1...1 2...2 2.1...2 2.2...2 2.3...2 3...4 3.1...4 3.1.1...4 3.1.2...6 4...8 4.1...9 4.2...10 4.3...11 4.3.1 W32/Lovsan.worm.gen...13 4.3.2 W32/Lovsan.worm.a...17 4.3.3 W32/Lovsan.worm.e...20 4.3.4 W32/Nachi.worm...23 4.3.5 W32/Hybris.gen@MM...28 4.3.6 W32/Magistr.a@MM...29 4.3.7 W32/Magistr.b@MM...31 4.3.8 W32/CodeRed.worm.c...33 4.3.9 W32/CodeRed.worm.f...37 4.3.10 W32/CodeGreen.dr...41 4.3.11 W32/Klez.gen@MM...44 4.3.12 W32/Klez.h@MM...47 4.3.13 W32/Klez.e@MM...49 4.3.14 W32/Nimda.gen@MM...51 4.3.15 W32/Nimda@MM...53 4.3.16 W32/Nimda.s@MM...55 4.3.17 W32/SirCam@MM...60 4.3.18 W32/Sobig.a@MM...62 4.3.19 W32/Sobig.f@MM...64 4.3.20 W32/Rous.a...65 5...67 i

1 11 20 Network Associates McAfee VirusScan W32/Lovsan.worm.gen W32/Lovsan.worm.a W32/Lovsan.worm.e W32/Nachi.worm W32/Hybris.gen@MM W32/Magistr.a@MM W32/Magistr.b@MM W32/CodeRed.worm.c W32/CodeRed.worm.f W32/CodeGreen.dr W32/Klez.gen@MM W32/Klez.h@MM W32/Klez.e@MM W32/Nimda.gen@MM W32/Nimda@MM W32/Nimda.s@MM W32/SirCam@MM W32/Sobig.a@MM W32/Sobig.f@MM W32/Rous.a W32BLASTER_C.EXE msblaster.exe W32BLASTER_E.EXE welchia.exe i-worm.hybris.c.exe vs000021.exe W32MAGIC.EXE W32CDRX.BIN W32CDRXF.BIN W32CDGR.EXE W32KLEZ.EXE setup.exe value.bat nimda.exe read.exe sample.exe SCam32.exe W32SOBIG.EXE sobig-f/sobig.f.pif i-worm.rous.a.exe 1

2 2.1 Web ( 2.2 2.3 ( 952 1 ( (1 2

(2 (3 3

3 3.1 ( 3.1.1 (1 : : : ( ( ( : : : : : 4

: (2 ( ( ( : EXE ( : : ( ( : OS : : ( : : : 5

( : : : 3.1.2 2003 8 Blaster ( 2 exploit (OS / / / 6

7 3-1 3-1 Web No Yes Yes No Yes No

8 4 Windows 11 20 W32/Lovsan.worm.gen W32BLASTER_C.EXE W32/Lovsan.worm.a msblaster.exe W32/Lovsan.worm.e W32BLASTER_E.EXE W32/Nachi.worm welchia.exe W32/Hybris.gen@MM i-worm.hybris.c.exe W32/Magistr.a@MM vs000021.exe W32/Magistr.b@MM W32MAGIC.EXE W32/CodeRed.worm.c W32CDRX.BIN W32/CodeRed.worm.f W32CDRXF.BIN W32/CodeGreen.dr W32CDGR.EXE W32/Klez.gen@MM W32KLEZ.EXE W32/Klez.h@MM setup.exe W32/Klez.e@MM value.bat W32/Nimda.gen@MM nimda.exe W32/Nimda@MM read.exe W32/Nimda.s@MM sample.exe W32/SirCam@MM SCam32.exe W32/Sobig.a@MM W32SOBIG.EXE W32/Sobig.f@MM sobig-f/sobig.f.pif W32/Rous.a i-worm.rous.a.exe

