Computer Viruses
that "Come a Callin"
By James Williams
Every day new
computer viruses are
created to annoy us
and to wreck havoc
on our computer
systems. Below are
ten viruses
currently cited as
being the most
prevalent in terms
of being seen the
most or in their
ability to
potentially cause
damage.
New viruses are
created daily.
This is by no means
an all inclusive
list. The best thing
you can do is to
remain vigilant,
keep your anti-virus
software updated,
and stay aware of
the current computer
virus threats.
Virus:
Trojan.Lodear
A Trojan horse that
attempts to download
remote files. It
will inject a .dll
file into the
EXPLORER.EXE process
causing system
instability.
Virus:
W32.Beagle.CO@mm
A mass-mailing worm
that lowers security
settings. It
can delete
security-related
registry sub keys
and may block access
to security-related
websites.
Virus:
Backdoor.ZagabanA
Trojan horse that
allows the
compromised computer
to be used as a
covert proxy and
which may degrade
network performance.
Virus: W32/Netsky-P
A mass-mailing worm
which spreads by
emailing itself to
addresses produced
from files on the
local drives.
Virus:
W32/Mytob-GH
A mass-mailing worm
and IRC backdoor
Trojan for the
Windows platform.
Messages sent by
this worm will have
the subject chosen
randomly from a list
including titles
such as:
Notice of account
limitation, Email
Account Suspension,
Security measures,
Members Support,
Important
Notification.
Virus:
W32/Mytob-EX
A mass-mailing worm
and IRC backdoor
Trojan similar in
nature to
W32-Mytob-GH. W32/Mytob-EX
runs continuously in
the background,
providing a backdoor
server which allows
a remote intruder to
gain access and
control over the
computer via IRC
channels. This
virus spreads by
sending itself to
email attachments
harvested from your
email addresses.
Virus:
W32/Mytob-AS, Mytob-BE,
Mytob-C, and
Mytob-ERThis
family of worm
variations
possesses similar
characteristics in
terms of what they
can do. They
are mass-mailing
worms with backdoor
functionality that
can be controlled
through the Internet
Relay Chat (IRC)
network.
Additionally, they
can spread through
email and through
various operating
system
vulnerabilities such
as the LSASS
(MS04-011).
Virus: Zafi-D
A mass
mailing worm and a
peer-to-peer worm
which copies itself
to the Windows
system folder with
the filename Norton Update.exe.
It can then create a
number of files in
the Windows system
folder with
filenames consisting
of 8 random
characters and a DLL
extension.
W32/Zafi-D copies
itself to folders
with names
containing share,
upload, or music as
ICQ 2005a new!.exe
or winamp 5.7
new!.exe. W32/Zafi-D
will also display a
fake error message
box with the caption
"CRC: 04F6Bh" and
the text "Error in
packed file!".
Virus:
W32/Netsky-D
A
mass-mailing worm
with IRC backdoor
functionality which
can also infect
computers vulnerable
to the LSASS
(MS04-011) exploit.
Virus: W32/Zafi-B
A peer-to-peer (P2P)
and email worm that
will copy itself to
the Windows system
folder as a randomly
named EXE file. This
worm will test for
the presence of an
internet connection
by attempting to
connect to
www.google.com or
www.microsoft.com.
A bilingual, worm
with an attached
Hungarian political
text message box
which translates to
“We demand that the
government
accommodates the
homeless, tightens
up the penal code
and VOTES FOR THE
DEATH PENALTY to cut
down the increasing
crime. Jun. 2004,
Pécs (SNAF Team)”
