W32.Sasser.G
This malware was reported by: Symantec
Exploit.HTML.Mht
This malware was reported by: F-Secure
An exploit is a short code or script that uses a vulnerability
to perform malicious actions.
The HTML.Mht exploit is embedded to HTML web pages. It attempts to
download and install a malicious program on your computer by using
a security breach in In
W32/Apler-A
This malware was reported by: Sophos
W32/Sdbot.worm.96716
This malware was reported by: Network Associates Inc
This threat has been deemed low-profiled due to media attention at:
http://msnbc.msn.com/id/5799432/
Proactive Detection
McAfee products running the 4354 DATs (release date April 28th 2004) or greater proactively detect this thre
Gaobot.AIR
This malware was reported by: Panda Software
Gaobot.AIR is a worm with backdoor characteristics that allows hackers to gain remote control over the affected computer and carry out actions such as command execution, download and execute files, log keystrokes, obtain different information o
W32/Sdbot-NQ
This malware was reported by: Sophos
W32/Sdbot-NR
This malware was reported by: Sophos
W64/Shruggle
This malware was reported by: Network Associates Inc
W32/Sasser.worm.g
This malware was reported by: Network Associates Inc
This Sasser variant functions similarly to previous variants, such as
W32/Sasser.worm.f
, with the following differences:
This variant drops the
W32/Netsky.AC@MM
worm into the WINDOWS directory as skynet.cpl
and executes it
W64_SHRUGGLE.A
This malware was reported by: Trendmicro
This virus is the second malware discovered that infects 64-bit Windows Portable Executable (PE) files. The first such virus, W64_RUGRAT.A, and this virus are believed to be created by the same author, who calls himself roy g biv.
W32/Forbot-K
This malware was reported by: Sophos
WORM_SASSER.G
This malware was reported by: Trendmicro
This memory-resident WORM_SASSER variant is known to exploit the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of an affected system.
Shruggle.1318
This malware was reported by: Panda Software
Sasser.G
This malware was reported by: Panda Software
Sasser.G is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical only for Windows XP/2000 operating systems that are not properly updated.Sasser.G restarts the computer automatical
Backdoor.Berbew.J
This malware was reported by: Symantec
Backdoor.Berbew.J is a Trojan horse program that attempts to steal cached passwords from an infected computer. It may also display fake windows to gather confidential information from the user.
AdClicker
This malware was reported by: Network Associates Inc
W32/Rbot-HB
This malware was reported by: Sophos
W32.Leebad
This malware was reported by: Symantec
W32.Leebad is a worm that logs keystrokes and spreads by copying itself to the root of mapped drives.
W32/Rbot-HC
This malware was reported by: Sophos
Downloader-OL
This malware was reported by: Network Associates Inc
PWS-DoomTweak
This malware was reported by: Network Associates Inc
W32/Rbot-HE
This malware was reported by: Sophos
W32.Lovgate.AO@mm
This malware was reported by: Symantec
W32.Tiniresu
This malware was reported by: Symantec
W32.Tiniresu is a virus that infects the Userinit.exe file and downloads and executes a file from a remote location.
VBS.Voodoo.C
This malware was reported by: Symantec
VBS.Voodoo.C is a virus written in Visual Basic Script (VBS). It prepends itself to the files that have .asp, .htm, .hta, .htx, .html, and .htt file extensions.
W32/Forbot-E
This malware was reported by: Sophos
DKS.C
This malware was reported by: Computer Associates
Win32.DKS.C is a trojan that opens a SOCKS 5 proxy on an affected machine.
Spabot.A
This malware was reported by: Computer Associates
Myss.CB
This malware was reported by: Computer Associates
Win32.Myss.CB is a trojan that consists of four components. The first component is a dropper program that drops the remaining three components: an executabl
Troj/Agent-BX
This malware was reported by: Sophos
W32/Rbot-X
This malware was reported by: Sophos
W32/Wukill-C
This malware was reported by: Sophos
XF/NetSnake
This malware was reported by: Network Associates Inc
This virus propagates by infecting Excel Workbooks in Microsoft EXCEL Versions 5.x / 7.x and 97 on Windows and Macintosh platforms. The infected workbook consists of the macro:
(m1)_(m2)_(m3)
The virus becomes active when macros are en
NetSnake
This malware was reported by: Network Associates Inc
Downloader-MD
This malware was reported by: Network Associates Inc
Downloader-MC
This malware was reported by: Network Associates Inc
W32/Sdbot-OC
This malware was reported by: Sophos
Downloader-OG
This malware was reported by: Network Associates Inc
Exploit-CodeBase
This malware was reported by: Network Associates Inc
W32/Forbot-L
This malware was reported by: Sophos
W32/Bagle-AJ
This malware was reported by: Sophos
Codebase.gen
This malware was reported by: Panda Software
W32.Scane
This malware was reported by: Symantec
W32.Scane is a worm that attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability.
