W32/Aidid.worm
This malware was reported by: Network Associates Inc
Downloader-OQ
This malware was reported by: Network Associates Inc
Downloader-HI
This malware was reported by: Network Associates Inc
Downloader-ME
This malware was reported by: Network Associates Inc
W32/Protoride.worm
This malware was reported by: Network Associates Inc
W32/Squirrel-A
This malware was reported by: Sophos
Downloader-PU
This malware was reported by: Network Associates Inc
W32/Pahac@MM
This malware was reported by: Network Associates Inc
This is a mass-mailing worm that is downloaded and executed by the Downloader-PU trojan
.
When run, it copies itself as C:KONFIG.EXE .
The worm sends itself to all contacts found in files with the following extensions:
.html
.htm
JS/Zerolin.eml
This malware was reported by: Network Associates Inc
W32/Forbot-AE
This malware was reported by: Sophos
PWSteal.Ibank
This malware was reported by: Symantec
PWSteal.Ibank is a Trojan horse program that attempts to log keystrokes and steal passwords from an infected computer.
StartPage-DX!hosts
This malware was reported by: Network Associates Inc
StartPage-EB!hosts
This malware was reported by: Network Associates Inc
Downloader-OT
This malware was reported by: Network Associates Inc
WORM_EVAMAN.C
This malware was reported by: Trendmicro
This worm mainly spreads via email. It gets its list of target recipients from the Windows Address Book (WAB) as well as from certain files found in the system but noticeably avoids sending itself to email addresses that contain certain strings.
W32/Mydoom-Y
This malware was reported by: Sophos
WORM_MYDOOM.U
This malware was reported by: Trendmicro
This MYDOOM variant mainly propagates via email. Using its own SMTP (Simple Mail Transfer Protocol) engine, this worm sends an email with varying subjects, message bodies, and attachment file names. The file attachment may arrive inside a .ZIP archive.
Reign.V
This malware was reported by: Computer Associates
Win32.Reign.V is a backdoor trojan that uses stealth to hide its presence on an affected machine. Users should note that this variant fails to function on m
Daqa.D
This malware was reported by: Computer Associates
W32/Rbot-KZ
This malware was reported by: Sophos
W32/Sasser-G
This malware was reported by: Sophos
Bagle.BA
This malware was reported by: Panda Software
Bagle.BA is a worm that opens port 2050 and waits for remote connections in order to carry out remote control commands.Bagle.BA logs information on the affected computer, such as system information, user names and passwords of several installed programs,
JS/Exploit-DragDrop.b.gen
This malware was reported by: Network Associates Inc
Fightrub.A
This malware was reported by: Panda Software
Fightrub.A is a worm without destructive effects that spreads via e-mail and through peer-to-peer (P2P) file sharing programs.
MyDoom.AC
This malware was reported by: F-Secure
A new variant of MyDoom worm - Mydoom.AC, was found in the middle
of September 2004. This worm variant can spread in e-mails as a
fake FlashEcard virtual postcard.
WORM_BAGLE.BA
This malware was reported by: Trendmicro
W32.Sndog@mm
This malware was reported by: Symantec
W32.Sndog@mm is a generic VB worm that spreads via Microsoft Outlook and peer -to-peer file sharing.
WORM_MEXER.E
This malware was reported by: Trendmicro
This memory-resident worm propagates via peer-to-peer (P2P) file-sharing networks, particularly Kazaa and Imesh, and by mailing copies of itself via Simple Mail Transfer Protocol (SMTP).
Sokeven.D
This malware was reported by: Computer Associates
Win32.Sokeven.D is a trojan that can act as a SOCKS proxy. It has been distributed as a 39,936 byte Win32 executable.
W32/Sdbot-PK
This malware was reported by: Sophos
Java/Binny.A
This malware was reported by: F-Secure
Java/Binny.A is a Java applet trojan that uses vulnerability
in SUN Java Runtime to gain full access to system and
drops TrojanDownloader.Win32.Small.VQ.
