W32/Sdbot-TO
This malware was reported by: Sophos
WORM_RBOT.AIW
This malware was reported by: Trendmicro
This worm drops copies of itself in network shares of target systems whose IP addresses it has randomly generated. Thus, a sure sign of infection from this worm is the prescence of its malicious file named ICP.EXE in certain network shares.
W32/Rbot-UD
This malware was reported by: Sophos
W32/Rbot-TV
This malware was reported by: Sophos
WORM_MYDOOM.AL
This malware was reported by: Trendmicro
W32.Nodmin@mm
This malware was reported by: Symantec
W32.Nodmin@mm is a mass-mailing worm that alters computer settings and spreads via file sharing networks. The worm also attempts to lower security settings by terminating and disabling various anti-virus and security related programs.
This threat is
W32.Mirsa.A@mm
This malware was reported by: Symantec
W32.Mirsa.A@mm is a mass-mailing worm that uses MAPI to send an email to all addresses in the Microsoft Outlook Address Book. This threat is written in Visual Basic.
W32/MyDoom-AL
This malware was reported by: Sophos
W32/Rbot-TW
This malware was reported by: Sophos
W32.Crowt.A@mm
This malware was reported by: Symantec
W32.Crowt.A@mm is a mass-mailing worm that opens a back door, logs keystrokes, and emails itself to all addresses in the Microsoft Outlook Address Book.
W32/Rbot-UE
This malware was reported by: Sophos
W32/Sdbot-TQ
This malware was reported by: Sophos
W32.Blatic.A
This malware was reported by: Symantec
W32.Blatic.A is a worm that spreads through network shares. The worm also has back door functionalities that allow it to receive commands from a remote attacker through IRC channels.
Trojan.Mindos
This malware was reported by: Symantec
Trojan.Mindos is a Trojan horse program that is downloaded by variants of the Nodmin family of worms. The Trojan opens a back door and performs denial of service attacks.
W32.Salga.B@mm
This malware was reported by: Symantec
W32.Salga.B@mm is a mass-mailing worm that uses Microsoft Outlook to send itself to all the email addresses that it finds in the Microsoft Address Book. It also attempts to spread through mIRC, file-sharing networks, and network shares.
The threat is wr
Adware-Simbar
This malware was reported by: Network Associates Inc
W32/Sdbot-TV
This malware was reported by: Sophos
W32/Forbot-DR
This malware was reported by: Sophos
BackDoor-BAC.dr
This malware was reported by: Network Associates Inc
Torp.A
This malware was reported by: Computer Associates
Win32.Torp.A is a backdoor trojan. It also logs keystrokes and attempts to steal sensitive user data.
Lovgate.AX
This malware was reported by: Computer Associates
Lovgate.AX is a worm that spreads via e-mail, and network shares. It also may act as a companion virus. The worm has been distributed as a 179,200-byte, ASP
Defood.A
This malware was reported by: Computer Associates
Win32.Defood.A is a trojan downloader. It has been distributed as a Win32 executable.
Crowt.A
This malware was reported by: Panda Software
Crowt.A is a worm that opens a backdoor, which allows to remotely control the affected computer and receive additional commands: download, delete or run files, restart the computer, end processes, etc.Crowt.A also installs a keylogger, which could be use
Backdoor.Berbew.O
This malware was reported by: Symantec
Backdoor.Berbew.O is a Trojan horse program that steals passwords from a compromised computer. The Trojan opens a back door and allows a remote attacker to have unauthorized access to the compromised computer. The Trojan also attempts to lower security s
Lazarus
This malware was reported by: Network Associates Inc
W32/Rbot-UH
This malware was reported by: Sophos
W32/Oddbob-C
This malware was reported by: Sophos
Backdoor.Haxdoor.D
This malware was reported by: Symantec
Backdoor.Haxdoor.D is a Trojan horse program that opens a back door on the compromised system and allows unauthorized access to a remote attacker. It also attempts to log key strokes and steal passwords.
Mydoom.AJ
This malware was reported by: Computer Associates
Mydoom.AK
This malware was reported by: Computer Associates
Win32.Mydoom.AK is a worm that spreads via e-mail and P2P file sharing networks.
W32.Mydoom.AM@mm
This malware was reported by: Symantec
BeavButt.A
This malware was reported by: Computer Associates
Win32.BeavButt.A is a trojan which modifies Explorer.exe in order to covertly receive commands from a specified website. It has been distributed as a 8,200-
VideoDon.25092.A
This malware was reported by: Computer Associates
Win32.VideoDon.25092.A is a file modifying trojan. It has been distributed as a UPX-packed Win32 executable.
