SymbOS.Cabir.B
This malware was reported by: Symantec
SymbOS.Cabir.B is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only difference is SymbOS.Cabir.B displays the following message after infection:
Caribe
The worm repeatedly sends itse
Trojan.Minit
This malware was reported by: Symantec
Trojan.Minit is a Trojan horse that creates a DLL which will download and execute arbitrary code from a predetermined list of websites.
JS/Exploit-BO.gen
This malware was reported by: Network Associates Inc
LNK_ACESPADES.A
This malware was reported by: Trendmicro
This file infector arrives as an .LNK file. Upon execution by a user, it overwrites all .LNK files in the folder where it is executed.
TROJ_CLICKER.S
This malware was reported by: Trendmicro
This memory-resident Trojan arrives in a system by being installed from a malicious Web site, or by being dropped by another malware.
VBS/Mcon-G
This malware was reported by: Sophos
W32/Sdbot-SW
This malware was reported by: Sophos
SymbOS.Skulls.D
This malware was reported by: Symantec
SymbOS.Skulls.D is a Trojan horse that replaces system applications and third-party applications on the compromised device.
W32/Rbot-TD
This malware was reported by: Sophos
Troj/Corpse-A
This malware was reported by: Sophos
Gaobot.CKP
This malware was reported by: Panda Software
Gaobot.CKP is a worm with backdoor characteristics that allows hackers to gain remote control over the affected computer and carry out actions such as command execution, download and execute files, log keystrokes, obtain different information on the comp
WORM_SPYBOT.AAR
This malware was reported by: Trendmicro
This worm takes advantage of the following Windows vulnerabilities to propagate across networks:
W32/Woned-A
This malware was reported by: Sophos
W32/Sdbot-TA
This malware was reported by: Sophos
Lasco.A
This malware was reported by: F-Secure
Lasco.A is a bluetooth using worm and SIS file infecting virus
that runs in Symbian mobile phones that support Series 60 platform.
Lasco.A replicates over bluetooth connections and arrives
to phone messaging inbox as velasco.sis file that contains t
Backdoor.Berbew.N
This malware was reported by: Symantec
Backdoor.Berbew.N is a Trojan horse program that steals cached passwords from a compromised computer. The Trojan also opens a back door allowing a remote attacker to have unauthorized access to the compromised computer, and may lower security settings in
SymbOS.Cabir.M
This malware was reported by: Symantec
SymbOS.Cabir.M is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as free$8.SIS.
The worm creates the file $$$.MDL instead of FLO.MDL.
The worm cr
SymbOS.Cabir.T
This malware was reported by: Symantec
SymbOS.Cabir.T is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as iLoveU.SIS.
The worm displays the following message after infection:
iLoveU
SymbOS.Cabir.S
This malware was reported by: Symantec
SymbOS.Cabir.S is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as guan4u.SIS.
The worm displays the following message after infection:
guan4u
SymbOS.Cabir.R
This malware was reported by: Symantec
SymbOS.Cabir.R is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as fuyuan.SIS.
The worm displays the following message after infection:
fuyuan
SymbOS.Cabir.Q
This malware was reported by: Symantec
SymbOS.Cabir.Q is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as Crazy!.SIS.
The worm displays the following message after infection:
Crazy!
SymbOS.Cabir.P
This malware was reported by: Symantec
SymbOS.Cabir.P is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as 22207-.SIS.
The worm displays the following message after infection:
22207-
SymbOS.Cabir.O
This malware was reported by: Symantec
SymbOS.Cabir.O is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as mobile.SIS.
The worm displays the following message after infection:
mobile
SymbOS.Cabir.N
This malware was reported by: Symantec
SymbOS.Cabir.N is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as -SEXY-.SIS.
The worm displays the following message after infection:
-SEXY-
SymbOS.Cabir.K
This malware was reported by: Symantec
SymbOS.Cabir.K is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.H.
The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. Fo
SymbOS.Cabir.L
This malware was reported by: Symantec
SymbOS.Cabir.L is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.H.
The worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device. F
SymbOS.Cabir.I
This malware was reported by: Symantec
SymbOS.Cabir.I is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.H.
The only difference is the worm attempts to remove instances of SymbOS.Cabir.
The worm repeatedly sends itself to the first
SymbOS.Cabir.J
This malware was reported by: Symantec
SymbOS.Cabir.J is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.H.
The only difference is the worm may create the following additional files:
systemappscaribecaribe.app
systemappscaribeflo.
SymbOS.Cabir.H
This malware was reported by: Symantec
SymbOS.Cabir.H is a proof-of-concept worm that replicates on Series 60 phones. The worm is a minor variant of SymbOS.Cabir.
The only differences are:
The worm spreads as VELASCO.SIS.
The worm creates the file MARCOS.MDL instead of FLO.MDL.
