WORM_BAGLE.AM
This malware was reported by: Trendmicro
TrendLabs has received several infection reports regarding this new BAGLE variant that is spreading via email.
PWSteal.Bancos.M
This malware was reported by: Symantec
PWSteal.Bancos.M is a password-stealing Trojan horse program that logs keystrokes and steals information entered into certain banking Web sites. It may also capture screenshots of certain banking Web pages to try to collect passwords and other sensitive
Trojan.Moo
This malware was reported by: Symantec
Trojan.Moo is a Trojan horse program that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028).
Note:
This signature will detect files created by Hacktool.JPE
Backdoor.Roxe
This malware was reported by: Symantec
Backdoor.Roxe is a backdoor Trojan horse program that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability (described in the Microsoft Security Bulletin MS04-028).
Note: Virus definitions released September 28, 2004
W32/Rbot-LC
This malware was reported by: Sophos
W32.Beagle.AR@mm
This malware was reported by: Symantec
Bagle.AS
This malware was reported by: F-Secure
Bagle.AS has been distributed largely. It arrives in emails with a Price or Joke-related attachment and exe, cpl, scr or com extensions. The worm contains a backdoor that listens on TCP port 81 and a UDP port. Bagle.AS spreads also via peer-to-peer.
Bagle.BB
This malware was reported by: Panda Software
W32/Bagle-AZ
This malware was reported by: Sophos
Bagle.AM
This malware was reported by: Computer Associates
Win32.Bagle.AM is a worm that spreads via e-mail and peer-to-peer file sharing. The worm itself is a PeX-packed executable that is approximately 17,000 byte
RemoteShutdown
This malware was reported by: Network Associates Inc
BackDoor-CIP
This malware was reported by: Network Associates Inc
W32/Rbot-LB
This malware was reported by: Sophos
VBS/Yeno.gen
This malware was reported by: Network Associates Inc
StartPage-DM
This malware was reported by: Network Associates Inc
StartPage-CD
This malware was reported by: Network Associates Inc
Noomy.A
This malware was reported by: Panda Software
Noomy.A is a worm that ends processes belonging to antivirus programs and firewalls, among others. This leaves the affected computer vulnerable to the attack of other malware.Noomy.A acts as a backdoor, and it also connects to a website in order to send
Exploit-MS04-028.ldr
This malware was reported by: Network Associates Inc
Trojan.Ducky.B
This malware was reported by: Symantec
Trojan.Ducky.B is a Trojan horse program that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (described in the Microsoft Security Bulletin MS04-028).
Note: Virus definitions dated prior to September 29, 2004 de
PWSteal.Tarno.J
This malware was reported by: Symantec
PWSteal.Tarno.J is a Trojan horse that attempts to steal user names, passwords, and other computer information. The Trojan sends them to a specific email address using its own SMTP engine.
Trojan.Ducky
This malware was reported by: Symantec
Trojan.Ducky is a downloader Trojan that exploits the Microsoft GDI+ Library JPEG Segment Length Integer Underflow vulnerability (as described in the Microsoft Security Bulletin MS04-028).
Note: Virus definitions dated prior to September 29, 2004 detec
W32.Mydoom.AC@mm
This malware was reported by: Symantec
W32.Mydoom.AC@mm is a mass-mailing worm that launches a Denial of Service (DoS) attack against a remote server. It can also spread through file-sharing networks.
W32/Xbot-D
This malware was reported by: Sophos
W32/Bugbear-J
This malware was reported by: Sophos
W32/Snoop-A
This malware was reported by: Sophos
StartPage-EZ
This malware was reported by: Network Associates Inc
W32/Bugbear.j@MM
This malware was reported by: Network Associates Inc
This detection is for a new variant of W32/Bugbear that bears the following characteristics:mass-mails itself to recipient email addresses extracted from the victim machine. It attaches itself to outgoing emails within a ZIP file.
opens a
SillyP2P.A
This malware was reported by: Computer Associates
Win32.SillyP2P.A is a worm that spreads via peer-to-peer (P2P) networks targeting the KazaA network.
Lmir.rz
This malware was reported by: F-Secure
Lmir.rz is a password stealing trojan. However, F-Secure Anti-Virus had a
false alarm on a file that is a part of Real Player, RJBDLL.DLL. This false
alarm has been fixed in the update 2004-10-01_01.
