W32/Rbot-MI
This malware was reported by: Sophos
W32/Rbot-LT
This malware was reported by: Sophos
Downloader-QG.dr
This malware was reported by: Network Associates Inc
Downloader-QG
This malware was reported by: Network Associates Inc
Downloader-QR
This malware was reported by: Network Associates Inc
Downloader-QI
This malware was reported by: Network Associates Inc
Funner.A
This malware was reported by: Computer Associates
Win32.Funner is a worm that spreads via MSN Messenger and overwrites the host file on an affected machine.
WORM_FILI.A
This malware was reported by: Trendmicro
This worm propagates itself via peer-to-peer (P2P) applications by dropping copies of itself in default shared folders and using attractive file names in order to trick users into downloading it into their own systems. It also propagates via email and Int
W32.Korgo.AE
This malware was reported by: Symantec
W32.Korgo.AE is a worm that attempts to spread by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability on TCP port 445. This vulnerability is described in Microsoft Security Bulletin MS04-011.
Backdoor.Berbew.K
This malware was reported by: Symantec
Backdoor.Berbew.K is a Backdoor Trojan horse that attempts to steal cached passwords.
Dluca.L
This malware was reported by: Computer Associates
Win32.Dluca.L is a downloading trojan that also lowers security settings in Interenet Explorer.
W32/Bagle-AC
This malware was reported by: Sophos
W32/Agobot-ZV
This malware was reported by: Sophos
W32.Fili.A@mm
This malware was reported by: Symantec
W32.Fili.A@mm is a generic Visual Basic worm that propagates via Microsoft Outlook and through peer-to-peer file-sharing networks. It can also spread via mIRC.
The email has a variable subject and attachment name. The attachment will have a .scr, .pif,
W32/Forbot-AZ
This malware was reported by: Sophos
W32/Forbot-AY
This malware was reported by: Sophos
W32/Forbot-BD
This malware was reported by: Sophos
W32/Rbot-LY
This malware was reported by: Sophos
Downloader-QU
This malware was reported by: Network Associates Inc
W32/GregCenter
This malware was reported by: Network Associates Inc
This is a Windows, 32bit, prepending virus. It copies itself to the beginning of files, shifting the original file header down.
The samples received seem to have come from computer games downloaded from the Internet.
The strings "Greg
WORM_BAGZ.B
This malware was reported by: Trendmicro
This memory-resident worm arrives via email as an attachment. It drops multiple components in the Windows system folder, some of which are as follows:
MS Vulnerability MS04-036
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-035
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-034
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-033
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-032
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-031
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-030
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-029
This malware was reported by: Network Associates Inc
Exploit-1Table
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-038
This malware was reported by: Network Associates Inc
MS Vulnerability MS04-037
This malware was reported by: Network Associates Inc
Backdoor.Bifrose
This malware was reported by: Symantec
Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
Trojan.Webus.C
This malware was reported by: Symantec
Trojan.Webus.C is a Trojan horse that connects to an Internet Relay Chat (IRC) server and opens a backdoor on TCP port 10888 or 1080.
W32/Darby-G
This malware was reported by: Sophos
Funner.A
This malware was reported by: F-Secure
W32/Funner-A
This malware was reported by: Sophos
W32/Sdbot-PZ
This malware was reported by: Sophos
Bloodhound.Exploit.15
This malware was reported by: Symantec
Bloodhound.Exploit.15 is a heuristic detection for malformed GRP files that are potentially related to the Program Group Converter Vulnerability, which is described in Microsoft Security Bulletin MS04-037.
The files that are detected as Bloodhound.Exp
OCT_12_MS_VULNERABILITIES
This malware was reported by: Trendmicro
Blackmal.E
This malware was reported by: Computer Associates
Win32.Blackmal.E is a worm that spreads via e-mail and network shares.
