Worm:Win32/Sober.AH@mm is a mass-mailing e-mail worm that sends itself in either English or German language e-mail, depending on the domain suffix of the infected user. Typically, the Win32/Sober worm family downloads additional malicious files at pre-determined times and locations. These files are commonly proxies that are used to relay spam from infected systems.

Exploit:Win32/Anicmoo.A is generic detection for exploit of a vulnerability in the way certain un-patched versions of Microsoft Windows handle animated cursor (.ani) files. Exploit could allow an attacker to remotely execute arbitrary code on impacted systems. Further details on the vulnerability are found in Microsoft Security Advisory (935423).

Win32/Nuwar.N@MM!CME-711 is a mass-mailing email worm that sends a trojan dropper via email. When the trojan attachment is opened, it installs a distributed peer-to-peer (P2P) downloader for the Win32/Nuwar worm component.