Spyware

VBS/Gedza is a malicious worm that spreads via P2P file sharing network by dropping copies of itself. Once it is executed, VBS/Gedza will display the picture of the Canadian singer Avril Lavigne. In addition, VBS/Gedza may drop a file, display messages or open the Avril Lavigne Web site. VBS/Gedza runs on Windows 98, ME, NT, 2000 and XP and infects .XLS and .DOC files.

W32/Frethem is a worm, which arrives as an infected email attachment. W32/Frethem uses a MIME header vulnerability and an IFRAME vulnerability so that the attached file is run automatically when the email is viewed on unpatched Microsoft email clients. W32/Frethem may cause denial-of-service conditions in networks where multiple systems are infected, or large volumes of infected mail are received.

Frethem is a family of mass-mailing worms that arrive in an infected email attachment. When the receiver opens the attachment, Frethem copies itself to the user's Startup folder as 'setup.exe', so it can launch every time the Windows load up. Frethem uses a MIME header vulnerability and an IFRAME vulnerability so that the attached file is run automatically when the email is viewed on unpatched Microsoft email clients. Frethem collects email addresses from the Windows Address Book and files with '*.DBX' extensions. Frethem uses its own mailing engine send infected messages.

VBS/Freelink is an encrypted worm that spreads via email and IRC channels. Once it is executed, the worm script will create a new script file "RUNDLL.VBS" in the Windows system folder and modify the system registry to execute this script upon every Windows start-up. Once VBS/Freelink is launched, it will use MS Outlook to automatically send an email with an attachment of itself.

W32/Feebs is a worm that typically arrives as an attachment to an email claiming to be sent via "Protected E-Mail service". W32/Feebs also propagates through file-sharing networks, such as P2P software. W32/Feebs lowers security settings on the infected computer and may also send all your sensitive information to a remote attacker via FTP.

W32/FBound is an Internet worm that arrives in an infected email. W32/FBound does not have a destructive payload, also it does not change any registry values and does not drop any files. W32/FBound uses its own SMTP routine for spreading in the Internet. While it does no known damage to a system, it does email itself to everybody in your address book.

W32/Evaman is a mass-mailing worm that hijacks and infects your computer. W32/Evaman may arrive as an infected attachment through email and then send its copies using its own SMTP engine to the addresses found in the infected computer. For gathering email addresses, W32/Evaman uses the Yahoo People Search web page and it generates a random search string. Once it is executed, W32/Evaman copies itself to the Windows system folder using the name wintasks.exe and creates registry entry so that it activates whenever Windows launches.

W97M/Ethan is a Word macro virus designed to infect Word 97. W97M/Ethan consists of a single macro less than 50 lines long. W97M/Ethan infects Word's NORMAL.DOT template and documents by inserting its code to a module in the document. W97M/Ethan uses an effective way to hide its code. By using special WordBasic operators W97M/Ethan installs its module into Word classes. The virus code is appended as a native Word component. As a result W97M/Ethan is not visible in the Tools/Macro menu.

Ethan is a macro virus that is designed to infect Word 97 documents, templates and the NORMAL.DOT file of Word 97. To spread, Ethan generates a file with the name "c:\ethan.___". Ethan uses an effective way to hide its code. It uses special WordBasic operators that help Ethan install its module into Word classes. Then Ethan code is appended as a native Word component. As a result the Ethan virus is not visible in the Tools/Macro menu.

W32/Elkern is a virus that works only under Windows 98, Me and 2000. W32/Elkern is able to infect file cavities, meaning that it may not change the size of files it infects. W32/Elkern infects randomly chosen PE files. In addition, W32/Elkern scans the drives, starting with a certain letter, until it reaches Z. W32/Elkern may also infect files from shared network sources.