W32/Forbot-AR
This malware was reported by: Sophos
W32.Spybot.EAS
This malware was reported by: Symantec
W32.Spybot.EAS is a worm that may be remotely controlled via IRC channels. It includes distributed denial of service (DDoS) and back door capabilities. The worm also attempts to steal confidential information from the infected computer.
PWSteal.Focosenha
This malware was reported by: Symantec
PWSteal.Focosenha is a Trojan horse program that attempts to steal user names, passwords, and other information from the infected computer.
XM97/Crex-C
This malware was reported by: Sophos
Backdoor.Rtkit.B
This malware was reported by: Symantec
Backdoor.Rtkit.B is a backdoor server program that allows a remote attacker to perform various actions on an infected computer. This backdoor attempts to mask its presence by hiding files, processes, and registry entries.
W32.Bagz@mm
This malware was reported by: Symantec
W32.Bagz@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from the infected computer.
PWSteal.Ldpinch.C
This malware was reported by: Symantec
PWSteal.Ldpinch.C is a password stealing Trojan horse program that attempts to steal information from an infected computer and send it to a remote attacker.
Downloader.Lunii
This malware was reported by: Symantec
Downloader.Lunii is a Trojan horse program that attempts to download remote files, terminate adware products, and delete files.
Backdoor.Sdbot.AC
This malware was reported by: Symantec
Backdoor.Sdbot.AC is a Trojan horse program with backdoor capabilities that spreads to network shares and allows a remote attacker to gain unauthorized access to an infected computer.
W32/Korgo.worm.ae
This malware was reported by: Network Associates Inc
This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:
MS04-011 vulnerability (CAN-2003-0533)http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
The worm spreads with a random filename and act
ProcKill-Jkill
This malware was reported by: Network Associates Inc
W32/Forbot-AV
This malware was reported by: Sophos
W32/Bagz-B
This malware was reported by: Sophos
W32/Sdbot-PV
This malware was reported by: Sophos
W32/Korgo-Q
This malware was reported by: Sophos
W32/Rbot-LD
This malware was reported by: Sophos
W32/Xbot-D
This malware was reported by: Sophos
WORM_NOOMY.A
This malware was reported by: Trendmicro
This mass-mailing worm propagates via email and Internet Relay Chat (IRC). It drops copies of itself using attractive file names in order to trick users into opening the email attachment or link.
WORM_BAGZ.A
This malware was reported by: Trendmicro
This memory-resident, mass-mailing worm uses SMTP (Simple Mail Transfer Protocol) to propagate. It arrives as an attachment to an email with a spoofed From field and varying subjects, message bodies, and attachment file names.
Trojan.Tannick
This malware was reported by: Symantec
Trojan.Tannick is a Trojan horse that monitors the Web sites that a user visits.
W97M.Kamal
This malware was reported by: Symantec
W97M.Kamal is a macro virus that infects Microsoft Word documents when they are opened or closed.
Trojan.Comxt
This malware was reported by: Symantec
Trojan.Comxt is a Trojan horse program that downloads remote files. It uses Alternate Data Streams to hide its presence.
Trojan.AdRmove
This malware was reported by: Symantec
Trojan.AdRmove is a component of an adware program that attempts to delete files and registry entries of other known adware programs produced by rival vendors.
Note: Virus definitions released prior to October 7, 2004 may detect this threat as Trojan.Ki
W32.Fili@mm
This malware was reported by: Symantec
W32.Fili.A@mm is a generic Visual Basic worm that propagates via Microsoft Outlook and through peer-to-peer file-sharing networks. It can also spread via mIRC.
The email has a variable subject and attachment name. The attachment will have a .scr, .pif,
W32.Bagz.B@mm
This malware was reported by: Symantec
W32.Bagz.B@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses gathered from an infected computer.
Trojan.Webus.B
This malware was reported by: Symantec
Trojan.Webus.B is a Trojan horse program that kills antivirus services and launches Distributed Denial of Service (DDoS) attacks against a list of remote servers.
This Trojan is a variant of Trojan.Webus and is packed with UPX and Yoda.
W97M.Prece.A
This malware was reported by: Symantec
W97M.Prece.A is a macro virus that modifies Microsoft Word configuration settings, deletes files, and infects Microsoft Word documents and the Normal.dot template.
