Spread via email as an attched file named PrettyPark.exe. The file will have the icon of a South Park cartoon character. If executed, the worm first installs itself to the Windows\System directory as FILES32.VXD and then sends a copy of itself to all addresses listed in the Outlook/Outlook Express address book. It also sends passwords and system information via IRC. PrettyPark modifies the registry to allow it to run each time any .EXE file is run. Thus, if the worm (FILES32.VXD) is deleted without correcting the registry entry, other .EXE files on the system will no longer run. While installing to system the worm copies itself to \Windows\System\ directory as FILES32.VXD file and then modifies the Registry to be run each time any EXE file starts when Windows is active. The worm does this by modifying an EXE file startup command key in the . The key name is and it is associated with the worm file (FILES32.VXD file that was created in the Windows system folder). If the FILES32.VXD file is deleted and Registry is not corrected, the EXE files would not start any more.

F-Secure reports that Ramen is an Internet worm, which propagates from a Linux based server to another. It works in a similar way as the Morris Worm that was widespread in 1989. Ramen affects systems running default installations of Red Hat Linux 6.2 and 7.0. It attempts to infect the system by exploiting two know security vulnerabilities. If the worm gets access to the vulnerable host, it will replace the default page of the web server to one that contains the following text: RameN Crew - Hackers looooooooooooove noodles.

W97M/Melissa was initially distributed in an internet discussion group called alt.sex. The virus was sent in a file called LIST.DOC, which contained passwords for X-rated websites. When users downloaded the file and opened it in Microsoft Word, a macro inside the document executed and e-mailed the LIST.DOC file to 50 people listed in the user's e-mail alias file ("address book").

Antivirus vendor Kaspersky is warning of a new Trojan impacting Pocket PCs running Windows CE and and newer versions of Windows Mobile. The Trojan, dubbed Backdoor.WinCE.Brador.a, or simply Brador, creates a file named svchost.exe in the Windows Startup folder on the Pocket PC, allowing it to gain control whenever the device is started. According to Kaspersky Labs, Brador sends the IP address of the infected Pocket PC to the virus writer, alerting him/her to the fact that the backdoor on the infected device is active. The Brador backdoor then listens on port 2989 for commands from the Trojan author, which could allow the author to upload and run further malicious code.

Malicious code threats consisting of a combination of viruses, worms and Trojans. Linked descriptions provided courtesy of F-Secure.

Boot viruses: These viruses infect floppy disk boot records or master boot records in hard disks. They replace the boot record program (which is responsible for loading the operating system in memory) copying it elsewhere on the disk or overwriting it. Boot viruses load into memory if the computer tries to read the disk while it is booting.

From your Antivirus.About.com guide, an encyclopedia of virus and hoax descriptions. Includes PC, Macintosh, Unix, Active Content, and Wireless infectors.

From your Antivirus.About.com guide, an encyclopedia of virus and hoax descriptions. Includes PC, Macintosh, Unix, Active Content, and Wireless infectors.

The Brador Trojan creates a file named svchost.exe in the Windows Startup folder on the Pocket PC, allowing it to gain control whenever the device is started.