Spyware

W95/CIH, also known as Chernobyl, is a parasitic family of viruses. W95/CIH was first detected in June 1998 in Taiwan. W95/CIH contains a very dangerous payload, whose trigger date depends on the variant. On this date, the viruses attempt to overwrite the flash-BIOS. If the flash-BIOS is write-enabled (and this is the case in most modern computers with a flash-BIOS) this renders the machine unusable because it will no longer boot. The only way to infect a computer with W95/CIH is to execute an infected file on the computer. The infected file may come from a multitude of sources including floppy diskettes, downloads through an online service, network, etc. Once the infected file is executed, W95/CIH may activate.

WM/CAP is a Word macro virus that is designed to infect Word and modify up to five already existing menus and redirecting them to the virus code. WM/CAP may cause some problems, as the names of the modified entries are different in different Word installations and different language versions of Word. Once it is executed, WM/CAP infects documents and deletes all existing macros from them. WM/CAP gets on a system by being attached to template files in Word versions 6 and 7 or any document in Word version 8. Template files can contain text just like a normal document, but they can also hold macros.

W32/Bropia is a worm that spreads by sending commands to MSN or Windows Messenger and prompting the program to send a copy of W32/Bropia to the contacts listed. W32/Bropia also includes a backdoor Trojan that is able to use infected computer for the creation of zombie networks. W32/Bropia may disable the right mouse button and also may prevent the Windows Task Manager and Command Prompts from being run.

W32/Bofra is a mass mailing worm that spreads via the Internet in the form of infected emails without an attachment. W32/Bofra includes a link to an infected file, which is located on the computer that generated the infected message. If the Internet Explorer vulnerability is exploited, the infected file will be called automatically. W32/Bofra will send infected messages to all email addresses harvested from the victim computer. In addition, W32/Bofra contains an IRC-controlled backdoor that allows remote attackers to get full control over your PC and to steal your personal and financial data.

Bofra is a family of mass-mailing worms that are designed to exploit an unpatched vulnerability in Internet Explorer's IFRAME handling. Bofra differs from regular mass-mailing worms because it sends itself not in emails but it uses an HTTP link that points to the host that sent the infected email. In addition, Bofra has an IRC-controlled backdoor that allows the remote attacker to get full control over your computer and steal your sensitive information.