Oddbob.B
This malware was reported by: Computer Associates
Win32.Oddbob.B is a worm that spreads by exploiting machines vulnerable to the Microsoft RPC DCom and LSASS vulnerabilities. The worm may also download and
W32/MyDoom-AM
This malware was reported by: Sophos
W32/Sdbot-TS
This malware was reported by: Sophos
MyDoom.AM
This malware was reported by: F-Secure
A new variant of MyDoom worm - Mydoom.AM, was found on January
25th, 2005. It spreads in e-mails with different subject and body
texts, and attempts to spread in several P2P networks.
Crowt.A
This malware was reported by: Computer Associates
Win32.Crowt.A is a worm that contains backdoor functionality that allows unauthorized access to an affected machine. The worm can be ordered by a remote att
W32/Bobax-E
This malware was reported by: Sophos
W32/Forbot-DS
This malware was reported by: Sophos
W32/Generic.c!p2p
This malware was reported by: Network Associates Inc
This is a heuristic detection which indicates a file might be a new Peer-To-Peer worm. Please send a copy to AVERT.
Top of Page
W32/Sdbot-TW
This malware was reported by: Sophos
W32/Rbot-UC
This malware was reported by: Sophos
Mydoom.AG
This malware was reported by: Panda Software
Mydoom.AG is a worm that modifies the HOSTS file, in order to prevent the user from accessing websites belonging to several antivirus companies.Mydoom.AG ends processes belonging to several antivirus programs, which leaves the affected computer vulnerabl
W32/Mydoom.av@MM
This malware was reported by: Network Associates Inc
A new variant of W32/Mydoom has been discovered. This variant is proactively detected as W32/Mydoom.gen@MM
by McAfee products running the 4390 DATs or greater (release date: Sep 8th 2004).
This variant bears the following characteristics:
Backdoor.Berbew.P
This malware was reported by: Symantec
Backdoor.Berbew.P is a Trojan horse program which does the following:
Steals passwords
Opens a back door allowing unauthorized remote access
Attempts to lower security settings in Internet Explorer.
W32/Patco-A
This malware was reported by: Sophos
W32/Rbot-UD
This malware was reported by: Sophos
W32/Banwor.worm
This malware was reported by: Network Associates Inc
W32.Ahker.B@mm
This malware was reported by: Symantec
W32.Ahker.B@mm is a mass-mailing worm that sends itself to all addresses in the Windows Address Book. The worm also disables several Widnows security features and disables the Start->Run feature, as well as preventing the task manager, regedit and notepa
W32/Forbot-DV
This malware was reported by: Sophos
W32/MyDoom-AL
This malware was reported by: Sophos
W32/Rbot-UE
This malware was reported by: Sophos
Cisum.A
This malware was reported by: Panda Software
Cisum.A is a worm that ends processes belonging to certain antivirus programs, firewalls, and other security tools, among others. This leaves the affected computer vulnerable to the attack of other malware.Cisum.A also ends the processes belonging to oth
W32/Codbot-A
This malware was reported by: Sophos
W32/Sdbot-TV
This malware was reported by: Sophos
Skulls.A
This malware was reported by: F-Secure
StartPage-FY
This malware was reported by: Network Associates Inc
W32/Bropia.worm.gen
This malware was reported by: Network Associates Inc
Bropia.C
This malware was reported by: F-Secure
Bropia.C is a minor variant of Bropia.A. It uses MSN messenger for spreading by
sending itself as "LOL.scr", "Webcam.pif", "hahahaha.pif", "me_2005.pif"
or "sister.pif". It also drops a variant of Rbot
W32/Bropia.worm.d
This malware was reported by: Network Associates Inc
W32/Bagle.bj@MM
This malware was reported by: Network Associates Inc
-- Update 27th January 2005 12:50 PST --
Due to increased prevalence the risk assessment of this threat has been raised to medium. The 4423 DATs have been released early to address this threat.
The following EXTRA.DAT packages are also a
W32.Mugly.G@mm
This malware was reported by: Symantec
W32.Mugly.G@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the compromised computer. The email will have a variable subject line and a variable attachment name. The attachment wi
W32.Gaobot.CEZ
This malware was reported by: Symantec
Bagle.AX
This malware was reported by: F-Secure
A new Bagle variant - Bagle.AX has been found late evening on
January 26th, 2005 EET. This variant arrives in emails with
variable subjects and attachments.