Binny.A infects system through Java web browser plug-in,
when a web browser visits a malicious
W32/Forbot-Gen
This malware was reported by: Sophos
Malam.A
This malware was reported by: Panda Software
Malam.A is a Trojan that opens a port, through which it allows remote access to the affected computer, in order to carry out actions that compromise user confidentiality or impede the tasks performed.Additionally, it changes the home page of the browser
Agent.CE
This malware was reported by: F-Secure
Adware-HungryHands
This malware was reported by: Network Associates Inc
StartPage-EB
This malware was reported by: Network Associates Inc
WORM_AGOBOT.XJ
This malware was reported by: Trendmicro
This memory-resident worm is another variant of the AGOBOT family that exploits the vulnerabilities discussed in the following pages:
WORM_AGOBOT.XI
This malware was reported by: Trendmicro
This memory-resident worm propagates via network shares. It uses a list of user names and passwords hardcoded in its body to log on to systems. Once logged on, it eventually drops a copy of itself on target machines.
W32/Myfip-C
This malware was reported by: Sophos
W32/Forbot-AG
This malware was reported by: Sophos
SentinelSteal
This malware was reported by: Panda Software
SentinelSteal is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.SentinelSteal allows to monitor user activity on the af
W32/Rbot-KJ
This malware was reported by: Sophos
Adware-Showsearch
This malware was reported by: Network Associates Inc
W32/Randin.worm.gen
This malware was reported by: Network Associates Inc
W32.Donk.S
This malware was reported by: Symantec
W32.Donk.S is a network-aware worm that propagates through open network shares and allows a remote attacker to have unauthorized access to the infected computer through a backdoor. The worm also attempts to spread by exploiting several system vulnerabili
Exploit-MS04-028.demo
This malware was reported by: Network Associates Inc
BackDoor-BDD
This malware was reported by: Network Associates Inc
BackDoor-CHP
This malware was reported by: Network Associates Inc
Dragdrop.exploit
This malware was reported by: Computer Associates
MS04-028.exploit
This malware was reported by: Computer Associates
Reign.Z
This malware was reported by: Computer Associates
Win32.Reign.Z is a backdoor trojan that uses stealth to hide its presence on an affected machine.
Backdoor.Sokeven
This malware was reported by: Symantec
Backdoor.Sokeven is a backdoor Trojan horse that creates a SOCKS proxy on the infected computer when a user visits a malicious Web site using the Internet Explorer browser.
Note: Reports indicate the worm may be installed by Web sites exploiting the un
W32.Snone.A
This malware was reported by: Symantec
W32.Snone.A is a worm that attempts to propagate by attaching a malicious URL to outgoing MSN Instant Messenger messages.
W32.Randin
This malware was reported by: Symantec
W32.Randin is a worm that spreads via network shares.
W32/Zusha-A
This malware was reported by: Sophos
Revcuss.B
This malware was reported by: Computer Associates
Revcuss.A
This malware was reported by: Computer Associates
Revcuss.C
This malware was reported by: Computer Associates
W32/Agobot-MX
This malware was reported by: Sophos
Rayl.A
This malware was reported by: Panda Software
Rayl.A is a worm that spreads via MSN Messenger.A message with a link to a picture hosted within a web address is received. When the user opens the picture, which is in fact an HTM file, Rayl.A affects the computer.Rayl.A attempts to exploit the vulnerab
JPG Vulnerability Exploit
This malware was reported by: F-Secure
PWSteal.Revcuss.B
This malware was reported by: Symantec
PWSteal.Revcuss.B is a Trojan horse program that attempts to log keystrokes and steal passwords from an infected computer.
Note: Virus definitions dated September 22nd 2004 or earlier may detect this threat as PWSteal.Ibank.
Adware-LesToolbar
This malware was reported by: Network Associates Inc
PWSteal.Revcuss.C
This malware was reported by: Symantec
PWSteal.Revcuss.C is a Trojan horse program that attempts to log keystrokes and steal passwords.
PWSteal.Revcuss.A
This malware was reported by: Symantec
PWSteal.Revcuss.A is a Trojan horse program that attempts to log keystrokes and steal passwords.
