close the hole. stop
the worm. keep the peace.
|
|
|
|
Alert Archive This Trojan grabbed the spotlight in the summer of 2004 because of a feared "zero day" attack on Microsoft IIS servers.
A mass mailer that originally showed up in March of 2004 amid the fight between Beagle and Netsky and then returned in September with new variants. The worm has been refined by the author and received its alert here on the Vector List after two versions released in quick succession hit the Internet.
The mass mailer outbreaks of 2004 saw the return of Bugbear. This multi-featured family of worms entered the scrap as a proven contender and continued to wreak havoc with its fifth variant in the spring.
Reports are just surfacing of this virus being found in the wild, although the proof-of-concept worm has been around since early in the summer. This is the first worm to use Bluetooth enabled cell phones as the vector.
In December 2005, this worm took the exploit available for MSDTC (November 2005) and made it mobile.
No OS is immune to social attacks. This Red Hat Linux-directed Trojan spreads via email and direct connection to a phishing-style site using a domain name one character off from the real support site for Fedora.
Initially mass mailed, Golten then wins the race to include an exploit for MS04-032's EMF handling vulnerability. Then the worms propagates via weakly guarded shares--all under the guise of being information about Arafat.
Making use of the MS05-002 vulnerability concerning a flaw in handling of ANI (animated cursor) and icon files, Hebolani is an interesting, though not especially widely distributed, Trojan case.
A mass mailer comprised of common parts and one increasingly common part: a threat against Beagle/MyDoom. One more worm throws its hat into the ring.
Taking the baton from Sasser, Korgo employed the LSASS exploit of April 2004 and has compromised thousands of machines for its IRC army.
A mass mailer/fileshare worm consistently updated and released with solid success.
Taking two spots on the List are children of Mydoom's mailer, 2 Trojans that open traffic relays, drop AV software, propagate on their own, steal system data, start spam engines...yes they do it all, including help propel their parent worm (MyDoom) back up the Vector List.
Only because it harkens back to virus days in a time long gone... Nemsi attempts to dump the MBR of the victim machine and appeared in October of 2004.
The Sky Net...a young man arrested in Germany, the war with Beagle, ties to Sasser...Netsky's story had it all. This mass mailer continues to torment Internet users well after the author was arrested and confessed.
A worm built entirely from Perl, Santy hit phpBB sites December 21, 2004. Santy's main goal (beyond propagating by searching Google for phpBB systems) was to overwrite site files, leaving thousands of defacings in its wake.
Although the alleged author has been arrested a new variant was discovered in August of this year, bringing Sasser back into the spotlight. This remains one of the most widespread and damaging worms in the history of the Internet.
Taking two spots on the List are children of Mydoom's mailer, 2 Trojans that open traffic relays, drop AV software, propagate on their own, steal system data, start spam engines...yes they do it all, including help propel their parent worm (MyDoom) back up the Vector List.
A standard mass mailer with a Spanish email body and file-erasing payload, Tasin entered the scene in November 2004 with three quick variants.
Also known as Erkez, this worm has plagued the Internet since April of 2004 when it got its start as a political virus, calling for change across Hungary. Since that time its variants have carried DoS routines and a holiday greeting in the tradition of Christmas-card viruses such as Navidad, all with great success-infecting boxes around the world.
|
Copyright Ó 2005 infectionvectors.com. All rights reserved.
