Troj/Codebase-K – A virus that exploits the Internet Explorer
CODEBASE vulnerability to execute a malicious file on the
infected machine. It spreads through an HTML page/file with an
embedded object. (Sophos)
Win32.Small.axr – An e-mail virus that tells the user to turn on
their TV to see that Osama Bin Laden has been captured. An
attachment called pics.scr supposedly contains images of the
capture, but is really a virus. (F-Secure)
W32/Mytob-BE – A MyTob variant that exploits the Windows LSASS
vulnerability and allows backdoor access through IRC. It spreads
through an e-mail message that looks like an account or system
warning. The infected attachment will end with the extension
BAT, CMD, PIF, SCR, EXE or ZIP. (Sophos)
W32/Mytob-AJ – A basic MyTob variant that installs itself as
“taskgmr.exe” and limits access to security-related Web sites.
(Sophos)
W32/Mytob-CP – This MyTob variant drops “Lien Van de
Kelder.exe.” on the infected machine. It too can limit access to
security sites and disable security applications running on the
host. (Sophos)
W32/Mytob-CV – A similar MyTob variant that drops “We Love Lien
Van de Kelder.exe”. (Sophos)
W32/Mytob-BF – Yet another MyTob e-mail variant. This one too
looks like a system warning message and will have a file with a
final extension of PIF, SCR or EXE. It installs “Van de Kelder
Lien.exe” on the host machine. (Sophos)
Troj/Banker-HH – A Trojan that attempts to steal information
entered into banking Web sites. It drops “ieharv.exe” on the
infected machine. (Sophos)
W32/Kalel-B – A mass-mailer/P2P worm that spreads through a
message that looks like an e-mail account suspension message. It
claims the attachment is virus free. It can allow backdoor
access through IRC. (Sophos)
W32/Agobot-AAG – A network worm that spreads by exploiting a
number of known Windows vulnerabilities. It can be used to
download additional malicious code, participate in
denial-of-service attacks and disable anti-virus software. It
installs itself as “wmp9.exe”. (Sophos)
**********