4.1 VMware Workstation 4.0 4-1 4-1 4-1 CPU OS Pentium800MHz Windows XP Professional 640MB VMware 4-1 9

4.2 4-2 4-3 IP IP 15 640KB 4-2 4-3 10

4.3 11 5 20 8 8 100% 12 10 2 4-2 4-2 No. 1 W32/Lovsan.worm.gen 100% 2 2 2 W32/Lovsan.worm.a 100% 2 2 3 W32/Lovsan.worm.e 100% 2 2 4 W32/Nachi.worm 100% 2 5 W32/Hybris.gen@MM 6 W32/Magistr.a@MM / 7 W32/Magistr.b@MM / 8 W32/CodeRed.worm.c HTTP 100% 3 3 9 W32/CodeRed.worm.f HTTP 100% 3 3 10 W32/CodeGreen.dr HTTP 11 W32/Klez.gen@MM 100% / 2 2 12 W32/Klez.h@MM / 13 W32/Klez.e@MM / 14 W32/Nimda.gen@MM / / / 15 W32/Nimda@MM / / / 16 W32/Nimda.s@MM / / / 100% 2 2 17 W32/SirCam@MM / 18 W32/Sobig.a@MM / 19 W32/Sobig.f@MM 20 W32/Rous.a 11

12

4.3.1 W32/Lovsan.worm.gen W32/Lovsan.worm.gen 4-3 3, 4 4-3 W32/Lovsan.worm.gen MS03-026DCOM RPC Windows 2000, Windows XP IP DCOM RPC TCP 135 TCP 4444 4444 TFTP.EXE Network Associates Web W32/Lovsan.worm.gen 4-3 W32/Lovsan.worm.a OS 5 135139445593 RPC 4-4 4-4 W32/Lovsan.worm.gen OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 135 13

C: WINDOWS system32 ( 135 Windows 135139445593 RPC Windows Windows IP IP IP IP IP Windows XP Windows 2000 2 OS 2 2 4-4W32/Lovsan.worm.gen 135 TFTP1584 4-4 4-3 4-4 135 4444 69 TFTP TFTP 14

15 C: WINDOWS system32 TFTP1584 C: WINDOWS system32 penis32.exe

16 4-4 W32/Lovsan.worm.gen

4.3.2 W32/Lovsan.worm.a W32/Lovsan.worm.a 4-5 3, 4 4-5 W32/Lovsan.worm.a MS03-026DCOM RPC Windows 2000, Windows XP IP DCOM RPC TCP 135 TCP 4444 4444 TFTP.EXE OS 5 135139445593 RPC 4-6 4-6 W32/Lovsan.worm.a OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 135 C: WINDOWS system32 ( 135 Windows 17

135139445593 RPC Windows Windows IP IP IP IP IP Windows XP Windows 2000 2 OS 2 2 4-5W32/Lovsan.worm.a 135 TFTP1284 4-5 4-5 4-5 135 4444 69 TFTP TFTP C: WINDOWS system32 TFTP1284 C: WINDOWS system32 msblast.exe 18

19 4-5 W32/Lovsan.worm.a

4.3.3 W32/Lovsan.worm.e W32/Lovsan.worm.e 4-7 6, 7 4-7 W32/Lovsan.worm.e MS03-026DCOM RPC Windows 2000, Windows XP IP DCOM RPC TCP 135 TCP 4444 4444 TFTP.EXE OS 5 135139445593 RPC 4-8 4-8 W32/Lovsan.worm.e OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 135 C: WINDOWS system32 ( 135 Windows 20

135139445593 RPC Windows Windows IP IP IP IP IP Windows XP Windows 2000 2 OS 2 2 4-6W32/Lovsan.worm.e 135 TFTP1756 4-6 4-7 4-6 135 4444 69 TFTP TFTP C: WINDOWS system32 TFTP1756 C: WINDOWS system32 mslaugh.exe 21

22 4-6 W32/Lovsan.worm.e

4.3.4 W32/Nachi.worm W32/Nachi.worm 4-9 8, 9 4-9 W32/Nachi.worm MS03-026DCOM RPC MS03-007 W32/Lovsan msblast.exe Windows 2000, Windows XP IP IP A.B.C.D A.B.0.0 IP E.F.0.0 DCOM RPC TCP 135 TCP 80 TCP 666765 TFTP.EXE msblast.exe meblast.exe OS 5 10 80135139445593 RPC 4-10 4-10 W32/Nachi.worm OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 23

