W32/RAHack
This malware was reported by: Network Associates Inc
This is a virus that attempts to exploit Radmin software. Radmin is a remote administrator software provided by Famatech. The software uses port 4899 by default. The virus scans random ip addresses for port 4899, attempts to exploit the s
Lospad.B
This malware was reported by: Computer Associates
Win32.Lospad.B is a trojan that acts as a dialer. It has been reported from the wild to have been downloaded by the trojan Win32.Lospad.A!downloader.
SillyDl.BT
This malware was reported by: Computer Associates
Lospad.A
This malware was reported by: Computer Associates
Win32.Lospad.A is a trojan that acts as a dialer. It has been seen in the wild, downloaded by Win32.Lospad.A!downloader.
Troj/Bancban-AV
This malware was reported by: Sophos
W32/Rbot-SD
This malware was reported by: Sophos
Cabir.L
This malware was reported by: F-Secure
Cabir.L is a minor variant of Cabir.B the only significant
differences are that the Cabir.L displays different text on the
start dialog when worm starts and that the Cabir.L spreads as Skulls.SIS
instead of Cabir.SIS.
Cabir.L displays text "Sku
Cabir.K
This malware was reported by: F-Secure
Cabir.K is a minor variant of Cabir.H being functionally identical
to Cabir.H variant, with the exception that the Cabir.K variant is recompiled
and uses different binary.
For more details, see description of Cabir.H
http://www.f-secure.com/v-descs/
W32/Kipis.a@MM
This malware was reported by: Network Associates Inc
This is a mass-mailing worm that bears the following characteristics:
Contains its own SMTP engine to construct outgoing messages
Spoofs the From: address
Contains a backdoor component (see below)
Terminates certain Antivirus/Firewal
Troj/Chum-A
This malware was reported by: Sophos
W32/Rembot-A
This malware was reported by: Sophos
SymbOS/Cabir.h
This malware was reported by: Network Associates Inc
New variants of SymbOS/Cabir (h, i, j) have been discovered all of which are very similar. (Minor differences between them may be accounted for by recompilation.) These new variants are also similar to their predecessors
. They bear the fo
Troj/Agent-FO
This malware was reported by: Sophos
Troj/Multidr-BG
This malware was reported by: Sophos
Troj/BeastDo-W
This malware was reported by: Sophos
Troj/Bancos-AS
This malware was reported by: Sophos
Agobot.AMT
This malware was reported by: Computer Associates
W32/Hilin.worm
This malware was reported by: Network Associates Inc
This is a worm written in Visual Basic. It copies itself to mapped network drives and contains keylogging properties as well.
The worm uses Microsoft Word icon to fool users into opening it.
It then searches for Microsoft Word docu
PWS-Banker!pwdrar
This malware was reported by: Network Associates Inc
SymbOS/Cabir.i
This malware was reported by: Network Associates Inc
New variants of SymbOS/Cabir (h, i, j) have been discovered all of which are very similar. (Minor differences between them may be accounted for by recompilation.) These new variants are also similar to their predecessors
. They bear the fo
SymbOS/Cabir.j
This malware was reported by: Network Associates Inc
New variants of SymbOS/Cabir (h, i, j) have been discovered all of which are very similar. (Minor differences between them may be accounted for by recompilation.) These new variants are also similar to their predecessors
. They bear the fo
W32/Kipis.b@MM
This malware was reported by: Network Associates Inc
This is a mass-mailing worm that bears the following characteristics:
Contains its own SMTP engine to construct outgoing messages
Spoofs the From: address
Terminates certain Antivirus/Firewall products
Top of Page
W32/Sdbot-SW
This malware was reported by: Sophos
Troj/Agent-ZC
This malware was reported by: Sophos
Exploit-Winhlp
This malware was reported by: Network Associates Inc
PERL_SANTY.C
This malware was reported by: Trendmicro
This worm downloads specific files, which it uploads to vulnerable target servers, from the following site via the default HTTP port 80:
Backdoor.Zins
This malware was reported by: Symantec
Backdoor.Zins is a Trojan horse with keylogging functions for certain Internet banking Web sites.
Bloodhound.Exploit.22
This malware was reported by: Symantec
Bloodhound.Exploit.22 is a heuristic detection for malformed Windows Help (.hlp) files attempting to exploit the Microsoft Windows winhlp32 Phrase Heap Overflow Vulnerability (as described in BID 12092) and the Microsoft Windows winhlp32 Phrase Integer
WORM_GIFT.C
This malware was reported by: Trendmicro
This worm propagates via email. It sends copies of itself as attachment to email messages it sends out. It uses Microsoft Word to compose email messages.
