Common Windows Viruses - What To Do
We have seen most of these on clients' machines.
- Sep-03: a worm that defends itself
- Apr-02: worst to date - if you read email on a Windows computer, you have it.
- Apr-02: dropped by Klez.H
- emails to the Outlook mailing list
- sends real documents so it's a privacy problem too.
- Homepage / VBSWG.X
- redirects infected computers to a porno page
- Funlove / Win32.FLC - "Fun Loving Criminal".
- VBS/SST VBS/OnTheFly AnnaKournikova - Worm -
- Shockwave, Creative, ProLin Worm - Shockwave movie
- Life Stages - Worm -
- HAHAHA, Hybris, Snow White Worm
- Groovie Virus, W97M.Groov - MS Word 97
- W32/Navidad Worm
- VBS/LoveLetter Worm, "Love Bug", "ILOVEYOU"
- Pretty Park, "W32Pretty.Worm".
- Buddy List Trojan Horse - AOL Specific
- Trojan.AOL.Buddy, "Penny Tools Trojan" - AOL Specific
- W32/KRIZ.3862, W32/KRIZ.4092, W32/KRIZ.4050
- Cool APStrojan.qa, W95 Troan.Cool, AOL.PS.Trojan - AOL Specific
- ColdApe - MS Word 97
- Happy99 Worm
- Melissa Virus
- NetBus, Back Orifice - Trojans -
- CIH/Chernobyl Virus - highly destructive!
- Windows ExploreZip Worm
Windows - Notices & Patches
Microsoft issued more than 100 security notices and patches in 2000. We will
only list those of general business interest.
UA Control Vulnerability - Office 2000 - This vulnerability allows
viruses to be launched from e-mail without opening attachments. The
first useage, Davinia, was designed to be destructive but was clumsy and did
not propegate well. Future exploits could be far more effective. You should
download and apply the patch available from
Apple Macintosh Vulnerabilities
- Melissa Virus -
Macintosh users of Microsoft Office 2001 now have a beta of Outlook available
(formerly just Outlook Express). Outlook is enabling the Melissa virus to
spread among Mac users.
While Linux is not subject to the fast spreading e-mail virus problems Windows
systems have, Linux computers connected to DSL and cable modems are vulnerable
to break-in, worms and trojans if their patch levels are not kept up-to-date.
Important: Do not run your Linux box logged in as root. Yes, it's
more of a hassle to set your stuff up to run as a user, but running as
root makes your system very vulnerable. If root runs a hostile file, it runs
with full system privelages, just like under Windows.
- Ramen Worm - This worm attacks Red Hat Linux 6.2 and 7.0 systems
that have not been patched for wu-ftp, rpc.statd and LPRng. Aside from
propegating, it disables the ftp service and defaces Web sites by replacing
pages named "index.html" with it's own Web page. Description and removeal
instructions are at
- Dual Boot (Linux/Windows): reestablishing the Linux boot loader.
After using fdisk /MBR to remove a DOS/Windows boot sector virus
puters. Instructions at
CERN. Their link to their Linux boot disk is broken, but you can use the
"rescue disk" you made when you installed Linux.