W32/Pikis-B
This malware was reported by: Sophos
OCT_MS_VULNERABILITIES
This malware was reported by: Trendmicro
W32/Sdbot-QF
This malware was reported by: Sophos
W32/Sdbot-QE
This malware was reported by: Sophos
MS_VULNERABILITIES_OCT2004
This malware was reported by: Trendmicro
This is an overview of the Microsoft vulnerabilities published by Microsoft on October 12, 2004. This set is composed of ten vulnerabilities:
Bacros.A
This malware was reported by: F-Secure
Bacros.A is a virus that infects local filesystem files by renaming all
text files (.txt) as exe. It can also copy itself in floppies and CD-roms.
The virus also drops and executes a Word Macro virus W97M/Bacros.A.
Both, the binary and the macro part
W32/Sdbot-QG
This malware was reported by: Sophos
W32/Rbot-MI
This malware was reported by: Sophos
Funner.A
This malware was reported by: Panda Software
Funner.A is a worm that spreads via MSN Messenger.Funner.A modifies the HOSTS file, so that users cannot access certain websites.
JPGTrojan.D
This malware was reported by: Panda Software
Downloader-QV
This malware was reported by: Network Associates Inc
Joke-RainDrops
This malware was reported by: Network Associates Inc
Linux/Rootkit-FKit
This malware was reported by: Network Associates Inc
WORM_NETSKY.AF
This malware was reported by: Trendmicro
Like earlier NETSKY variants, this worm mainly propagates via email. Using its own SMTP (Simple Mail Transfer Protocol) engine, it sends out email with varying subjects, message bodies and attachment names that are mostly written in Brazilian Portugese. T
NetSky.AF
This malware was reported by: F-Secure
NetSky.AF spreads itself in e-mails inside a ZIP archive or as an executable attachment.
It also copies itself to shared folders of all available drives. This allows the worm to
spread in peer-to-peer and local networks. It is related to NetSky.B.
W32.Netsky.AD@mm
This malware was reported by: Symantec
W32.Netsky.AD@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds on the infected computer.
The email subject, message body, and attachment are variable.
This threat is compressed with UPX and PCPEC.
Netsky.AE
This malware was reported by: Computer Associates
Win32.Netsky.AE is a worm that spreads via e-mail and sharing networks. It may also be distributed as a ZIP archive.
W32/Netsky.ag@MM
This malware was reported by: Network Associates Inc
-- Update October 14th 2004 --
Due to an increase in prevalence the risk assessment of this threat is being raised to Medium
The 4399 DAT files will be released early for this threat. In the meantime, the following EXTRA.DAT packages are
W32/Netsky-AD
This malware was reported by: Sophos
W32/Bagle-AC
This malware was reported by: Sophos
Agni.864
This malware was reported by: Computer Associates
Revcuss.D
This malware was reported by: Computer Associates
W32/Sdbot-QH
This malware was reported by: Sophos
W32/Forbot-AZ
This malware was reported by: Sophos
Backdoor.Yiha
This malware was reported by: Symantec
Backdoor.Yiha is a backdoor Trojan horse that allows an attacker to download and upload files to an infected computer.
Netsky.AG
This malware was reported by: Panda Software
Netsky.AG is a worm without damaging effects that spreads via e-mail in a message with variable characteristics and through peer-to-peer (P2P) file sharing programs.Netsky.AG deletes the entries belonging to other worms, including Mydoom.A, Mydoom.B and
Darby.gen
This malware was reported by: Panda Software
Darby.gen is not a specific worm, but a generic detection for future variants of the Darby family. This group of worms has the following common characteristics:They search the memory for active processes belonging to antivirus programs, firewalls and sys
W32/Sdbot-QJ
This malware was reported by: Sophos
W32/Forbot-BD
This malware was reported by: Sophos
W32.Bitter
This malware was reported by: Symantec
W32.Bitter is a worm that may be able to propagate through file-share networks. It is produced by a constructor kit and can inject itself into other processes.