The wor
W32/Agobot-OV
This malware was reported by: Sophos
W32/Rbot-SX
This malware was reported by: Sophos
HelpControl!exploit
This malware was reported by: Computer Associates
Benuti.K
This malware was reported by: Computer Associates
SymbOS.Lasco.A
This malware was reported by: Symantec
SymbOS.Lasco.A is a Symbian Series 60 Bluetooth worm that also infects .sis archives. The worm is based on SymbOS.Cabir, except it also searches for .SIS files on the device and adds itself to them.
Note: Definitions dated prior to January 10, 2005 d
Trojan.Dimi
This malware was reported by: Symantec
Trojan.Dimi is a Trojan horse that is downloaded by variants of the Sober family of worms. The Trojan may attempt to update variants of the Sober worm. This threat is written in the Microsoft Visual Basic programming language and is compressed with UPX.
Backdoor.Sdbot.AJ
This malware was reported by: Symantec
Backdoor.Sdbot.AJ is a network-aware worm with back door capabilities that spreads via network shares and allows a remote attacker to gain unauthorized access to the compromised computer.
Note: Virus definitions dated 01/10/2005 or earlier may detect t
Lospad.A!downloader
This malware was reported by: Computer Associates
Win32.Lospad.A!Downloader is a trojan downloader.
W32/Wurmark-D
This malware was reported by: Sophos
W32/Agobot-OU
This malware was reported by: Sophos
ForBot.KW
This malware was reported by: Computer Associates
Win32.ForBot.KW is an IRC-controlled worm that can be instructed to perform an array of malicious functions on an affected machine.
PE_VLASCO.A
This malware was reported by: Trendmicro
CiaDoor
This malware was reported by: F-Secure
The CiaDoor backdoor is a family of backdoors generated by the
C.I.A development kit. The backdoor is written in Visual Basic
and compiled as p-code. It can be additionally packed with
executable packers such as UPX.
The development kit allows to cus
SYMBOS_VLASCO.C
This malware was reported by: Trendmicro
This is Trend Micro’s detection for files infected by PE_VLASCO.A.
Lasco.A
This malware was reported by: Panda Software
Lasco.A is a worm that only affects cellular phones that use the operating system Symbian. Initially, it aims Nokia series 60 cellphones, but other devices based in the same software could also be affected.Lasco.A is very similar to the worm Cabir.A. The
W32/Rbot-TE
This malware was reported by: Sophos
W32/Agobot-ADH
This malware was reported by: Sophos
SYMBOS_VLASCO.B
This malware was reported by: Trendmicro
This malware is a variant of SYMBOS_VLASCO.A and affects Series 60 mobile phones. It usually arrives as an installation file named VELASCO.SIS and can be downloaded from a Web page or received via Bluetooth.
WmvDown.A
This malware was reported by: Panda Software
WmvDown.B
This malware was reported by: Panda Software
MS Vulnerability MS05-003
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-002
This malware was reported by: Network Associates Inc
MS Vulnerability MS05-001
This malware was reported by: Network Associates Inc
W32/Forbot-DK
This malware was reported by: Sophos
W32/Sdbot-TB
This malware was reported by: Sophos
W32/Mugly.d@MM
This malware was reported by: Network Associates Inc
This email worm is written in Visual Basic and bears the following characteristics:
contains its own SMTP engine for constructing messages
harvests email addresses from files on the victim machine
spoofs the From: address
dro
OutsBot Family
This malware was reported by: Computer Associates
Win32.OutsBot family is an IRC-controlled backdoor trojan that allows unauthorized access to an affected machine. They also function as a SOCKS proxy.
W32.Kobot.B
This malware was reported by: Symantec
W32.Kobot.B is a worm that spreads through open network shares, telnet, dameware, realserv, VNC, and niprint. This worm also uses three remotely exploitable Windows vulnerabilities to propagate.
The worm can also function as an email relay and as a pr
Chopemail
This malware was reported by: Computer Associates
Bloon.A
This malware was reported by: Computer Associates
Alureon.B
This malware was reported by: Computer Associates
Win32.Alureon.B is a trojan downloader. It has been distributed as a UPX-packed, Win32 executable.
MS05-002_CURSOR_ICON_FORMAT
This malware was reported by: Trendmicro
This security update from Microsoft explains the following discovered vulnerabilities:
MS05-003_INDEXING_SERVICE
This malware was reported by: Trendmicro
This remote code execution vulnerability exists in the way they Indexing Service handles query validation. An attacker could exploit the vulnerability by constructing a malicious query that could potentially allow remote code execution on an affected syst
MS05-001_HTML
This malware was reported by: Trendmicro
PWSteal.Lineage
This malware was reported by: Symantec
PWSteal.Lineage is a password-stealing Trojan horse that attempts to steal the password to the "Lineage" online game and send it to the creator of the Trojan.
