Pokier.A
This malware was reported by: Computer Associates
Win32.Pokier.A is a 7,680-byte trojan that opens a Socks 4 proxy server on an affected machine.
Atak.F
This malware was reported by: Computer Associates
Win32.Atak.F is an email worm that has been distributed as a 12,253-byte, FSG-packed Win32 executable.
Downloader-LL
This malware was reported by: Network Associates Inc
Downloader-MB
This malware was reported by: Network Associates Inc
HTool/Exp-MS04-028.b
This malware was reported by: Network Associates Inc
POSSIBLE_VIRUS
This malware was reported by: Trendmicro
This is Trend Micro’s generic detection for all suspicious and possibly malicious files detected by the new WinTrap engine.
W32/Rbot-SD
This malware was reported by: Sophos
W32/Delf-JB
This malware was reported by: Sophos
Email-Worm.Win32.Kipis.A
This malware was reported by: F-Secure
A new email worm Kipis.A was found on 22th of December 2004.
The worm spreads in emails that have a subject "Love", "I Love You",
or "Happy New Year".
Kipis.A
This malware was reported by: F-Secure
A new email worm Kipis.A was found on 22th of December 2004.
The worm spreads in emails that have a subject "Love", "I Love You",
or "Happy New Year".
VBS/Umbriel
This malware was reported by: Network Associates Inc
This threat is detected as VBS/Umbriel.
This virus overwrites the local HOSTS file (such as c:windowssystem32driversetchosts) to prevent the local system from accessing domain names. It also attempts to connect to a remote website, to
W97M.Sapattra
This malware was reported by: Symantec
W97M.Sapattra is a macro virus that infects Microsoft Word documents and the Normal.dot template. The virus also lowers the Microsoft Word macro security settings.
Mugly.C
This malware was reported by: Panda Software
Mugly.C is a worm that drops and executes other worm, detected by Panda Software as W32/Gaobot.CDO.worm.Additionally, Mugly.C prevents the affected user from accessing the websites belonging to several antivirus companies.Mugly.C spreads via e-mail in a
W32/Mkar-E
This malware was reported by: Sophos
W32/Wort-D
This malware was reported by: Sophos
SYMBOS_CABIR.C
This malware was reported by: Trendmicro
This malware infects Series 60 mobile phones. It usually arrives as an installation file named METAL GEAR.SIS and can be downloaded from a Web page.
Tool-NetCat
This malware was reported by: Network Associates Inc
W32.Envid.C@mm
This malware was reported by: Symantec
W32/Agobot-OR
This malware was reported by: Sophos
W32/Rbot-RW
This malware was reported by: Sophos
Tool-NT110
This malware was reported by: Network Associates Inc
TROJ_NT.A
This malware was reported by: Trendmicro
This Trojan may arrive as part of other malware installation package or is downloaded from the Internet.
Atak.H
This malware was reported by: Computer Associates
Win32.Atak.H is an email worm. It has been distributed as an 11,625-byte, FSG-packed Win32 executable.
Atak.I
This malware was reported by: Computer Associates
Win32.Atak.I is an email worm. It has been distributed as a 10,805-byte, FSG-packed Win32 executable.
Atak.J
This malware was reported by: Computer Associates
Win32.Atak.J is an email worm. It has been distributed as a 10,801-byte, FSG-packed Win32 executable.
Atak.L
This malware was reported by: Computer Associates
Win32.Atak.L is an email worm. It has been distributed as a 11,885-byte, FSG-packed Win32 executable.
Mima.B
This malware was reported by: Computer Associates
Win32.Mima.B is a trojan that logs sensitive information, such as passwords, from an affected machine.
WORM_BEAKER.A
This malware was reported by: Trendmicro
This worm arrives and propagates via email. It uses its own Simple Mail Transfer Protocol (SMTP), which enables it to send email messages without using other email applications, such as Microsoft Outlook.
Keylog-Jingt
This malware was reported by: Network Associates Inc
W32/Rembot-A
This malware was reported by: Sophos
W32/Oddbob-A
This malware was reported by: Sophos
Mastof
This malware was reported by: Panda Software
Mastof.A
This malware was reported by: Panda Software
W32.Beaker.A@mm
This malware was reported by: Symantec
W32.Beaker.A@mm is a mass-mailing worm that sends a copy of itself by email and overwrites files on infected computers.
SymbOS.Skulls.C
This malware was reported by: Symantec
SymbOS.Skulls.C is a Trojan horse that replaces the system applications and third-party applications on the device. By default, theTrojan has the file name "skull.sis." SymbOS.Skulls.C is a variant of SymbOS.Skulls.