W32.Spybot.DAZ
This malware was reported by: Symantec
W32.Spybot.DAZ is a worm that spreads through IRC, network shares, exploits, and computers that are infected with common backdoor Trojan horses.
Adware-StatBlaster
This malware was reported by: Network Associates Inc
WORM_MYDOOM.S
This malware was reported by: Trendmicro
BKDR_SURILA.G
This malware was reported by: Trendmicro
This memory-resident backdoor program is downloaded into a system by WORM_MYDOOM.S, a mass-mailing worm.
CHM_PSYME.N
This malware was reported by: Trendmicro
TrendLabs has been receiving several reports regarding suspicious email messages that contain any of the following attachments:
DKS.E
This malware was reported by: Computer Associates
VBA.CLASS
This malware was reported by: F-Secure
Troj/LegMir-R
This malware was reported by: Sophos
Phish-BankFraud.eml
This malware was reported by: Network Associates Inc
Downloader.CDT
This malware was reported by: Symantec
Downloader.CDT is a Trojan horse program that downloads several files from a specific website.
Download.Ject.C
This malware was reported by: Symantec
Download.Ject.C is a variant of Download.Ject that attempts to download and execute files by exploiting two vulnerabilities in Internet Explorer (described in Microsoft Security Bulletin MS04-013).
The Trojan is triggered by opening an email that cont
Canbot.A
This malware was reported by: Computer Associates
Win32.Canbot.A is a backdoor trojan that allows unauthorized access to an affected machine.
WORM_REMADM.A
This malware was reported by: Trendmicro
This worm spreads via network shares. It usually arrives as a self-extracting archive file named RAR.EXE and contains several component files, which aid in its propagation routine.
W32/Rbot-HI
This malware was reported by: Sophos
W32/Rbot-HO
This malware was reported by: Sophos
HTML_BAGLE.AI
This malware was reported by: Trendmicro
This malware arrives packaged with FOTO1.EXE (detected by TrendLabs as
TROJ_BAGLE.AI
This malware was reported by: Trendmicro
This Trojan usually arrives via email packaged as a .ZIP
Bagle.Downloader.Trojan
This malware was reported by: Computer Associates
Win32.Glieder.H is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. In the wild, we have seen other varia
W32/Bagle.dll.dr
This malware was reported by: Network Associates Inc
WORM_BAGLE.AI
This malware was reported by: Trendmicro
As of 3:06 PM August 31, 2004 (GMT -07:00; Daylight Savings Time), TrendLabs has declared a Medium Risk alert to control the spread of this new BAGLE variant that is spreading via email. Infection reports have been received from Brazil, the US and Canada.
Troj/BagleDl-A
This malware was reported by: Sophos
Del-457
This malware was reported by: Network Associates Inc
Bagle.AK
This malware was reported by: F-Secure
Download.Ject.D
This malware was reported by: Symantec
W32.Beagle.AQ@mm is a variant of W32.Beagle.AO@mm, which is a mass-mailing worm that uses its own SMTP engine to spread. The email attachment is a downloader, similar to Trojan.Mitglieder and Download.Ject.C, that downloads the worm from an external s
Bagle.AV
This malware was reported by: Panda Software
Bagle.AV is a worm that ends processes belonging to several antivirus update programs, among other applications.Bagle.AV spreads via e-mail, in a message with an attached file with a random name and a ZIP extension. This file contains an HTML file, toget
W32/Sautor.worm
This malware was reported by: Network Associates Inc
This worm can propagate via open shares on the network.
When run, the worm copies itself and a dll file to the C: drive and to the root of any open shares. The following file names are used:
System32.exe (204,859)
System32dll.dll (204,86
WORM_BAGLE.AL
This malware was reported by: Trendmicro
This worm usually arrives via email packaged as a .ZIP compressed file. Similar to the BAGLE variant WORM_BAGLE.AC, this worm does not directly send itself via email to target recipients as an email attachment.