192.168.0.2 IP 135 C: WINDOWS system32 ( 80, 135 Windows 135 80135139445593 RPC Windows Windows 2 2 2 135 80 4-7W32/Nachi.worm 135 TFTP.EXESVCHOST.EXE TFTP1036 TFTP1468 4-7 4-9 4-7 135 707 69 TFTP TFTP C: WINDOWS system32 TFTP1036 24

C: WINDOWS system32 wins SVCHOST.EXE 707 69 TFTP TFTP C: WINDOWS system32 TFTP1468 C: WINDOWS system32 wins DLLHOST.EXE 707 C: WINDOWS system32 msblast.exe 25

26

27 4-7 W32/Nachi.worm

4.3.5 W32/Hybris.gen@MM W32/Hybris.gen@MM 4-11 11, 12 4-11 W32/Hybris.gen@MM Windows WSOCK32.DLL 28

4.3.6 W32/Magistr.a@MM W32/Magistr.a@MM 4-12 13, 14 4-12 W32/Magistr.a@MM Windows 95Windows98WindowsNTWindows2000WindowsMe WindowsXP.dll Windows Portable Executable Explorer.exe 110 20 100 Windows run= 139 4-13 4-13 W32/Magistr.a@MM OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( 29

( C: Documents and Settings All Users Documents E 01023 139 30

4.3.7 W32/Magistr.b@MM W32/Magistr.b@MM 4-14 15, 16 4-14 W32/Magistr.bMM Windows 95Windows98WindowsNTWindows2000WindowsMe WindowsXP.dll Windows Portable Executable system.ini Boot Shell=explorer.exe W32.Magistr.Trojan Windows Eudora Outlook Express Netscape 139 4-15 4-15 W32/Magistr.bMM OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( 31

( C: Documents and Settings All Users Documents E 01023 139 32

4.3.8 W32/CodeRed.worm.c W32/CodeRed.worm.c 4-16 17, 18, 19 4-16 W32/CodeRed.worm.c Index Server ISAPI Web (MS01-033 Windows 2000, Windows NT4.0 300 600 IP HTTP TCP/IP 80 C: D: explorer.exe Web Windows cmd.exe C: inetpub scripts root.exe D: inetpub scripts root.exe C: Program Files common files system MSADC root.exe D: Program Files common files system MSADC root.exe Network Associates Web W32/CodeRed.worm.c W32/CodeRed.c.worm 4-16 W32/CodeRed.c.worm OS 20 Web Web http 80 4-17 33

4-17 W32/CodeRed.worm.c OS Windows 2000 Professional Windows 2000 Professional 96MB 64MB IP 192.168.0.1 192.168.0.2 192.168.0.1 IP 80 C: ( C: Inetpub ( C: Program Files Common Files ( C: WINNT ( C: WINNT system32 ( Web IISInternet Information Services IIS Windows config Windows D: CD-ROM Windows C: explorer.exe IP IP 80 TCP/IP 3 3 34

4-8W32/CodeRed.worm.c 80 C: Inetpub Scripts root.exe 4-8 4-16 80 C: Inetpub Scripts root.exe C: explorer.exe 4-8 W32/CodeRed.worm.c 35

4-8 4-16 C: Program Files common files system MSADC root.exe root.exe 36

4.3.9 W32/CodeRed.worm.f W32/CodeRed.worm.f 4-18 21, 22, 23 4-18 W32/CodeRed.worm.f Index Server ISAPI Web (MS01-033 Windows 2000, Windows NT4.0 300 600 IP HTTP TCP/IP 80 C: D: explorer.exe Web Windows cmd.exe C: inetpub scripts root.exe D: inetpub scripts root.exe C: Program Files common files system MSADC root.exe D: Program Files common files system MSADC root.exe Network Associates Web W32/CodeRed.worm.f W32/CodeRed.f.worm 4-18 W32/CodeRed.f.worm F C(W32/CodeRed.c.worm OS 20 Web Web http 80 4-19 37

