One kind of worm which became popular from around 2002 July, is infected to Windows.

When with the worm of the type which is infected making use of E-mail, same as Nimda and Klez, the mail which Frethem transmitted with Outlook and Outlook Express while the security hole remaining the preview is done, the attachment file is not opened and also the [te] is infected to the worm.

As for the security hole which Frethem uses being the same as Klez and the like, the correction patch release is already done from the Microsoft corporation.

Frethem same as the other worm, finding mail address from the computer which is infected, transmits E-mail in large quantities, but subversive activities the especially data, (it lives upon).

W32.HLLW.Antinny

Alias:
The [po] worm which it paints, WORM_ANTINNY.A
Field:
Security > virus/worm > W32.HLLW.Antinny

The worm which appeared in 2003 August, spread via the P2P network of file exchange software “Winny”.

We have become the feasibility type which was developed with Visual C++, file name has become the name which makes the contents think which have circulated with Winny network. When it executes, “compression (Zip type) folder error compression (Zip type) the folder is invalid, or or it has been broken.”With it indicates the dialogue of the fake which is said, is infected.

When you are infected, content “of the Cache” folder of Winny is deleted entirely. And, it copies itself with the name which is chosen suitably from the file name which is placed on “the Down” folder of name or Winny which from midst of the list which is built in are chosen to random. Antinny which was copied being compressed with LZH type, is placed on “the Up” folder, waits for the fact that it is downloaded in someone.

W32/Mydoom@MM

Alias:
Mimail.R and my doom, W32.Novarg.A@mm and WORM_MIMAIL.R
Field:
Security > virus/worm > W32/Mydoom@MM

One kind of computer virus which shakes violence in 2004 January. Through E-mail, one of the Troy wooden horse type worms which are infected to the personal computer which spreads, loads Windows of the Microsoft corporation.

MyDoom reaches as a mail of the contents which dress up the error message from the mail server, that the attachment file is opened, urges to the user. Subject from midst “of test” “hi” “hello” “Error” “Status” “Server Report” “Mail Delivery System” “Mail Transaction Failed” is selected to random. As for text “Mail transaction failed. Partial message is available.”“The message contains Unicode characters and has been sent as a binary attachment.”“The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.”From three it is chosen to random. As for the attachment file random the ZIP data compressed file of file name is many, but when the file of feasibility type is attached, it is. The feasibility file of the same name to the ZIP file (the virus itself) is housed.

W32.Mytob@mm Mytob

Alias:
Mytob worm, Win32/Mytob.worm and WORM_MYTOB
Field:
Security > virus/worm > W32.Mytob@mm

From 2005 March betting on around May, one kind of worm which is infected to Windows which becomes popular. With the attachment file of the mail and the infection route of 2 types of direct access from network, it became topic by the fact that subspecies of several dozen types appears shortly in period.

When you are infected, in order for the virus itself to be executed when starting automatically, it is altered registry, while the user does not become aware, collecting mail address from the file inside the disk, attaching the copy of the self, it transmits. In addition, TCP port 445th of the other computer it accesses in, it tries infection it exists in the security function of Windows making use of the vulnerability which is called “MS04-011”. Connecting to the IRC server of specification, there are also times when the program which received the order of the attack person, was sent is executed.

W32.Novarg.A@mm MyDoom

Alias:
Mimail.R and my doom, W32/Mydoom@MM and WORM_MIMAIL.R
Field:
Security > virus/worm > W32.Novarg.A@mm

One kind of computer virus which shakes violence in 2004 January. Through E-mail, one of the Troy wooden horse type worms which are infected to the personal computer which spreads, loads Windows of the Microsoft corporation.

MyDoom reaches as a mail of the contents which dress up the error message from the mail server, that the attachment file is opened, urges to the user. Subject from midst “of test” “hi” “hello” “Error” “Status” “Server Report” “Mail Delivery System” “Mail Transaction Failed” is selected to random. As for text “Mail transaction failed. Partial message is available.”“The message contains Unicode characters and has been sent as a binary attachment.”“The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.”From three it is chosen to random. As for the attachment file random the ZIP data compressed file of file name is many, but when the file of feasibility type is attached, it is. The feasibility file of the same name to the ZIP file (the virus itself) is housed.

W32.Welchia.Worm Welchia

Alias:
Blaster.D and WORM_MSBLAST.D
Field:
Security > virus/worm > W32.Welchia.Worm

Subspecies of computer virus “Blaster” which shook violence in 2003 middle of August, is infected to Windows. Original Blaster is exterminated, that the measure patch is applied, the behavior which says and changes is done, “the kindness” the virus.

When Welchia shoots ping to IP address of the infection object, verifies the existence of the computer, invasion is tried making use of the vulnerability “MS03-026” of Windows which Blaster utilizes. Blaster does not use, it utilizes also “MS03-007” vulnerability.

As for Welchia when you are infected to the computer, “DLLHOST.EXE” and TFTP server function it copies alters registry as “SVCHOST.EXE”, and for these to be executed when the starting Windows automatically, it sets itself duplication to “the wins” folder of the system folder of Windows, in order.

W32.Zotob

Alias:
Zotob worm, W32/Zotob.worm and WORM_ZOTOB
Field:
Security > virus/worm > W32.Zotob

One kind of worm which became popular in around 2005 August, is infected to Windows. There are several subspecies. You are infected to Windows 2000/XP/Server 2003, but if it has updated is above such as service pack, you are not infected.

TCP port 445th of the object computer to access Zotob in, the plug and play of Windows (PnP: You are infected Plug and Play) it exists in function making use of the vulnerability which is called “MS05-039”. The computer which is infected besides the fact that infection to the other computer is tried with similar method, connecting to the IRC server of specification, receives the order of the attack person, sets up DoS attack to the Web sight of specification, executes the program which was sent.

W32/Zotob.worm

Alias:
W32.Zotob and Zotob worm, WORM_ZOTOB
Field:
Security > virus/worm > W32/Zotob.worm

One kind of worm which became popular in around 2005 August, is infected to Windows. There are several subspecies. You are infected to Windows 2000/XP/Server 2003, but if it has updated is above such as service pack, you are not infected.

TCP port 445th of the object computer to access Zotob in, the plug and play of Windows (PnP: You are infected Plug and Play) it exists in function making use of the vulnerability which is called “MS05-039”. The computer which is infected besides the fact that infection to the other computer is tried with similar method, connecting to the IRC server of specification, receives the order of the attack person, sets up DoS attack to the Web sight of specification, executes the program which was sent.