W32.Sasser

W32.Sasser.B.Worm can run on, but not infect, Windows 98/Me computers. Although these operating systems cannot be infected, they can still be used to infect the vulnerable systems to which they are able to connect. In this case, the worm will waste a lot of resources so that programs cannot properly run, including removal tools.

Zafi.B

This is a mass-mailing worm that constructs messages using its own SMTP engine and spoofing the From: address. It also attempts to propagate via P2P, via copying itself to folders on the local system (containing 'share' or 'upload' in the folder name).

W32.Korgo.A

This is a worm that attempts to exploit the Microsoft LSASS Windows vulnerability, described in Microsoft Security Bulletin MS04-011. The worm also listens on TCP ports 113, 2041, and 3067, and allows unauthorized access to the infected computer

W32.Explet.A@mm

This is a mass-mailing worm that retrieves email address from files with .htm, .html, .php, .tbb, and .txt extensions, on all fixed drives from C through Y. Uses its own SMTP engine to send itself to the email addresses it finds. Spreads through network shares and the Kazaa file-sharing network. Listens on TCP port 1250 and a random TCP port.

W32.Gaobot.AUS

This is a repacked variant of W32.Gaobot.SN. The worm spreads through open network shares and through backdoors that the Mydoom family of worms open. It allows attackers to access an infected computer using a predetermined IRC channel.