Today, there have been reports of several new viruses:
- W32/Sage-A: This worm disguises itself as ICQ software and installs itself as svch0st.exe. It modifies the registry to run on startup and makes numerous outbound connections, potentially allowing remote control. There are only a few reports of this in the wild.
- W32/Yaha-T: This virus writes itself as WINTSK32.EXE and modifies the registry to run at startup. It may function as a keystroke recorder and launch DOS attacks against machines based in Pakistan. It spreads through SMTP and network shares, with only a few reports of its existence in the wild.
- W32/Sobig-E: A worm virus propagating as an email attachment with various subject lines resembling replies to previous messages. It will stop spreading after July 14th. The attachment is called ‘your_details.zip.’ There have been numerous reports of this worm in the wild.
- WM97/Simuleek-B: This Word macro worm creates a VBScript file called WordSeek.vbs. It adds a line to wini.ini to infect Word files with another virus, VBS/Simuleek-B. There are only a few reports of this virus in the wild.
- JS/Fortnight-E: This is a combination of JavaScript and Java applet that forces HTML-aware email clients to open a website. The website runs Troj/ByteVeri-A to install itself locally. It tries to modify some websites by adding entries to the local hosts file and exploits a vulnerability in Microsoft VM ActiveX component. It also adds some porn-related favorites. There are only a few reports of this virus in the wild.
Be cautious and ensure your antivirus software is up-to-date to protect against these threats.