The threat is written in the Delphi language and packed with UPX.
MS05-001_HTML_HELP_ACTIVEX
This malware was reported by: Trendmicro
This security update from Microsoft resolves a newly-discovered vulnerability in the HTML Help ActiveX control in Windows, which could allow information disclosure or remote code execution on an affected system.
W97M.Temha
This malware was reported by: Symantec
W97M.Temha is a Word 97 macro virus that infects Microsoft Word documents and templates.
W32/Bobax-D
This malware was reported by: Sophos
Troj/Feutel-A
This malware was reported by: Sophos
W32/Buchon.c@MM
This malware was reported by: Network Associates Inc
This mass-mailing worm bears the following characteristics:
contains its own SMTP engine to construct outgoing messages
harvests target email addresses from the victim machine
spoofs the From: address
drops a trojan (keylogging and pr
W32.Linkbot.H
This malware was reported by: Symantec
W32.Linkbot.H is a worm that exploits the Microsoft Windows LSASS Buffer Overrun Vulnerability (Microsoft Security Bulletin MS04-011) in order to propagate. It also creates a back door on the system accessible through IRC.
Backdoor.Ranky.Q
This malware was reported by: Symantec
Backdoor.Ranky.Q is a back door program that allows a compromised computer to be used as a covert proxy.
Backdoor.Ranky.R
This malware was reported by: Symantec
Backdoor.Ranky.R is a back door program that allows a compromised computer to be used as a covert proxy.
WORM_AGOBOT.AEK
This malware was reported by: Trendmicro
This memory-resident worm is another variant of the AGOBOT family that exploits the vulnerabilities discussed in the following pages:
Trojan.Wimad
This malware was reported by: Symantec
Trojan.Wimad is a Trojan that downloads remote files from remote Web sites by exploiting the Digital Rights Management (DRM) technology available in Windows. The Trojan arrives on the compromised computer as a license-protected multimedia file.
W32/Rbot-TF
This malware was reported by: Sophos
VBS/Mcon-G
This malware was reported by: Sophos
Aluroot.A
This malware was reported by: Computer Associates
Backdoor.Globe
This malware was reported by: Symantec
Backdoor.Globe is a proof-of-concept Trojan horse program that exploits the Microsoft Windows LoadImage API Function Integer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-002).
Darby.J
This malware was reported by: Computer Associates
Win32.Darby.J is a worm that spreads via e-mail, network shares and P2P file sharing networks. This worm has been reported from the wild.
EXPL_ICONEX.A
This malware was reported by: Trendmicro
W32/Wurmark-E
This malware was reported by: Sophos
W32/Rbot-TD
This malware was reported by: Sophos
WORM_BUCHON.C
This malware was reported by: Trendmicro
This variant of WORM_BUCHON mainly propagates via email. It uses its built-in Simple Mail Tranfer Protocol engine, which allows it to send email without having to use other email applications like Outlook Express.
MS05-003
This malware was reported by: Panda Software
MS05-002
This malware was reported by: Panda Software
MS05-001
This malware was reported by: Panda Software
Downloader-UA.a
This malware was reported by: Network Associates Inc
Downloader-UA.b
This malware was reported by: Network Associates Inc
W32/Sdbot-TG
This malware was reported by: Sophos
W32/Woned-A
This malware was reported by: Sophos
W32.Mugly.D@mm
This malware was reported by: Symantec
W32.Mugly.D@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the compromised computer. The worm also drops and runs a W32.Randex variant.
Note: Virus definitions dated prior to Ja
Backdoor.Abebot
This malware was reported by: Symantec
Backdoor.Abebot is a Trojan horse that opens a back door and lowers security settings on the compromised computer.
W32/Baba-B
This malware was reported by: Sophos
Lospad.C
This malware was reported by: Computer Associates
Win32.Lospad.C is a trojan that acts as a dialer. It has been seen in the wild, downloaded onto affected machines by the trojan downloader Win32.Lospad.C!do
W32.Mugly.E@mm
This malware was reported by: Symantec
W32.Mugly.E@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the compromised computer. The worm also drops and runs a W32.Spybot.Worm variant.
Due to the threat potential and incr
EXPL_ICONEX.GEN
This malware was reported by: Trendmicro
This is Trend Micro’s detection for an animated cursor file (ANI) that exploits the Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution.
WORM_MIRSA.A
This malware was reported by: Trendmicro
This worm propagates via email. It arrives with the following message body:
Spybot.UY
This malware was reported by: Computer Associates
Formglieder.B
This malware was reported by: Computer Associates
Win32.Formglieder.B is a trojan that steals sensitive information, including personal banking details, from an affected machine. It can also download and ex
Buchon.C
This malware was reported by: Computer Associates
Win32.Buchon.C is a worm that spreads via e-mail. It spreads in the form of a 37,408-byte, UPX-packed executable.