4-19 W32/CodeRed.worm.f OS Windows 2000 Professional Windows 2000 Professional 96MB 64MB IP 192.168.0.1 192.168.0.2 192.168.0.1 IP 80 C: ( C: Inetpub ( C: Program Files Common Files ( C: WINNT ( C: WINNT system32 ( Web IISInternet Information Services IIS Windows config Windows D: CD-ROM Windows C: explorer.exe IP IP 80 TCP/IP 3 3 38

4-9W32/CodeRed.worm.f 80 C: Inetpub Scripts root.exe 4-9 4-18 80 C: Inetpub Scripts root.exe C: explorer.exe 4-9 W32/CodeRed.worm.f 39

4-9 4-18 C: Program Files common files system MSADC root.exe root.exe 40

4.3.10 W32/CodeGreen.dr W32/CodeGreen.dr 4-20 24, 25, 26 4-20 W32/CodeGreen.dr Code Red MS01-033 Code Red Windows NT IP HTTP IIS HTTP MS C: D: "EXPLORER.EXE" "ex Xer._X_" Network Associates Web W32/CodeGreen.dr 4-20 Code Green OS 20 Web Web http 80 4-21 4-21 W32/CodeGreen.dr OS Windows NT Server 4.0 Windows NT Server 4.0 64MB 64MB IP 192.168.0.3 192.168.0.4 192.168.0.3 IP 80 41

C: ( C: InetPub ( C: Program Files Common Files ( C: WINNT ( C: WINNT system32 ( Windows NT Windows NT 4.0 3 IIS 4.0 Index Server 2.0 Windows NT 2001 9 4 2000 IIS 4.0Index Server 2.0 Web IISInternet Information Services IIS D: CD-ROM Windows Windows NT Microsoft Visual C++ 6.0 MFC dll IP IP C: EXPLORER.EXE Windows 2000 Code Red Windows 2000 VMware Microsoft 42

Microsoft IP IP 43

4.3.11 W32/Klez.gen@MM W32/Klez.genMM 4-22 27, 28 4-22 W32/Klez.genMM Windows Microsoft Outlook Outlook Express MS01-020 Windows95 Windows98 WindowsNT WindowsMeWindows 2000, Windows XP Windows.bat.exe.pif.scr 139 4-23 4-23 W32/Klez.genMM OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( 44

C: Documents and Settings All Users Documents E 01023 139 C: Documents and Settings All Users Documents 2 2 4-10W32/Klez.genMM 139 Sq.htm.exe 45

46 4-10 W32/Klez.genMM

4.3.12 W32/Klez.h@MM W32/Klez.hMM 4-24 29, 30 4-24 W32/Klez.hMM Windows Microsoft Outlook Outlook Express MS01-020 Windows95 Windows98 WindowsNT WindowsMeWindows 2000, Windows XP Windows.bat.exe.pif.scr 139 4-25 4-25 W32/Klez.hMM OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( 47

C: Documents and Settings All Users Documents E 01023 139 48

4.3.13 W32/Klez.e@MM W32/Klez.eMM 4-26 31, 32 4-26 W32/Klez.eMM Windows Microsoft Outlook Outlook Express MS01-020 Windows95 Windows98 WindowsNT WindowsMeWindows 2000, Windows XP Windows.bat.exe.pif.scr 139 4-27 4-27 W32/Klez.eMM OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( 49

C: Documents and Settings All Users Documents E 01023 139 50

4.3.14 W32/Nimda.gen@MM W32/Nimda.gen@MM 4-28 33, 34 4-28 W32/Nimda.gen@MM Microsoft Internet Explorer Windows 95Windows98WindowsNTWindows2000WindowsMe Network Associates Web W32/Nimda.gen@MM W32/Nimda.a@MM 4-28 W32/Nimda.a@MM OS 35 Web Web http 80 139 4-29 51

4-29 W32/Nimda.gen@MM OS Windows XP Professional Windows 2000 Professional 128MB 80MB IP 192.168.0.2 192.168.0.128 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( C: Documents and Settings All Users Documents E 01023 80 139 Web 52