Harbag.B
This malware was reported by: Computer Associates
Harbag.A
This malware was reported by: Computer Associates
Backdoor.Alets
This malware was reported by: Symantec
Backdoor.Alets is a backdoor Trojan horse that allows a remote attacker to have unauthorized access to an infected computer, via IRC channels.
Trojan.Hiva
This malware was reported by: Symantec
Trojan.Hiva is a Trojan horse program that uses net-send commands to send alert messages, moves the mouse randomly, and closes program windows.
Glieder.H
This malware was reported by: Computer Associates
Win32.Glieder.H is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. In the wild, we have seen other varia
Secdrop.D
This malware was reported by: Computer Associates
Bugbear.L
This malware was reported by: F-Secure
The Bugbear.L (also known as Tanatos.k) worm appeared on
September 1st, 2004. The worm spreads itself as an attachment
in e-mail messages.
The worm has a backdoor and terminates security software. The
backdoor can be instructed to drop a TCP proxy ap
Bagle.AI
This malware was reported by: Computer Associates
Win32.Bagle.AI is a worm that spreads via e-mail and file sharing. Rather than putting itself in e-mail attachments, it uses a separate downloader component
Glieder.I
This malware was reported by: Computer Associates
Win32.Glieder.I is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. In the wild, we have seen other varia
W32/Rbot-HQ
This malware was reported by: Sophos
Glieder.I
This malware was reported by: F-Secure
Yet another Glieder variant has been spammed. The origin is an
email message sent to many people. The message contains an
attachment named FOTOS.ZIP. Inside the ZIP archive there is an
HTML portion that uses a common exploit to launch an EXE file
name
Glieder.H
This malware was reported by: F-Secure
W32.Beagle.AQ@mm
This malware was reported by: Symantec
W32.Beagle.AQ@mm is a variant of W32.Beagle.AO@mm, which is a mass-mailing worm that uses its own SMTP engine to spread. The email attachment is a downloader, similar to Trojan.Mitglieder and Download.Ject.C, that downloads the worm from an external s
Bagle.AJ
This malware was reported by: Computer Associates
Win32.Bagle.AJ is a worm that spreads via e-mail and file sharing. Rather than putting itself in e-mail attachments, it uses a separate downloader component
Bagle.AO
This malware was reported by: F-Secure
Bagle.AN
This malware was reported by: F-Secure
W32/Rbot-HR
This malware was reported by: Sophos
Bagle.AW
This malware was reported by: Panda Software
Bagle.AW is a worm that ends processes belonging to several antivirus update programs, among other applications.Bagle.AW spreads via e-mail, in a message with an attached file with a random name and a ZIP extension. This file contains an HTML file, toget
W32/Bagle.at@MM
This malware was reported by: Network Associates Inc
W32/Bugbear.i@MM
This malware was reported by: Network Associates Inc
This detection is for a new variant of W32/Bugbear that bears the following characteristics:
mass-mails itself to recipient email addresses extracted from the victim machine. It attaches itself to outgoing emails within a ZIP file.
opens
W32/Bagle-AT
This malware was reported by: Sophos
W32/Rbot-HT
This malware was reported by: Sophos
Glieder.F
This malware was reported by: Computer Associates
Win32.Glieder.F is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. In the wild, we have seen this family
Trojan.Yipid
This malware was reported by: Symantec
Trojan.Yipid is a Trojan horse that downloads files from the Internet, searches the system for email addresses, and sends a Chinese language email to all the addresses that it finds.
Sced.C
This malware was reported by: Computer Associates
Win32.Sced.C is a configurable trojans that interferes with Internet Explorer. It has been distributed as a 36,376-byte, UPX-packed, Win32 executable.
Lovgate.BC
This malware was reported by: Computer Associates
Lovgate.BC is a worm that spreads via e-mail, network shares, and the Kazaa file sharing network. It may be distributed stored inside an archive file and ma
Sasser.G
This malware was reported by: Computer Associates
Win32.Sasser.G is a worm that spreads by exploiting a vulnerability in the LSASS service on Windows 2000, XP and 2003 server. It is a 58,880-byte executable
Nomis
This malware was reported by: Computer Associates
Win32.Nomis is a worm that appears to be intended to spread via mapped network drives. In our laboratory tests, however, it failed to spread in this manner.
RBot
This malware was reported by: F-Secure
W32/Rbot-MG
This malware was reported by: Sophos