Spyworm.Win32 Threat Level:

Spyworm.Win32 is a worm that appears in fake security alerts from rogue antispyware. Spyworm.Win32 popups could read:

“Your computer was infected with Spyworm.Win32.
It’s dangerous for your system, some files can be lost and your browser can be slow!
Click OK to download the antispyware program to clean your computer! (Recommended)”

or

“Your browser was hijacked by Spyworm.Win32.”

This Spyworm.Win32 popup is supposed to scare you into buying the fake antispyware, like Smitfraud. You may have caught “Spyworm.Win32″ by a drive-by download, or getting tricked into downloading a fake video codec.

Unless you like getting ripped off, don’t download the software the Spyworm.Win32 popup links to. You’re not really infected with Spyworm.Win32 — you’re infected with fake anti-spyware that you need to remove.

Read more about Spyworm.Win32 »

Worm.Win32.Netbooster Threat Level:

Worm.Win32.Netbooster is a worm that appears in fake security alerts from rogue antispyware. Worm.Win32.Netbooster popups could read “Your browser was hijacked by Worm.Win32.Netbooster,” or “Your browser was hijacked by Worm.Win32.Netbooster.” This Worm.Win32.Netbooster popup is supposed to scare you into buying the fake antispyware, like Smitfraud. You may have caught “Worm.Win32.Netbooster” by a drive-by download, or getting tricked into downloading a fake video codec.

Unless you like getting ripped off, don’t download the software the Worm.Win32.Netbooster popup links to. You’re not really infected with Worm.Win32.Netbooster — you’re infected with fake anti-spyware that you need to remove.

Read more about Worm.Win32.Netbooster »

Rontokbro Threat Level:

Rontokbro is a worm that spreads itself via email. If you get an email with a blank subject line, an attachment named Kangen.exe, and a message reading:

BRONTOK.A [ By: HVM31 -- JowoBot #VM Community ]
– Hentikan kebobrokan di negeri ini –
1. Adili Koruptor, Penyelundup, Tukang Suap, Penjudi, & Bandar NARKOBA
( Send to “NUSAKAMBANGAN”)
2. Stop Free Sex, Absorsi, & Prostitusi
3. Stop (pencemaran laut & sungai), pembakaran hutan & perburuan liar.
4. SAY NO TO DRUGS !!!
– KIAMAT SUDAH DEKAT –
Terinspirasi oleh: Elang Brontok (Spizaetus Cirrhatus) yang hampir punah[ By: HVM31 ]– JowoBot #VM Community –

– Avoid it faster than you avoid texts from your ex. Rontokbro launches every time you start your system, Rontokbro reboots your PC when it detects windows it doesn’t like, and Rontokbro spams everyone an infected email to spread itself.

Read more about Rontokbro »

Worm_Imbot.AC Threat Level:

Worm_Imbot.AC is a worm that spreads itself through MSN Messenger and some insecure websites. Worm_Imbot.AC typically sends you an instant message on MSN Messenger, with a .zip file attached. Of course, the attachment is a contains Worm_Imbot.AC. Worm_Imbot.AC’s IM might read:

“Have I shown you this new picture of my cat:)”
“Hey, check out this great photo from my trip to England”
“Did you see this picture, it’s hilarious!!!!!”

I can’t think of any photos great enough to risk downloading Worm_Imbot.AC. Even of Heidi Klum.

Well…

If you’ve ever received a message like that on MSN Messenger, it’s best to stop using MSN until you know you’ve removed Worm_Imbot.AC. Otherwise, Worm_Imbot.AC may connect to TCP ports and let anonymous attackers execute commands on your computer, and kill memory processes.

