Worm:Win32/Dorpiex.A is a worm that circulates via Facebook posts by sending messages that incorporate a link that downloads other malware infections onto the corrupted PC. While being installed on the targeted PC, Worm:Win32/Dorpiex.A makes system alterations. Worm:Win32/Dorpiex.A shows messages from an attacked computer user’s Facebook account that he/she does not remember writing. When executed, Worm:Win32/Dorpiex.A strives to contact a remote server, from which it receives the list of links that it uses in the messages it distributes on Facebook. Worm:Win32/Dorpiex.A then strives to get Facebook authentication cookies from the Internet browsers such as Google Chrome, Mozilla Firefox, Internet Explorer and other by searching the victimized PC user’s saved cookies (a cookie is a file on a computer that web browsers use to store information about the websites a PC user visits)….

HIDDENEXT/Worm.Gen is a worm that circulates via spam emails, which carry falsified invoices from Zalando and Deutsche Bahn. The fraudulent email fools attacked computer user into running an infected file, identified as HIDDENEXT/Worm.Gen. Spammers send personalized emails in the German language supposedly coming from the popular website Zalando.de (shoes and women accessories) and from the Deutsche Bahn (German Railways). The text is addressed to the victimized PC user directly, and it threatens the computer user into opening the ZIP archive and running the damaging file. If the affected computer user opens and executes the harmful file, his/her PC will get corrupted by HIDDENEXT/Worm.Gen….

Worm:VBS/Basack!inf is a worm, which propagates as an ‘autorun.inf’ file created by another worm so it can circulate and take over other computer systems through removable drives, such as USB flash drives, also known as USB keys or thumb drives, and portable hard disk drives. Worm:VBS/Basack!inf aims at distributing itself via removable drives on PCs that sponsor Autorun functionality. When executed, Worm:VBS/Basack.A creates the malevolent files on corrupted removable drives. The ‘autorun.inf’ file involves instructions for the OS so that when the removable drive is accessed from another PC, which sponsors the Autorun feature, Worm:VBS/Basack!inf loads automatically. ‘Autorun.inf’ files on their own do not necessarily specify an infection, as they are used by genuine applications and installation media….

Worm:VBS/Serverons.A is a worm that steals information about the corrupted PC and transmits it to a remote location. Worm:VBS/Serverons.A circulates to other affected PCs by creating copies of itself. Worm:VBS/Serverons.A does this by corrupting removable drives, such as USB keys or portable hard disks, that the computer user has plugged into the PC. If the computer user then plugs those drives into another PC, Worm:VBS/Serverons.A will corrupt that PC as well. Once installed, Worm:VBS/Serverons.A makes system modifications by downloading malevolent files on the attacked PC. Worm:VBS/Serverons.A also modifies the Windows Registrys. Worm:VBS/Serverons.A disguises all current shortcut files (.lnk) on the removable drive, and then creates its own shortcut file (help.lnk), which, when opened, will execute the copy of Worm:VBS/Serverons.A on the drive. Worm:VBS/Serverons.A does this with an…

Spammer:VBS/Skypams.gen!B is a virus, which can use a compromised PC to send spam messages to a target computer user’s Skype contacts. Spammer:VBS/Skypams.gen!B is commonly installed by other malware infections or by a drive-by download already installed on the corrupted PC. When installed, Spammer:VBS/Skypams.gen!B adds the malevolent file. Spammer:VBS/Skypams.gen!B is saved in the %TEMP% folder. Spammer:VBS/Skypams.gen!B is then executed using Windows Script Host (wscript.exe) and erased. Spammer:VBS/Skypams.gen!B carries a malevolent script that is written in Visual Basic Scripting (.VBS). This script opens the Skype window and sends messages to an attacked PC user’s Skype contacts. These messages usually incorporate a link to other files and websites that may be harmful. Spammer:VBS/Skypams.gen!B uses Skype4COM, a Windows-based COM DLL that acts as a wrapper between the text-based…

WORM_LUDER.USR is a worm that is distributed by using a bogus application, specifically a homemade web browser and targets users of ‘Banco do Brasil’. WORM_LUDER.USR steals login information from victimized computer users. The particular web browser is offered that could access the website of the ‘Banco do Brasil’ without using the necessary security plugin. Web users that click the download link download a zip file. The compressed file involves two executable files: one is the web browser itself, which is called ‘Navegador BB’, and another one is the file called ‘Plugin_Navegador_2.1.3.exe’. These files are recognized as WORM_LUDER.USR. The third file is a text file which carries instructions to run ‘Plugin_Navegador_2.1.3.exe’ first, and then run the web browser. The ‘plugin’, in actuality, steals the target PC user’s bank information. Meanwhile, the web browser tricks the bank…

WORM_LUDER.USR is a worm that is distributed by using a bogus application, specifically a homemade web browser and targets users of ‘Banco do Brasil’. WORM_LUDER.USR steals login information from victimized computer users. The particular web browser is offered that could access the website of the ‘Banco do Brasil’ without using the necessary security plugin. Web users that click the download link download a zip file. The compressed file involves two executable files: one is the web browser itself, which is called ‘Navegador BB’, and another one is the file called ‘Plugin_Navegador_2.1.3.exe’. These files are recognized as WORM_LUDER.USR. The third file is a text file which carries instructions to run ‘Plugin_Navegador_2.1.3.exe’ first, and then run the web browser. The ‘plugin’, in actuality, steals the target PC user’s bank information. Meanwhile, the web browser tricks the bank……

WORM_DORKBOT.SME is a worm that proliferates via social media websites like Facebook and multi-protocol instant messaging programs such as Skype, MSN, Google Talk, mIRC and other. WORM_DORKBOT.SME can also be downloaded from the Internet. WORM_DORKBOT.SME arrives on a targeted computer system as a malicious file downloaded by other malware infections or as a file downloaded unknowingly by PC users when visiting infected websites. WORM_DORKBOT.SME sends out shortened URLs to the contacts found in the IM client of the corrupted PC. These URLs take to a file, which is, in actuality, an updated copy of WORM_DORKBOT.SME uploaded to the file-hosting website Mediafire. This is possibly the technique used by WORM_DORKBOT.SME to bypass the detection and extermination from the compromised PCm. WORM_DORKBOT.SME is also able to steal login credentials by hooking APIs to particular Internet…

Worm:Win32/Filunork.A is a computer worm threat that has an objective to spread through networks or attached drives. The Worm:Win32/Filunork.A worm usually loads other files while it seeks out ways to spread without any indication to the computer user. Running in the background prevents Worm:Win32/Filunork.A from being detected in some cases. It is important to promptly remove Worm:Win32/Filunork.A using an antispyware tool to prevent it from being spread onto other systems….

W32.Inabot is a worm that proliferates through removable drives and network shares. W32.Inabot steals information from the corrupted PC. Once run, W32.Inabot creates the malevolent file. While being active, the original executable file is deleted in order to conceals occurrence on the targeted PC. W32.Inabot then creates the registry entry so that it can load automatically whenever you start Windows. W32.Inabot then connects to one of the command-and-control (C&C) servers and opens a back door on the affected computer system. W32.Inabot gathers information from the infected computer and transmits it to the remote cybercriminal. W32.Inabot can also initiate distributed-denial-of-service (DDoS) attacks through UDP or TCP flooding….