4.3.15 W32/Nimda@MM W32/Nimda@MM 4-30 33, 36 4-30 W32/Nimda@MM Microsoft Internet Explorer Windows 95Windows98WindowsNTWindows2000WindowsMe Network Associates McAfee VirusScan W32/Nimda@MM Nimda.G DE OS 35 Web Web http 80 139 4-31 53

4-31 W32/Nimda@MM OS Windows XP Professional Windows 2000 Professional 128MB 80MB IP 192.168.0.2 192.168.0.128 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( C: Documents and Settings All Users Documents E 01023 80 139 Web 54

4.3.16 W32/Nimda.s@MM W32/Nimda.s@MM 4-32 33, 34 4-32 W32/Nimda.s@MM Microsoft Internet Explorer Windows 95Windows98WindowsNTWindows2000WindowsMe Network Associates Web W32/Nimda.s@MM W32/Nimda.a@MM 4-28W32/Nimda.a@MM OS 35 Web Web http 80 139 4-33 55

4-33 W32/Nimda.s@MM OS Windows XP Professional Windows 2000 Professional 128MB 80MB IP 192.168.0.2 192.168.0.128 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( C: Documents and Settings All Users Documents E 01023 80 139 Web C: Documents and Settings All Users Documents 2 2 4-11W32/Nimda.s@MM 139 desktop.eml.eml.nws riched20.dll. 56

57

58

59 4-11 W32/Nimda.s@MM

4.3.17 W32/SirCam@MM W32/SirCam@MM 4-34 37, 38 4-34 W32/SirCam@MM Windows Windows95Windows98WindowsMe WindowsXPWindows2000 Windows95Windows98 WindowsMe WindowsXP 139 4-35 4-35 W32/SirCam@MM OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( 60

C: Documents and Settings All Users Documents E 01023 139 WINDOWS SYSTEM SCam32.exe 61

4.3.18 W32/Sobig.a@MM W32/Sobig.a@MM 4-36 39, 40 4-36 W32/Sobig.a@MM.txt.eml.html.htm.dbx.wab Windows95Windows98WindowsNTWindows2000WindowsXP WindowsMe.txt.eml.html.htm.dbx.wab 139 4-37 4-37 W32/Sobig.a@MM OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( C: Documents and Settings All Users Documents 62

E 01023 139 Windows winmgm32.exe 63

4.3.19 W32/Sobig.f@MM W32/Sobig.f@MM 4-38 41, 42 4-38 W32/Sobig.f@MM.txt.eml.html.htm.dbx.wab.hlp.mht Windows95Windows98WindowsNTWindows2000WindowsXP WindowsMe.txt.eml.html.htm.dbx.wab.hlp.mht 64

4.3.20 W32/Rous.a W32/Rous.a 4-38 43, 44 4-39 W32/Rous.a Windows Network Associates Web W32/Rous.a i-worm.rous.a.exe Win32 I-Worm.Rous.a BAT.Rous.worm Win32 Set RS=CreateObject( Outlook.Application Mail.Attachments.Add( C: RousSarc.EXE Mail.Send 4-40 4-40 W32/Rous.a OS Windows XP Professional Windows XP Professional 128MB 128MB IP 192.168.0.2 192.168.0.1 65

192.168.0.2 IP 0-1023 C: ( C: WINDOWS ( C: WINDOWS system32 ( ( C: Documents and Settings All Users Documents E 01023Well Known Ports Windows 2000Windows NT4.0 66

5 (OS ( / / / OS 11 5 (20 8 8 100% 12 ( POP3 ( 110 ( (false negative 67

(false positive SQL Slammar 45 68

(Web URL 2003 11 1 ( 952 http://www.ipa.go.jp/security/antivirus/kijun952.html 2 W32/MSBlaster http://www.ipa.go.jp/security/topics/newvirus/msblaster.html 3 W32/Lovsan.worm.a http://www.nai.com/japan/security/virl.asp?v=w32/lovsan.worm.a 4 w32.blaster.worm http://www.symantec.com/region/jp/sarcj/data/w/w32.blaster.worm.html 5 RPC (823980 (MS03-026 http://www.microsoft.com/japan/technet/security/bulletin/ms03-026.asp 6 W32/Lovsan.worm.e http://www.nai.com/japan/security/virl.asp?v=w32/lovsan.worm.e 7 w32.blaster.e.worm http://www.symantec.com/region/jp/sarcj/data/w/w32.blaster.e.worm.html 8 W32/Nachi.worm http://www.nai.com/japan/security/virn.asp?v=w32/nachi.worm 9 w32.welchia.worm http://www.symantec.com/region/jp/sarcj/data/w/w32.welchia.worm.html 10 Windows (815021 (MS03-007 http://www.microsoft.com/japan/technet/security/bulletin/ms03-007.asp 11 W32/Hybris.gen@M http://www.nai.com/japan/security/virh2000.asp?v=w32/hybris.gen@m 69

