version of Nimda. Like the original Nimda, Nimda.E can spread in numerous ways, taking advantage of a number of vulnerabilities in Microsoft’s Web server product. The malicious program utilizes a variety of methods to attack Windows 95, 98, ME, and Windows 2000.

DO NOT OPEN E-MAIL with:

Attachment: 
Sample.exe 

RELATED ARTICLES: NY Times / MSNBC

TECHNICAL DESCRIPTION : Symantec
 / F-Secure
FREE REMOVAL TOOL: Symantec / 
«Sircam» or «or «W32.Sircam.Worm@mm».Maximum Risk

Sircan virus described below (scroll down the page) is poised for a new attempt to wreak havoc on October 16. According to Wired, around one-in-20 infected computers are in danger of being wiped on October 16.

RELATED ARTICLES: Wired / Ananova

FREE REMOVAL TOOL: McAfee
 / 
«Vote B » or «Anti_TeRRoRisM.exe»Medium Risk

This destructive, mass-mailing worm is a variant of TROJ_VOTE.A

DO NOT OPEN E-MAIL with:
Subject line: 
This War Must Be Done !Message Body :Hi We Must Fight , We Must ReMemBer Our Victims! No Peace Before KiLLing TeRRoRists !Attachment: Anti_TeRRoRisM.exe 

TECHNICAL DESCRIPTION : AntiVirus

MORE INFORMATION: ZDNet.fr

«Vote A » or «W32.Vote.a@mm »Medium Risk

An e-mail virus that seeks to exploit immense interest in the terrorist attacks that destroyed the World Trade Center and the war the U.S. is preparing to wage in response.
Spreads via Microsoft Outlook by sending emails to all addresses listed in an infected user’s address book. Deletes files on your hard disk.

DO NOT OPEN E-MAIL with:
Subject line: 
Fwd:Peace BeTween AmeriCa And IsLam !Message Body :Hi! iS iT A waR Against AmeriCa Or IsLam! Let’s Vote To Live in Peace!Attachment: WTC.EXE 

WHAT DAMAGE DOES IT DO? A deletes certain antivirus products installed in a system, drops the files WTC.exe MixDaLaL.vbs, and Zacker.vbs. It also modifies the infected user’s Internet Explorer startup page, and formats the infected user’s drive. (AntiVirus

AntiVirus RISK RATING: Medium
TECHNICAL DESCRIPTION : AntiVirus
MORE INFORMATION: News.com / The Industry Standard / MSNBC / ABCNews / Washington Post /Yahoo Actualités

REMOVAL INSTRUCTIONS: 
AntiVirus

«Nimda » or «W32/Nimda@MM»High Risk
Attackes both home PCs and corporate users. The malicious program includes a complicated, multi-pronged attack strategy that combines the fast-spreading capabilities of an e-mail virus like Melissa with a stream of attacking Internet traffic similar to Code Red.

in some cases, victims don’t even have to open an e-mail attachment to become infected. Merely previewing an infected e-mail is enough. The virus uses a new method for that, exploiting a bug found in Microsoft’s Internet Explorer this March.


DO NOT OPEN E-MAIL with:
Subject line: 
Random - changes, not specificAttachment: «Readme.exe» BUT other attachment names have also been reported, suggesting the name is actually random. 

WHAT DAMAGE DOES IT DO? Once infections occur, Nimda hunts around the Internet for Web server computers to attack — much like Code Red. But Code Red, which wreaked havoc in July, only tried one method for breaking into Internet Web servers. Nimda scans the Internet for 16 known vulnerabilities. But the virus doesn’t stop there. Next it drops a file on infected Web sites that is clever enough to infect site visitors — the file is automatically uploaded to anyone who visits the site’s home page. (MSNBC

AntiVirus RISK RATING: High
TECHNICAL DESCRIPTION for home users: AntiVirus
MORE INFORMATION: MSNBC / BBC / CNN / Yahoo Actualités

REMOVAL INSTRUCTIONS: 
AntiVirus

«Magistr.b » or «W32/Magistr.b@MM »Medium Risk
Extremely dangerous and seems to be spreading in Europe. Wipes out your files and you cannot reboot.

DO NOT OPEN E-MAIL with:
Subject line: 
Randomly generated text that can be up to 60 characters long.Attachment: One randomly named infected executable and several randomly selected text or document files 

WHAT DAMAGE DOES IT DO? Uses email addresses from the Windows Address Book files and Outlook Express Sent Items folder and Netscape Address Book. Overwrites hard drives, erases CMOS, flashes the BIOS and it could send confidential Microsoft Word documents to others. 

McAfee RISK RATING: Medium
TECHNICAL DESCRIPTION: McAfee
MORE INFORMATION: 01net

REMOVAL INSTRUCTIONS: 
From McAfee

«Code Blue » 

This worm is a variant of «Code Red». It infects Windows NT/2000 systems that are running Microsoft's IIS server software. It's not transmitted by an e-mail attachment to individuals.

Technical information: McAfee
Articles: Wired / Newsfactor / Ananova
«Code Red » 

This worm infects Windows NT/2000 systems that are running Microsoft's IIS server software. It's not transmitted by an e-mail attachment to individuals.

Technical information: McAfee
Articles: News.com / ZDNet / ZDNet
«Sircam » or «W32.Sircam.Worm@mm».Maximum Risk
The virus is particularly troublesome because it arrives with random subject lines and attachment names, meaning there’s no easy way to warn computer users.