SymbOS.MGDropper
This malware was reported by: Symantec
SymbOS.MGDropper is a Trojan horse program that replaces system applications and third-party applications. It is a SIS install file for Symbian Series 60 devices. In addition, the Trojan installs SymbOS.Cabir. By default the Trojan horse has the filename
Troj/Multidr-BG
This malware was reported by: Sophos
W32/Sdbot-SI
This malware was reported by: Sophos
Redirected HOSTS
This malware was reported by: Network Associates Inc
Bloodhound.Exploit.19
This malware was reported by: Symantec
Bloodhound.Exploit.19 is a heuristic detection for malformed image files attempting to exploit the LoadImage API Function Integer Overflow Vulnerability (as described in BID 12095). The vulnerability is still unpatched by Microsoft as of December 23, 2
Exploit-ANIfile
This malware was reported by: Network Associates Inc
VBS/Notice.gen
This malware was reported by: Network Associates Inc
Bat/Venim
This malware was reported by: Network Associates Inc
Exploit-LoadImgAPI
This malware was reported by: Network Associates Inc
VBS/Winrun
This malware was reported by: Network Associates Inc
Backdoor.Ranky.O
This malware was reported by: Symantec
Backdoor.Ranky.O is a back door Trojan horse program that allows a compromised computer to be used as a covert proxy.
Troj/Bancos-AS
This malware was reported by: Sophos
W32/Rbot-RY
This malware was reported by: Sophos
Troj/Agent-ZC
This malware was reported by: Sophos
W32/Rbot-SB
This malware was reported by: Sophos
BackDoor-CLT
This malware was reported by: Network Associates Inc
Bloodhound.Exploit.21
This malware was reported by: Symantec
Bloodhound.Exploit.21 is a heuristic detection for files that have been designed to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (BID 11467). The vulnerability is still unpatched by Micr
Bloodhound.Exploit.20
This malware was reported by: Symantec
Bloodhound.Exploit.20 is a heuristic detection for animated cursor(.ani) files that have been designed to exploit the Microsoft Windows Kernel .ani file Parsing and Denial of Service Vulnerability (BID 12094). The vulnerability is still unpatched by Mi
Linux/Binom
This malware was reported by: Network Associates Inc
PE_STREAM.A
This malware was reported by: Trendmicro
PE_STREAM.A is a new generation of Windows virus. It is a Win 32, direct infector virus that infects executable files in the current directory. Also, known as W2k.Stream, this virus infects Windows NT/2000 operating systems using NTFS file system, which a
Perl.Santy.C
This malware was reported by: Symantec
Perl.Santy.C is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11, which are vulnerable to the PHPBB Remote URLDecode Input Validation Vulnerability (BID 11672
Perl.Santy.B
This malware was reported by: Symantec
Perl.Santy.B is a worm written in Perl script that attempts to spread to Web servers running versions of the phpBB 2.x bulletin board software prior to 2.0.11, which are vulnerable to the PHPBB Remote URLDecode Input Validation Vulnerability (BID 11672
Exploit-phpBB!hilight
This malware was reported by: Network Associates Inc
TROJ_LOADIMG.A
This malware was reported by: Trendmicro
This is Trend Micro’s detection for a proof-of-concept icon file that, if loaded, could cause a buffer overflow on the USER32 Library.
HLP_EXPLOIT.A
This malware was reported by: Trendmicro
StartPage-DU.dll
This malware was reported by: Network Associates Inc
AdClicker-BA
This malware was reported by: Network Associates Inc
Trojan.Phel.A
This malware was reported by: Symantec
Trojan.Phel.A is a Trojan horse program, which is distributed as an .html file, and attempts to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (BID 11467).
Trojan.Phel.A attempts to infec
Cabir.H
This malware was reported by: F-Secure
Cabir.H is a bluetooth using worm that runs in Symbian
mobile phones that support Series 60 platform.
The Cabir.H variant is a recompiled version of the original Cabir,
the main difference being that Cabir.H has fixed replication
routine and is capa
Cabir.I
This malware was reported by: F-Secure
Cabir.I is a minor variant of Cabir.H being functionally identical
to Cabir.H variant, with the exception that the I variant is recompiled
and uses different binary.
For more details, see description of Cabir.H
http://www.f-secure.com/v-descs/cabir_
Kipis.B
This malware was reported by: F-Secure
A new variant of email worm Kipis was found on 24th of December 2004.
The worm spreads in emails that have a subject "Hello", "Happy New Year",
or "Ass". This variant also does a DDoS attack against www.kaspersky.ru.
WORM_SANTY.F
This malware was reported by: Trendmicro
This worm spreads on Web servers running the popular phpBB application. Individual end-user systems are unaffected.
Perl.Lexac
This malware was reported by: Symantec
Perl.Lexac is a worm that spreads to Web servers running php scripts that are vulnerable to a "File Inclusion Flaw", which results from programming errors. The worm uses the Google and Yahoo search engines to obtain a list of vulnerable computers.
