Virus Database

Worm.Linux.Mighty

Description Worm.Linux.Mighty

"Mighty" is an Internet worm that infects Linux machines running the popular "Apache" web server software. It does that by exploiting a vulnerability in the "Secure Sockets Layer" SSL "mod_ssl" interface code of the server which was originally reported on July 30, 2002, and listed by the Computer Emergency Response Team (CERT) as the Vulnerability Note VU#102795.
The configurations vulnerable to the specific exploit implementation used by the worm are Intel x86 Linux Apache installations with OpenSSL older than 0.9.6e and 0.9.7-beta. Updating to one of these two versions or other more recent releases will patch the vulnerability and prevent the worm from infecting the system.
The main worm replication component is about 19KB in size, and uses the exploit code from the popular "Slapper" worm.
Besides infecting more computers to spread further, the worm will also act as a backdoor on the victim system, connecting to an IRC server and joining a special channel from where it receives the orders. It's worth noticing the backdoor component of the worm is based on the popular 'Age of Kaiten' IRC bot source, used in many other IRC malware.
At the time of writing of this description, the worm is reported to have infected around 1600 systems worldwide.

Check other viruses! Be aware! Use Antiviral Software

Crocodiles.1592

Description Crocodiles.1592

It is a very dangerous memory resident parasitic virus. While executing an infected program the virus searches for the COMSPEC string, and infects the command interpreter (COMMAND.COM). While executing an infected command interpreter the virus hooks INT 21h and then writes itself to the end of COM and EXE files (except SCAN.EXE) that are executed.
Depending on its generation the virus also hooks INT 8 (timer) and manifests itself with some sound effect. The virus also calls some other effects and erases the disk sectors, but that code is corrupted, and the computer halts. The virus contains the text string:
CROCODILES

Crooked.979

Description Crooked.979

It's a not memory resident not dangerous virus. It searches for a COM- and EXE-files and infects them. EXE-files are infected by a standard way, the COM-files infected into the beginning. This virus contains the encrypted string: "*.com *.exe Only God knows!". Sometimes it decrypts and types:
There was a crooked man, and he went a crooked mile,
He found a crooked sixpence against a crooked stile,
He bought a crooked cat, which caught a crooked mouse,
And they all lived together in a little crooked house.

Home