Spyware

W95/CIH, also known as Chernobyl, is a parasitic family of viruses. W95/CIH was first detected in June 1998 in Taiwan. W95/CIH contains a very dangerous payload, whose trigger date depends on the variant. On this date, the viruses attempt to overwrite the flash-BIOS. If the flash-BIOS is write-enabled (and this is the case in most modern computers with a flash-BIOS) this renders the machine unusable because it will no longer boot. The only way to infect a computer with W95/CIH is to execute an infected file on the computer. The infected file may come from a multitude of sources including floppy diskettes, downloads through an online service, network, etc. Once the infected file is executed, W95/CIH may activate.

WM/CAP is a Word macro virus that is designed to infect Word and modify up to five already existing menus and redirecting them to the virus code. WM/CAP may cause some problems, as the names of the modified entries are different in different Word installations and different language versions of Word. Once it is executed, WM/CAP infects documents and deletes all existing macros from them. WM/CAP gets on a system by being attached to template files in Word versions 6 and 7 or any document in Word version 8. Template files can contain text just like a normal document, but they can also hold macros.

W32/Bropia is a worm that spreads by sending commands to MSN or Windows Messenger and prompting the program to send a copy of W32/Bropia to the contacts listed. W32/Bropia also includes a backdoor Trojan that is able to use infected computer for the creation of zombie networks. W32/Bropia may disable the right mouse button and also may prevent the Windows Task Manager and Command Prompts from being run.

W32/Bofra is a mass mailing worm that spreads via the Internet in the form of infected emails without an attachment. W32/Bofra includes a link to an infected file, which is located on the computer that generated the infected message. If the Internet Explorer vulnerability is exploited, the infected file will be called automatically. W32/Bofra will send infected messages to all email addresses harvested from the victim computer. In addition, W32/Bofra contains an IRC-controlled backdoor that allows remote attackers to get full control over your PC and to steal your personal and financial data.

Bofra is a family of mass-mailing worms that are designed to exploit an unpatched vulnerability in Internet Explorer's IFRAME handling. Bofra differs from regular mass-mailing worms because it sends itself not in emails but it uses an HTTP link that points to the host that sent the infected email. In addition, Bofra has an IRC-controlled backdoor that allows the remote attacker to get full control over your computer and steal your sensitive information.

W32/Bobax is a mass-mailing worm that spreads through email and infects Windows system. W32/Bobax spreads with a random filename and carries a spoofed 'From' address picked up randomly from the infected system. Upon execution of the infected attachment, W32/Bobax copies itself in a random name with an .exe extension under the Windows System folder. To propagate itself, W32/Bobax gathers email addresses from the Windows Address Book and Windows Messenger Contact list of the infected system. W32/Bobax mails an infected file detected as W32/Small.AXR to these addresses using its own SMTP engine.

ErrorDoctor is a rogue anti-spyware program that is designed to scare you into purchasing ErrorDoctor's full version by showing misleading warning messages on your Taskbar. ErrorDoctor scans your computer and uses false positives in order to frighten you into buying the program. Although ErrorDoctor may appear to be harmless, it is a security risk to your computer and it may actually expose you to more security threats by installing other malicious applications.

W32/Benjamin is a network worm that infects Windows system. W32/Benjamin comes disguised as popular music, movie, or software files. W32/Benjamin spreads across KaZaA file-sharing networks by tricking KaZaA users into downloading the program and opening it. The size of the W32/Benjamin worm can vary because the worm pads copies of itself with garbage bytes.

W32/Banwarum is a mass mailing worm that spreads through email and network and infects Windows systems. The infected email has an attachment, which is infected with the worm. The extension of the infected attachment will be double. The first extension will be exe and second extension will be zip. W32/Banwarum may also come with gif image that contains password to extract zip file. Upon execution of the infected attachment, W32/Banwarum copies itself as mszsrn32.dll in Windows System folder. W32/Banwarum will inject dll code to winlogon.exe process to load itself during each startup.

Banwarum is a mass-mailing worm that spreads in the Internet by email and in local networks by exploiting computers running the Windows operating system with known vulnerabilities. Banwarum scans local drives for text and spreadsheet documents, as well as web pages and various programming files. Then Banwarum sends e-mail messages to all the addresses it gathers from found files by using own mail engine. Banwarum also opens a backdoor providing the attacker with remote unauthorized access to the compromised computer and allowing him to control the system and steal user sensitive information.