The Worms and Trojans Creating Email Viruses

There are literally thousands of worms and Trojans amid the mass of malicious code written to attack computers and attempt creating email viruses with various malicious purposes in mind.

The following are just an example of some of the existing threats.

I-Worm.Moodown.b

This virus is most commonly known as W32.Netsky.B@mm. Like many email viruses, it is a mass-mailing worm that scans the hard drives and mapped network drives of an infected machine looking for email addresses to which it then sends itself. It will search drives C through Z as well as folders that contain the words "Share" or "Sharing." It copies itself into those folders. Only variations of the Windows operating system are available and DAT files since 2004 include the ability to detect and remove this worm.

I-Worm.NetSky.q

One of the many variants of the Netsky worm, this virus was first detected in March 2004. It spreads in an attachment on an infected email that will carry a variety of message headers, some as innocuous as "Re: Hello:" or "Thank you!" It scans local drives for email addresses to propagate itself. The attachment name varies but the extensions are either .exe, .pif, .scr, or .zip.

I-Worm.Bagle.n

Using a faked sender address, this worm spreads via an attachment to an email, either a .pif or .exe file. (It can also be transmitted by popular file sharing applications.) The worm shuts down some antivirus and firewall process and via an integrated Trojan gives hackers full control of the infected system.

Tofger-A

This is a Trojan that runs in the background of an infected machine recording keystrokes. The recorded data is hidden to be retrieved later or shipped out from the machine. The hope is that passwords or other useful information will be garnered.

Win32.Holar.G

This mass-mailing worm sends itself to email addresses it finds in the files of an infected machine. It arrives on the victim machine with an attachment with the file extension .scr. It attacks both the Microsoft Outlook Address Book and MSN Messenger contact list and will also spread via the KaZaA file-sharing network. In addition to its mass mailing properties, it steals network information and sends it to a predefined address.

Worm.RBot.af

Spreading itself by the normal means of email and seeking to self-replicate, this worm attempts to spread to remote networks. It contains a built-in Trojan to give the perpetrator access to the infected machine through IRC channels while appearing to run as a service process in the background.

Worm.Win32.Sasser.a

This worm attacks computers with Windows 2000, Windows XP, and Windows Server 2003. It deposits a file called "avserve.exe" in the Windows directory and places an entry in the system registry. It runs a total of 128 propagation routines via an open TCP port on the FTP server and attempts to prevent a system reboot.

W32.Sobig.F@mm

This is another of the large scale emailing worms that collects email addresses via an activated attachment. It may also release confidential information about the system including passwords. While the distribution is high, the threat is low because the worm has existed since before 2003 and all updated DAT files will combat its presence.

MSBlast.b

This worm, now a very minor threat, is interesting because its author, a teenager hacker, was caught and sent to jail for 18 months followed by 100 hours of community service. His worm affected 50,000 systems in the summer of 2003 and caused some $1.2 million in damages. (Like other worms of its type, the damage it caused involved the amount of payload the virus put out by its unchecked propagation).

Remember, there is always an obvious red flag you should spot in regard to computer viruses - email file attachments. Message attachments are always suspect. If you want to stop email viruses, keep your antivirus software updated and don't fall into the traps email viruses set for computer users. Investigate settings in your email client to assist with this process.

In Microsoft Outlook, for example, there is an option to block potentially harmful attachments. The software makes the determination based on extension and content type among other factors. Popular email providers like GMail, Hotmail, and Yahoo offer similar protection. They employ server-based email scanning to block the most obvious kinds of threatening attachments and allow users to set security levels.

Some Viruses can Crash you PC. Check out the Types of Viruses
Lured into the Trap you may be Infected with a Trojan Horse Virus
Beware of Email Viruses in Spam - Top Tips to Stay Safe
Macros: Better Applications or Worse Viruses