Skulls.D
This malware was reported by: F-Secure
Cabir.M
This malware was reported by: F-Secure
Cabir.M is a minor variant of Cabir.B the only significant
differences are that the Cabir.M displays different text on the
start dialog when worm starts and that the Cabir.M spreads as free$8.SIS
instead of Cabir.SIS.
Cabir.M displays text "fre
Generic PWS.d
This malware was reported by: Network Associates Inc
W32/Sdbot-SV
This malware was reported by: Sophos
Perl/Santy-Fam
This malware was reported by: Sophos
Downloader-NH
This malware was reported by: Network Associates Inc
W32/Puce-B
This malware was reported by: Sophos
W32/Forbot-DH
This malware was reported by: Sophos
Backdoor.Sdbot.AI
This malware was reported by: Symantec
Backdoor.Sdbot.AI is a network-aware worm with back door capabilities. It allows a remote attacker to gain unauthorized access to the infected computer and spreads via network shares.
Backdoor.Ranky.P
This malware was reported by: Symantec
Backdoor.Ranky.P is a back door Trojan horse program that allows an infected computer to be used as a covert proxy.
Trojan.Kility
This malware was reported by: Symantec
Trojan.Kility is a Trojan horse program that disables the paste function in Microsoft Windows.
W32/Forbot-DJ
This malware was reported by: Sophos
W32/Dedler-H
This malware was reported by: Sophos
Breacuk.E
This malware was reported by: Panda Software
Breacuk.E is a worm that deletes files with an EXE, DLL, OCX and BMP extension, among others. As a result, applications that use those files will stop working. Moreover, the computer presents problems to start up correctly.Breacuk.E spreads through the p
WORM_CELLERY.A
This malware was reported by: Trendmicro
When run, this worm pops out a Tetris-like game while playing a background music. This background music is actually the file MINUET.MID, which it drops on the affected system, along with the file FORMAT32.EXE, which is a copy of itself.
Asan.A
This malware was reported by: Panda Software
Asan.A is a worm that affects servers running a vulnerable version of the application phpBB that are already affected by the other worm, detected by Panda Software as PHP/Santy.A.worm.phpBB is an open source program used to easily create bulletin boards,
Troj/Santabot-A
This malware was reported by: Sophos
W32/Leebad-B
This malware was reported by: Sophos
W32/Agobot-OT
This malware was reported by: Sophos
Troj/Bancban-AV
This malware was reported by: Sophos
W32/Mirsa@MM
This malware was reported by: Network Associates Inc
This detection is for virus written in MSVB intended to propagate via email. The virus is proactively detected as trojan or variant of New Malware.d with DATs 4306 or higher with heuristics scanning enabled.
When run, the virus copies itse
PERL_SANTY.F
This malware was reported by: Trendmicro
This malware spreads on Web servers running the popular phpBB application. Individual end-user systems are unaffected.
PERL_SANTY.A
This malware was reported by: Trendmicro
Initial analysis of samples of this malware indicates it spreads on Web servers running the popular phpBB application. Individual end-user systems appear to be unaffected as of this time.
Adware-Homepage
This malware was reported by: Network Associates Inc
W32/Rbot-SQ
This malware was reported by: Sophos
Troj/Chum-A
This malware was reported by: Sophos
WORM_SDBOT.CCD
This malware was reported by: Trendmicro
Worms are malicious programs that are able to replicate independently across a network, through email, IRC, or Peer-to-peer applications. They do not infect other files on a computer.
Winxor.A
This malware was reported by: Panda Software
Winxor.A is a backdoor that connects to an IRC server and waits for remote control commands, which will be performed on the affected computer.These possible actions include downloading files, executing programs, restarting the computer, etc.On demand, Wi
Troj/Corpse-A
This malware was reported by: Sophos
Troj/Agent-FO
This malware was reported by: Sophos
Generic Downloader.e
This malware was reported by: Network Associates Inc
Generic MultiDropper.c
This malware was reported by: Network Associates Inc
Trojan.Feutel
This malware was reported by: Symantec
Trojan.Feutel is a Trojan horse program that will hide its presence on the compromised system and download files from websites.
OutsBot.C
This malware was reported by: Computer Associates
Win32.OutsBot.C is an IRC-controlled backdoor trojan that allows unauthorized access to an affected machine. It also functions as a SOCKS proxy.