Trojan.Upchan
This malware was reported by: Symantec
Trojan.Upchan is a Trojan horse that steals system information and posts it onto an online bulletin board.
The Trojan uses a folder icon and attempts to propagate through the Winny file-sharing network.
VBS.Themis
This malware was reported by: Symantec
VBS.Themis is a VBScript worm that spreads through the Kazaa file-sharing network.
Malam.B
This malware was reported by: Panda Software
W32/Mexer-E
This malware was reported by: Sophos
JPGDownloader
This malware was reported by: Panda Software
Dialer-219
This malware was reported by: Network Associates Inc
TROJ_CHOSENWAN.A
This malware was reported by: Trendmicro
DEADLINK_NOVIRUS
This malware was reported by: Trendmicro
This is not a virus. TrendLabs is placing this advisory posting to address concerns regarding the growing reported incidence of this detection.
W32/Forbot-AJ
This malware was reported by: Sophos
MS04-028
This malware was reported by: Panda Software
HTool/Exp-MS04-028
This malware was reported by: Network Associates Inc
TROJ_JPGDOWN.A
This malware was reported by: Trendmicro
JPGEXP_DOWNLDR.A
This malware was reported by: Trendmicro
EXPL_JPGDOWN.A
This malware was reported by: Trendmicro
This is the Trend Micro detection for a Trojan that is a JPEG file. This file is generated by a hack tool detected as HKTL_JPGDOWN.A.
HKTL_JPGDOWN.A
This malware was reported by: Trendmicro
This hack tool creates a JPEG file (detected as EXPL_JPGDOWN.A), which exploits a vulnerability in Windows XP.
W32.Korgo.AB
This malware was reported by: Symantec
W32.Korgo.AB is a worm that attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability, described in Microsoft Security Bulletin MS04-011, on TCP port 445.
Hacktool.JPEGDownload
This malware was reported by: Symantec
Hacktool.JPEGDownload is a program that can be used to generate .jpg files that exploit the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028). The .jpg files that this Tr
Bloodhound.Exploit.14
This malware was reported by: Symantec
Bloodhound.Exploit.14 is a heuristic detection for malformed TIFF image files that could be used to exploit a Denial of Service (DoS) vulnerability in Explorer.exe on Microsoft Windows XP.
The files that are detected as Bloodhound.Exploit.14 may be mali
QHosts-16!hosts
This malware was reported by: Network Associates Inc
QHosts-16
This malware was reported by: Network Associates Inc
W32/Noomy-A
This malware was reported by: Sophos
W32/Xbot-C
This malware was reported by: Sophos
W32/Forbot-AK
This malware was reported by: Sophos
W32/MyDoom-D
This malware was reported by: Sophos
HardFull.A
This malware was reported by: Panda Software
Hacktool.JPEGShell
This malware was reported by: Symantec
Hacktool.JPEGShell is a Trojan horse program that can be used to generate .jpg files that exploit the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028).
The generated .j
W32/Rbot-KX
This malware was reported by: Sophos
W97M.Shore.K
This malware was reported by: Symantec
W97M.Shore.K is a Microsoft Word macro virus that infects the global template, Normal.dot, and spreads when files are opened, closed, saved, or when exiting Word. The virus disables the Visual Basic Editor in Microsoft Word, by requiring a password to ac
W32.Noomy.A@mm
This malware was reported by: Symantec
W32.Noomy.A@mm is a worm that sends itself by email, creates an HTTP server on port 8800/TCP and sends messages to IRC chat rooms inviting users to download the worm from the HTTP server.
W32.Randex.BLD
This malware was reported by: Symantec
W32.Randex.BLD is a network-aware worm that may be remotely controlled using IRC. The existence of the file, rcf.exe, is an indication of a possible infection.
W32/Forbot-AN
This malware was reported by: Sophos
Exploit-FolderView
This malware was reported by: Network Associates Inc
Phishbank.BN
This malware was reported by: Computer Associates
IE Page Replacement
This malware was reported by: Network Associates Inc
W32/Bagle.az@MM
This malware was reported by: Network Associates Inc