DO NOT OPEN E-MAIL with:

Subject line: The subject of the email will be random, and will be the same as the file name of the attachment in the email such as
: Partnership Agreement or Home Depot Requisition Letter or MAC Umbrella or Family Treatment.

Body: The message body will be semi-random, but will always contain one of the following two lines (either English or Spanish) as the first and last sentences of the message.

Spanish Version:
First line: Hola como estas ?
Last line: Nos vemos pronto, gracias.

English Version:
First line: Hi! How are you?
Last line: See you later. Thanks


Attachment: 
Same as subject 

WHAT DAMAGE DOES IT DO? Upon infection, Sircam creates a list of files with extensions such as .DOC, .ZIP and .JPG that are located in the victim’s “My Documents” folder. The virus then sends copies of itself to users in the victim’s address book, including one of those files chosen at random.

SYMANTEC RISK RATING: High Risk upgraded July 23
TECHNICAL DESCRIPTION: Symantec
MORE INFORMATION: News.com / 01net / Libération /Journal du Net / ZDNet.fr

REMOVAL INSTRUCTIONS: 
From SYMANTEC

E-MAIL CONTENT/ Symantec Warning

It was brought to my attention yesterday that a virus is in circulation via email. I looked for it and to my surprise I found it on mine. .. Please follow the directions and remove it from yours TODAY!!!!!!!

If you have deleted the Sulfnbk.exe file from the C:\Windows\Command folder and want to know how to restore the file, click here.
«Jennifer Lopez» or «VBS/LoveLetter.CN@MM ». The Jennifer Lopez file is the latest in a string of mass-mailing worm viruses--copycat versions of the AnnaKournikova virus--that spread across the globe in February

DO NOT OPEN E-MAIL with:
Subject line: 
Where are you?Body: This is my pic in the beach!Attachment: JENNIFERLOPEZ_NAKED.JPG.vbs 

WHAT DAMAGE DOES IT DO? When the W95/CIH virus is unleashed, it goes on a search-and-destroy mission. The virus seeks out and overwrites code on specific files on the hard disk, stripping them of their content. 

McAFEE RISK RATING: Low / PANDA RATING :Medium
TECHNICAL DESCRIPTION: McAfee
MORE INFORMATION: News.com The Guardian

REMOVAL INSTRUCTIONS: 
From McAfee
«FW: Symantec Anti-Virus Warning» or«VBS/Hard@mm»or «VBS/Hard-A». An email worm that masquerades as a virus warning from Symantec, a well-known anti-virus firm.

DO NOT OPEN E-MAIL with:

Subject line: 
FW: Symantec Anti-Virus WarningBody: Hello,

There is a new worm on the Net. This worm is very fast-spreading and very dangerous! Symantec has first noticed it on April 04, 2001. The attached file is a description of the worm and how it replicates itself.
With regards,

F. Jones
Symantec senior developer
Attachment: www.symantec.com.vbs 

WHAT DAMAGE DOES IT DO? It spreads in the usual way, sending copies of itself to people in a victim’s Microsoft Outlook address book. It

SYMANTEC RISK RATING: Unspecified
TECHNICAL DESCRIPTION: Symantec
ARTICLES: ZDNet.com The Industry Standard /ZDNet.fr

REMOVAL INSTRUCTIONS: 
From Symantec
«Homepage» or «VBS/VBSWG.X@MM». An email worm that purports to contain a link for the next cult Internet homepage.


DO NOT OPEN E-MAIL with:
Subject line: 
HomepageBody: Hi! You've got to see this page! It's really cool ;0)Attachment: homepage.HTML.vbs 

WHAT DAMAGE DOES IT DO? It spreads in the usual way, sending copies of itself to people in a victim’s Microsoft Outlook address book. It

McAFEE RISK RATING: Medium
TECHNICAL DESCRIPTION: McAfee
MORE INFORMATION: ZDNet /MSNBC / CNN /News.com

REMOVAL INSTRUCTIONS: 
From McAfee


«Matcher», 'Melissa' virus clone 
While it could clog e-mail servers if left unchecked, it does not destroy or disclose computer files.

DO NOT OPEN E-MAIL with:
Subject line: 
MatcherBody: "Want to find your love mates!!!/ Try this its cool.../ Looks and Attitude maching to opposite sex." .Attachment: Lonely Heart 

WHAT DAMAGE DOES IT DO? The trojan virus hunts addresses in Microsoft Outlook and then sends out copies of itself 

SYMANTEC RISK RATING: Medium

NUMBER OF INFECTIONS: 1000

TECHNICAL DESCRIPTION: Symantec
MORE INFORMATION: CNN article dated April 19

REMOVAL INSTRUCTIONS: 
From Symantec
«Magistr» aka: «I-worm» or «PE_MAGISTR.A» or «W32.Magistr@mm»
Few computers infected, but extremely dangerous. Wipes out your files and you cannot reboot. Targets all Windows PE files that are not .dll files.

DO NOT OPEN E-MAIL with:
Subject line: 
Randomly generated text that can be up to 60 characters long.Attachment: One randomly named infected executable and several randomly selected text or document files 



click the Below link download this file 


If you enjoyed this post and wish to be informed whenever a new post is published, then make sure you subscribe to my regular Email Updates. Subscribe Now!


Kindly Bookmark and Share it:

YOUR ADSENSE CODE GOES HERE

0 comments:

Have any question? Feel Free To Post Below:

Blog Archive

 

© 2011. All Rights Reserved | Interview Questions | Template by Blogger Widgets

Home | About | Top