Note:
W32.Reper.A
This malware was reported by: Symantec
W32.Reper.A is a virus that copies itself to the disks on a computer between C: and Z: and adds itself to the autorun.inf file, so that it is started automatically when the disk is inserted.
Perl/Santy-Fam
This malware was reported by: Sophos
Troj/Bancban-AN
This malware was reported by: Sophos
Downloader-LZ
This malware was reported by: Network Associates Inc
W32.Kipis.A@mm
This malware was reported by: Symantec
W32.Kipis.A@mm is a mass-mailing worm that sends itself to addresses harvested from the infected system. The email has a variable subject and attachment name. The attachment has a .scr file extension.
BackDoor-BCB
This malware was reported by: Network Associates Inc
HHelp
This malware was reported by: Panda Software
W97M.Dinela
This malware was reported by: Symantec
W97M.Dinela is a macro virus that attempts to infect the Microsoft Word Normal.dot template file and open documents. The virus also deletes files and changes the Microsoft Internet Explorer settings.
W32.Kipis.B@mm
This malware was reported by: Symantec
W32.Kipis.B@mm is a mass-mailing worm that has denial of service capabilities and opens a back door on the compromised computer. The worm also lowers security settings and attempts to spread through file-sharing networks.
Cabir.J
This malware was reported by: F-Secure
Cabir.J is a minor variant of Cabir.H being functionally identical
to Cabir.H variant, with the exception that the I variant is recompiled
and uses different binary.
For more details, see description of Cabir.H
http://www.f-secure.com/v-descs/cabir_
Santy.B
This malware was reported by: Panda Software
Santy.B is a worm that affects servers running a version of the application phpBB prior to 2.0.11. phpBB is an open source program used to easily create bulletin boards, forums and newsgroups. It uses a vulnerability in one of the files belonging to phpB
Downloader-TO
This malware was reported by: Network Associates Inc
CoreFlood.dr
This malware was reported by: Network Associates Inc
Exploit-phpBB!hilight
This malware was reported by: Network Associates Inc
-- Update December 28, 2004 --
Perl/Santy.worm is being detected generically under the name Exploit-phpBB!hilight (detection included in the 4417 DAT files). This detection covers all variants that are known to exist (at the time of this
Backdoor.Lifefournow
This malware was reported by: Symantec
Backdoor.Lifefournow is a backdoor Trojan horse program that allows a compromised computer to be used to reveal and test the configuration of a network.
W32/Forbot-DH
This malware was reported by: Sophos
Perl/Santy-A
This malware was reported by: Sophos
Perl/Skyki.worm
This malware was reported by: Network Associates Inc
The Perl/Spyski.worm detection covers a worm that is based on the idea of the Perl/Santy.worm
virus. Spyski does not exploit the same vulnerability. Based on the same principle, Perl/Spyski.worm attempts to locate vulnerable PHP servers
Exploit-HelpZonePass
This malware was reported by: Network Associates Inc
JS/Exploit-HelpXSite
This malware was reported by: Network Associates Inc
W32.Protoride.B
This malware was reported by: Symantec
W32.Protoride.B is a worm that spreads through network shares and opens a back door that allows unauthorized access to a compromised computer.
Perl/Spyski.worm
This malware was reported by: Network Associates Inc
The Perl/Spyski.worm detection covers a worm that is based on the idea of the Perl/Santy.worm
virus. Spyski does not exploit the same vulnerability. Based on the same principle, Perl/Spyski.worm attempts to locate vulnerable PHP servers
HLP_HEAPINTX.A
This malware was reported by: Trendmicro
This is Trend Micro’s detection for the proof of concept .HLP files that, if loaded, would cause a buffer overflow on WINHLP32.EXE.
W32/Dedler-H
This malware was reported by: Sophos
W32/Mkar-E
This malware was reported by: Sophos
SYMBOS_VLASCO.A
This malware was reported by: Trendmicro
This malware affects Series 60 mobile phones. It usually arrives as an installation file named VELASCO.SIS and can be downloaded from a Web page or received via Bluetooth.
Spyki.A
This malware was reported by: Panda Software
Spyki.A is a worm that affects servers running a version of the application phpBB prior to 2.0.11. phpBB is an open source program used to easily create bulletin boards, forums and newsgroups. It uses a vulnerability in one of the files belonging to phpB
W32/Leebad-B
This malware was reported by: Sophos
W32/Agobot-OR
This malware was reported by: Sophos
Santy.B
This malware was reported by: Computer Associates
Perl.Santy.B is a worm that spreads via web servers running vulnerable versions of phpBB 2.x prior to 2.0.11.
Generic PWS.b
This malware was reported by: Network Associates Inc
W32.Envid.D@mm
This malware was reported by: Symantec
W32.Envid.D@mm is a mass-mailling worm that sends email to all addresses found in the Microsoft Address Book. The email contains a link that will download the worm, if clicked. The worm lowers security settings by terminating various processes related to