12 w32.hybris.gen http://www.symantec.com/region/jp/sarcj/data/w/w32.hybris.gen.html 13 W32/Magistr.a@MM http://www.nai.com/japan/security/virm2001.asp?v=w32/magistr.a@mm 14 w32.magistr.24876@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.magistr.24876@mm.html 15 W32/Magistr.b@MM http://www.nai.com/japan/security/virm2001.asp?v=w32/magistr.b@mm 16 w32.magistr.39921@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.magistr.39921@mm.html 17 W32/Lovsan.worm.a http://www.nai.com/japan/security/virl.asp?v=w32/lovsan.worm.a 18 W32.Blaster.Worm http://www.symantec.com/region/jp/sarcj/data/w/w32.blaster.worm.html 19 WORM_MSBLAST.A http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?vname=worm_msbl AST.A 20 Index Server ISAPI Web (MS01-033 http://www.microsoft.com/japan/technet/security/bulletin/ms01-033.asp 21 W32/CodeRed.f.worm http://www.nai.com/japan/security/virc.asp?v=w32/codered.f.worm 22 CodeRed.F http://www.symantec.com/region/jp/sarcj/data/c/codered.f.html 23 CODERED.F http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?vname=codered.f 24 70

WORM_CODEGREEN.A http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?vname=worm_code GREEN.A 25 ZDNet JAPAN Code Red http://www.zdnet.co.jp/broadband/0109/07/codegreen.html 26 Code RedII (2001.9.13 https://www.netsecurity.ne.jp/article/2/2824.html 27 W32/Klez@MM http://www.nai.com/japan/security/virk.asp?v=w32/klez@mm 28 w32.klez.gen@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.klez.gen@mm.html 29 W32/Klez.h@MM http://www.nai.com/japan/security/virk2002.asp?v=w32/klez.h@mm 30 w32.klez.h@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.klez.h@mm.html 31 W32/Klez.e@MM http://www.nai.com/japan/security/virk2002.asp?v=w32/klez.e@mm 32 w32.klez.e@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.klez.e@mm.html 33 W32/Nimda.a@MM http://www.nai.com/japan/security/virn2001.asp?v=w32/nimda.a@mm] 34 w32.nimda.a@mm.html http://www.symantec.com/region/jp/sarcj/data/w/w32.nimda.a@mm.html 35 Web (MS00-078 http://www.microsoft.com/japan/technet/security/bulletin/ms00-078.asp 36 W32.Nimda.E@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.nimda.e%40mm.html 71

37 W32/SirCam@MM http://www.nai.com/japan/security/virs2001.asp?v=w32/sircam@mm 38 w32.sircam.worm@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.sircam.worm@mm.html 39 W32/Sobig@MM http://www.nai.com/japan/security/virs.asp?v=w32/sobig@mm 40 w32.sobig.a@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.sobig.a@mm.html 41 W32/Sobig.f@MM http://www.nai.com/japan/security/virs.asp?v=w32/sobig.f@mm 42 w32.sobig.f@mm http://www.symantec.com/region/jp/sarcj/data/w/w32.sobig.f@mm.html 43 PestPatrol i-worm_rous_a http://www.pestpatrol.com/pestinfo/i/i-worm_rous_a.asp 44 BAT.Rous.worm http://www.symantec.com/region/jp/sarcj/data/b/bat.rous.worm.html 45 W32/SQLSlammer http://www.ipa.go.jp/security/ciadr/vul/20030126ms-sql-worm.html 72