Backdoor.Hacarmy.E
This malware was reported by: Symantec
Backdoor.Hacarmy.E is a backdoor server program that allows unauthorized remote access to an infected computer.
W32.Nits.A
This malware was reported by: Symantec
W32.Nits.A is a network-aware worm that runs a HTTP proxy on the infected computer.
W32.Syphilo
This malware was reported by: Symantec
W32.Sophily is a virus that infects files with .exe extensions. It attempts to steal passwords from the infected computer.
Note: Virus definitions dated October 15th, 2004 or earlier may detect this threat as W32.Syphilo.
W32.Mydoom.AD@mm
This malware was reported by: Symantec
W32.Mydoom.AD@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds from an infected system. It also attempts to spread itself through IRC and some popular peer-to-peer networks.
Backdoor.Lowtaper
This malware was reported by: Symantec
Backdoor.Lowtaper is a backdoor Trojan horse that allows remote command execution.
Phishbank.BY
This malware was reported by: Computer Associates
W32/Traxg-B
This malware was reported by: Sophos
W32/Snoop-A
This malware was reported by: Sophos
W32/Traxg-B
This malware was reported by: Network Associates Inc
Proactive Detection
This worm is detected as W32/Generic.a@MM
with the 4314 DATs or greater. As such it poses little risk to users running McAfee AV protection.
The worm bears the following characteristics:
written in MSVB
mails
W32.Sophily
This malware was reported by: Symantec
W32.Sophily is a virus that infects files with .exe extensions. It attempts to steal passwords from the infected computer.
Note: Virus definitions dated October 15th, 2004 or earlier may detect this threat as W32.Syphilo.
W32/Forbot-BI
This malware was reported by: Sophos
W32/Funner-A
This malware was reported by: Sophos
W32/Apribot-C
This malware was reported by: Sophos
MyDoom.AE
This malware was reported by: F-Secure
A new variant of MyDoom worm - Mydoom.AC, was found in the middle
of September 2004. This worm variant can spread in e-mails as a
fake FlashEcard virtual postcard.
W32/Rbot-NC
This malware was reported by: Sophos
W32/Sdbot-QF
This malware was reported by: Sophos
MyDoom.AE
This malware was reported by: F-Secure
Mydoom.AD
This malware was reported by: Computer Associates
Win32.Mydoom.AD is a worm that spreads via e-mail and contains backdoor functionality. It may also be distributed inside a ZIP archive.
W32/Wort-B
This malware was reported by: Sophos
W32.Narcs
This malware was reported by: Symantec
W32.Narcs is a worm that spreads through IRC and the IMesh and Kazaa file-sharing networks. This worm also downloads and executes W32.Spybot.Worm.
W32.Mydoom.AF@mm
This malware was reported by: Symantec
W32.Mydoom.AF@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on the infected computer. The worm also contains back door functionality which allows unauthorized remote access.
The email will ha
W32/Sluter-E
This malware was reported by: Sophos
W32/Sdbot-QG
This malware was reported by: Sophos
Tool-IdleUI
This malware was reported by: Network Associates Inc
W32/Rbot-NA
This malware was reported by: Sophos
W32/Netsky-AD
This malware was reported by: Sophos
W32.Philis.C
This malware was reported by: Symantec
W32.Philis.C is a virus that infects files with .exe extensions. It attempts to steal passwords from the infected computer.
Notes:
Virus definitions dated October 15th, 2004 or earlier may detect this threat as W32.Syphilo.
Virus definitions dated Oct
PWCrack-RockXp
This malware was reported by: Network Associates Inc
W32/Mydoom.ae@MM
This malware was reported by: Network Associates Inc
This is a mass-mailing worm that bears the following characteristics:
contains its own SMTP engine to construct outgoing messages
contains a backdoor component (see below)
Modifies the HOSTS file
Downloads W32/Scran.worm (P2P worm)