Read more about Worm_Imbot.AC »

Backdoor.Agobot Threat Level:

Backdoor.Agobot is a family of backdoor worms that spreads itself through peer-to-peer (P2P), file-sharing applications. When Backdoor.Agobot infects your computer, it’ll take commands from an anonymous attacker via IRC to start DoS (Denial of Service) attacks (DoS attacks work by overloading your computer with so much traffic that it crashes). Backdoor.Agobot can also execute commands through cmd.exe, and Agobot rips a security hole into your system, making your financial and personal information insecure. Agobot may also be known as Gaobot, and other bots in the Agabot family include Phatbot, Urxbot, Rbot, Forbot, and Rxbot. Some versions of Agobot can use a keylogger to steal your information. I say remove Backdoor.Agobot and its cousins as fast as you can. The only reason you should download Agobot is to use the application to go after whoever installed it onto your machine, first.

Read more about Backdoor.Agobot »

Worm.Newbiero Threat Level:

Worm.Newbiero is a worm that tears a back hole in your system and allows a hacker to access your PC. Worm.Newbiero can infect your computer through open local area networks. Once Worm.Newbiero is on your PC, it starts up with Windows every launch. Worm.Newbiero then allows a hacker to access your PC, launching applications, downloading files, and putting your personal and financial data at risk. Worm.Newbiero will try to disable firewalls such as Sygate Personal Firewall, Tiny Personal Firewall, ZoneAlarm, and ZoneAlarm Pro. Worm.Newbiero can mess up your computer more than your three-year-old nephew banging on your keyboard, so delete Worm.Newbiero immediately.

Read more about Worm.Newbiero »

Worm.Skipi.b is a worm targeting popular Internet calling software Skype. Worm.Skipi.b, also known as Pykse, is said to be a worm though it requires some interaction from users. Worm.Skipi.b Skypes messages of links to contacts reaped from an infected PC. Worm.Skipi.b’s Skype messages link to a picture of barely dressed woman, which is displayed while Worm.Skipi.b downloads and installs itself onto a user’s computer. Once Worm.Skipi.b is installed, it may lodge in your registry system and create browser helper objects (BHO) so that it launches at your systems start up. Worm.Skipi.b may then set your Skype status to “Do Not Disturb” so you won’t receive incoming messages while it attempts to infect other users and visit websites.

Read more about Worm.Skipi.b »

W32.Vispat.B@mm Threat Level:

W32.Vispat.B@mm is a worm that harvests email addresses on your PC after you’ve been infected. W32.Vispat.B@mm then emails itself to these email addresses and infects these computers, via its email message titled “Re:Ho sbagliato email,” with the attachment named “fotoamore.zip”, and the message body:

“Dire che sono imbarazzato per l’errore di invio mi sembra scontato…
spero che capirai che quanto
Se vuoi capire di cosa si tratta guarda in allegato o scarica lo zip da qui”
ciao tesoro mio”

W32.Vispat.B@mm may also change your Internet Explorer start page/home page to http://www.katasearch.com/______, and W32.Vispat.B@mm may also lower your security settings for Internet Explorer, putting your PC at risk for further infection.

Read more about W32.Vispat.B@mm »

Sober Worm is a worm that spreads itself through email as an attachment, approximately sized 56,808 bytes, with a random name and the file extension .pif, .zip, or .bat. You have to open Sober Worm’s attachment to infect your PC, and once Sober Worm infects your system, Sober Worm may popup a message (”WinZip Self-Extractor, WinZip_Data_Module is missing ~Error:”) and then may scan your system for any email addresses and send itself as an email attachment to these addresses. Sober Worm will save the email addresses it emails in a file named winexerun.dal, winmprot.dal, winroot64.dal, or winsend32.dal. Sober Worm uses its own SMTP engine to send these emails, making it less likely to be detected.

Read more about Sober Worm »

Zhelatin.DAM is a worm that spreads itself through email. When you’re infected with Zhelatin.DAM, Netsky may nestle itself in your system using rookit tactics to keep from being detected. Zhelatin.DAM may add your computer to an IRC botnet, and Zhelatin.DAM will harvest email addresses from your computer and spam itself as an attachment to your contacts.

Read more about Zhelatin.DAM »