Envid.A
This malware was reported by: Computer Associates
Win32.Envid.A is a worm that spreads by sending e-mail that contains a link to the worm. The worm is downloaded should the user click on the link. However,
Envid.B
This malware was reported by: Computer Associates
Win32.Envid.B is a worm that spreads by sending e-mail that contains a link to the worm. The worm is downloaded should the user click on the link. However,
W32/Sdbot-TA
This malware was reported by: Sophos
Troj/BeastDo-W
This malware was reported by: Sophos
W32/Sdbot-SV
This malware was reported by: Sophos
Kipis.A
This malware was reported by: Computer Associates
Win32.Kipis.A is a worm that spreads via e-mail and network shares. It also terminates a number of processes and can download and execute arbitrary files.
Kipis.B
This malware was reported by: Computer Associates
Win32.Kipis.B is a worm that spreads via e-mail and network shares. It also terminates a number of processes and can download and execute arbitrary files.
Adware-ISTBar
This malware was reported by: Network Associates Inc
W32/Rbot-SX
This malware was reported by: Sophos
W32/Puce-B
This malware was reported by: Sophos
Adware-PerfectNav
This malware was reported by: Network Associates Inc
W32/Agobot-OU
This malware was reported by: Sophos
W32/Forbot-DJ
This malware was reported by: Sophos
RemAdm-WinUpNet
This malware was reported by: Network Associates Inc
W32/Oddbob.worm
This malware was reported by: Network Associates Inc
This worm attempts to connect to remote machines on port 445, sending shell code intended to exploit an old vulnerability (LSASS):
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Top of Page
W32.Rahack
This malware was reported by: Symantec
W32.Rahack is a worm that spreads to computers running Radmin software by exploiting weak passwords to connect to the Radmin server.
Backdoor.Alets.B
This malware was reported by: Symantec
Backdoor.Alets.B is a back door Trojan horse program that allows a remote attacker to have unauthorized access to a compromised computer via IRC channels.
Trojan.Hako
This malware was reported by: Symantec
Trojan.Hako is a Trojan horse program that sends ICQ messages with links to Web sites.
This Trojan is written in Delphi and packed with UPX.
Backdoor.Tjserv.B
This malware was reported by: Symantec
Backdoor.Tjserv.B is a HTTP and SOCKSv5 proxy.
W32/Agobot-ADH
This malware was reported by: Sophos
Troj/Santabot-A
This malware was reported by: Sophos
Backdoor.XTS.B
This malware was reported by: Symantec
Backdoor.XTS.B is a typical back door server program that allows a remote attacker to obtain unauthorized access to compromised systems.
Backdoor.Tjserv.C
This malware was reported by: Symantec
Backdoor.Tjserv.C is back door Trojan horse program that opens an HTTP and a SOCKS 5 proxy server on the compromised computer.
SYMBOS_SKULLS.D
This malware was reported by: Trendmicro
This SYMBOS_SKULLS variant is capable of infecting mobile phones running Series 60 Symbian operating system. It usually arrives as an installation file named Flash_1[1].1_Full_DotSiS.SIS, which can be downloaded from a Web page.
W32/Sdbot-TB
This malware was reported by: Sophos
W32/Agobot-OT
This malware was reported by: Sophos
Reboot-AA
This malware was reported by: Network Associates Inc
Troj/Feutel-A
This malware was reported by: Sophos
W32/Rbot-SQ
This malware was reported by: Sophos
W32.Spybot.HUR
This malware was reported by: Symantec
W32.Spybot.HUR is a worm that has distributed denial of service and back door capabilities. The worm spreads to network shares protected by weak passwords and by exploiting system vulnerabilities.
W32.Looked.B
This malware was reported by: Symantec
W32.Looked.B is a worm that downloads a file and then infects .exe files. The worm also spreads through shared folders.
Trojan.Goldun
This malware was reported by: Symantec
SymbOS.Cabir.G
This malware was reported by: Symantec
SymbOS.Cabir.G is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as Tee222.SIS.
The worm creates the file 222.MDL instead of FLO.MDL.
The worm disp
SymbOS.Cabir.F
This malware was reported by: Symantec
SymbOS.Cabir.F is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as skulls.SIS.
The worm creates MOD.MDL instead of FLO.MDL.
The worm displays th
SymbOS.Cabir.E
This malware was reported by: Symantec
SymbOS.Cabir.E is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as [YUAN].SIS.
The worm displays the following message after infection:
[YUAN]
T
SymbOS.Cabir.D
This malware was reported by: Symantec
SymbOS.Cabir.D is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as MYTITI.SIS.
The worm displays the following message after infection:
MYTITI
SymbOS.Cabir.C
This malware was reported by: Symantec
SymbOS.Cabir.C is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as ni&ai-.SIS.
The worm displays the following message after infection:
ni&ai-