Tool-DLL_Injector
This malware was reported by: Network Associates Inc
StealthProxy
This malware was reported by: Network Associates Inc
Proxy-DistNet
This malware was reported by: Network Associates Inc
NetCat
This malware was reported by: Network Associates Inc
HTML/Debeski.bat
This malware was reported by: Network Associates Inc
Linux/Rootkit-Lrk
This malware was reported by: Network Associates Inc
Reg/LowZones
This malware was reported by: Network Associates Inc
QHosts-18
This malware was reported by: Network Associates Inc
W32/Noomy.a@MM
This malware was reported by: Network Associates Inc
QHosts-18!hosts
This malware was reported by: Network Associates Inc
W32/Sdbot.worm.bat.b
This malware was reported by: Network Associates Inc
This detection is for a batch script component that is used by W32/Sdbot.worm IRC bots in propagating to machines on a network.
Please see the W32/Sdbot.worm.gen
description for a detailed description of such IRC bots. This detection has
W32/Bagz.b@MM
This malware was reported by: Network Associates Inc
This is a mass-mailing worm which uses its own SMTP engine to send itself to target addresses collected from different files from the infected system.
It attempts to disable the Windows firewall.
Spoofs the From: address
Top o
JS/Exploit-Detect
This malware was reported by: Network Associates Inc
Downloader-PZ
This malware was reported by: Network Associates Inc
Adware-Lop
This malware was reported by: Network Associates Inc
W32/Lovgate.q@M
This malware was reported by: Network Associates Inc
This detection is for a new variant of W32/Lovgate. It bears the following characteristics:Mails itself, constructing message uses its own SMTP engine. Email attachment may be a ZIP archive. Mails are sent in reply to email messages found on
HiddenRun
This malware was reported by: Network Associates Inc
Lmir
This malware was reported by: F-Secure
Netsnake.H
This malware was reported by: F-Secure
W32/Pikis-B
This malware was reported by: Sophos
W32/Sdbot-PZ
This malware was reported by: Sophos
W32/Darby-G
This malware was reported by: Sophos
W32/Rbot-LY
This malware was reported by: Sophos
W32/Forbot-AY
This malware was reported by: Sophos
W32/Agobot-ZV
This malware was reported by: Sophos
W32/Rbot-LT
This malware was reported by: Sophos
W32/Sdbot-PV
This malware was reported by: Sophos
Nemsi.A
This malware was reported by: Panda Software
Nemsi.A is a virus that infects EXE files using the prepending method.Though its author intented to destroy the information on the Master Boot Sector of the first hard drive when the system date reaches September 13, Nemsi.A does not work properly, and t
Keylogger-Pro
This malware was reported by: Panda Software
Keylogger-Pro is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.Keylogger-Pro is a keylogger that captures data entries
JPGTrojan.C
This malware was reported by: Panda Software
Linux/Rootkit-Knark
This malware was reported by: Network Associates Inc
Linux/Backdoor-ICMP
This malware was reported by: Network Associates Inc
Linux/PWS-Linspy
This malware was reported by: Network Associates Inc
WORM_FUNNER.A
This malware was reported by: Trendmicro
This worm propagates by sending a copy of itself to all contacts found in the MSN Messenger application. Its code also suggests that it may attempt to propagate via QQ Instant Messaging Application by sending a copy of itself as the file FUNNY.EXE.
EXPL_JPGDOWN.B
This malware was reported by: Trendmicro
This variant of EXPL_JPGDOWN likewise arrives as a JPEG file that exploits the JPEG GDI vulnerability known to affect Windows XP.
EXPL_JPGDOWN.C
This malware was reported by: Trendmicro
This Trojan arrives as a JPEG file that exploits a known vulnerability in Windows XP.
Secdrop.F
This malware was reported by: Computer Associates
Win32.Secdrop.F is a trojan that is used to lower security settings in Internet Explorer by modifying the registry in order to download and install adware a
Secdrop.C
This malware was reported by: Computer Associates
W32/Sdbot-QE
This malware was reported by: Sophos
W32/Bagz-B
This malware was reported by: Sophos
W32/Forbot-BA
This malware was reported by: Sophos
W32/Forbot-AV
This malware was reported by: Sophos
W32/Funner.worm
This malware was reported by: Network Associates Inc
This worm is packed using ASPACK packer software and written in MSVB.
It sends itself as FUNNY.EXE to addresses found within MSN Messenger.
When executed, this worm will copy itself to the %Sysdir% folder as
EXPLORER.EXE
IEXPLORE.EXE
W32.Funner
This malware was reported by: Symantec