Klez - a mail worm, which was first discovered in November 2001. The specific feature of the Klez worm (Win32.HLLM.Klez) is that it carries in its body Win32.Klez virus as a payload. The virus is carried inside the worm in a packed form.The worm distributes itself by sending its copies via e-mail and upon getting inside the new system installs a virus in it. Since that moment the worm and the virus take separate roads: the worm keeps distributing by sending copies of itself to e-mail addresses from the Windows Address Book, while the virus starts infecting program files on the local drives as well as those located in the network folders available.

MyParty - a mass-mailing worm, exists in a packed module, written in the Microsoft Visual C++ language. Is capable to reproduce on Win9x/Me operation systems, but is basically aimed at WinNT/2k/XP.

Goner - a mass-mailing worm, can distribute itself both via e-mail messages and ICQ - the popular messages exchange system. The virus needs MS Outlook to re-distribute itself via e-mails. If MS Outlook is installed on the infected computer, the virus sends itself to all addresses from the Windows Address book.

Badtrans - this mass mailing worm virus uses the same well-known loophole in the MS Outlook, which had been used by ill-known Nimda and Aliz (and later by Klez). This loophole (a program code mistake, which was found, described and patched already in March 2001) allows the attached file to get launched automatically when the letter is read...

Aliz - a mass mailing worm.Distributes itself by re-sending its own copies in e-mail messages. The e-mail message is written in HTML and looks like a single word "peace" when viewed. Apart from that the letter has got an attachment "whatever.exe", which contains the actual virus code module written in assembly language. The Subject field can contain different texts like "Nice site here!", "Cool shit here?!", "Hot mp3s to see :-)". E-mail messages sent by this virus use a well-known MS Internet Explorer vulnerability ("loophole"), which allows an unauthorized automatic launch of the attached to the message virus program when viewed in MS Outlook and MS Outlook Express e-mail clients...

Nimda - an extremely dangerous mass mailing worm. Replicates itself in WinNT/Win2k/Win9x operating systems' environments. The virus is capable to infect both IIS (Internet Information Server) 4/5 and client workstations. Upon launching of the infected file the virus first verifies whether the active copy of the same virus is present in the computer's memory. If such copy is found the virus terminates its activity. Otherwise the virus detects the file type it was activated from and, provided the activation ocurred from the infected file (not from the virus file-dropper containing nothing but the actual virus code), it creates the similar file with almost the same name but for the extra space at the end, i.e.TEST.EXE => TEST .EXE...

CodeRed - a dangerous worm virus. The Code Red virus does not need to utilize any of the above methods. To replicate and distribute itself the virus finds a "hole" in the security system of the Microsoft Internet Information Service software package, which it uses to penetrate the server assaulted and activate itself having arrived as an ordinary TCP-packet on the network. The header of this packet is modified in such a way so as to let the packet contents to get loaded into the server operating memory and to take control over the server. It is worth noting that since the times of the legendary Morris-worm no worm-virus ever attacked or corrupted servers. Code Red Worm is the first worm-virus in the last 13 years which has succeeded in assaulting Internet servers. Doctor Web is the only anti-virus program capable of tracing the Code Red virus in the computer memory.

SirCam - a worm virus program affecting computers with a Windows operating system. It's propagated by distributing its copies via e-mail. The virus may spread through local networks, thus infecting computers whose disks are set as shared network resources available for writing.The Win32.HLLW.SirCam sends itself out by e-mail in the following way. The addresses for the dispatch are obtained by means of scanning contents of some files on the infected computer, where actual e-mail addresses may be found with high probability. For example, these are files of Windows address books, html-files etc.