W32.Beagle.AY@mm
This malware was reported by: Symantec
W32/Rbot-AIX
This malware was reported by: Sophos
W32/Rbot-UH
This malware was reported by: Sophos
Bagle.BK
This malware was reported by: Panda Software
Bagle.BK is a worm that affects Windows XP/2000/NT computers only, and its expiration date is April 25, 2006. After this date, the worm will automatically stop its execution when it activates.Bagle.BK ends processes belonging to antivirus programs and fi
Bagle.AT
This malware was reported by: Computer Associates
Win32.Bagle.AT is a worm that spreads via e-mail and peer-to-peer file sharing. The worm itself is a PeX-packed executable that is approximately 17,000 byte
W32/MyDoom-AM
This malware was reported by: Sophos
Mydoom.AL
This malware was reported by: Computer Associates
Win32.Mydoom.AL is a worm that spreads via e-mail.
PWSteal.Tarno.M
This malware was reported by: Symantec
PWSteal.Tarno.M is a password-stealing Trojan horse program that attempts to log information entered into web forms.
Bropia.B
This malware was reported by: Computer Associates
Win32.Bropia.B is a worm that spreads via MSN Messenger. It may also be able to spread using Windows Messenger. It drops a variant of the Rbot worm family,
Bropia.C
This malware was reported by: Computer Associates
Win32.Bropia.C is a worm that spreads via MSN Messenger. It may also be able to spread using Windows Messenger. It drops a variant of the Rbot worm family,
W32.Bropia.C
This malware was reported by: Symantec
W32.Bropia.C is a worm that propagates using MSN Messenger and drops a variant of W32.Spybot.Worm.
Note: Virus definitions release January 26, 2005 detect this threat as W32.Spybot.Worm.
W32.Beagle.AZ@mm
This malware was reported by: Symantec
W32/MyDoom-AN
This malware was reported by: Sophos
W32/Bobax-E
This malware was reported by: Sophos
W32/Bagle.bk@MM
This malware was reported by: Network Associates Inc
-- Update 27th January 2005 13:00 PST --
This variant is very similar to the W32/Bagle.bj@MM
variant which has had its risk assessment raised to medium.
The 4423 DATs that will be released early for this threat will include detection
Bagle.AU
This malware was reported by: Computer Associates
Win32.Bagle.AU is a worm that spreads via e-mail and peer-to-peer file sharing. The worm itself is a PeX-packed executable that is approximately 17,000 byte
Bagle.AY
This malware was reported by: F-Secure
Another new Bagle variant - Bagle.AY has been found from several different
countries early morning on January 27th, 2005 EET. This variant is similar
to Bagle.AX - it is polymorphic and it arrives in emails with variable
subjects and attachments. It a
W32/Bagle-AY
This malware was reported by: Sophos
W32/Sdbot-TW
This malware was reported by: Sophos
StartPage-FX
This malware was reported by: Network Associates Inc
Bagle.BL
This malware was reported by: Panda Software
Bagle.BL is a worm that affects Windows XP/2000/NT computers only, and its expiration date is April 25, 2006. After this date, the worm will automatically stop its execution when it activates.Bagle.BL ends processes belonging to antivirus programs and fi
W32/Bagle.bl@MM
This malware was reported by: Network Associates Inc
This variant is a repacked version of W32/Bagle.bk@MM
variant.
This is a mass-mailing worm with the following characteristics:
contains its own SMTP engine to construct outgoing messages
harvests email addresses from the victim machi
Bagle.BM
This malware was reported by: Panda Software
W32/Bagle-BK
This malware was reported by: Sophos
W32/Patco-A
This malware was reported by: Sophos
Bagle.AV
This malware was reported by: Computer Associates
Win32.Bagle.AV is a worm that spreads via e-mail and peer-to-peer file sharing. The worm itself is a PeX-packed executable that is approximately 17,000 byte
Bagle.BA
This malware was reported by: F-Secure
Another new Bagle variant - Bagle.BA. This variant is similar
to recent ones, it also arrives in emails with variable
subjects and attachments, has Peer-to-Peer spreading
capabilities and contains a backdoor that listens on TCP port 81.
W32.Beagle.BA@mm
This malware was reported by: Symantec
W32.Spybot.IVQ
This malware was reported by: Symantec
W32.Spybot.IVQ is a worm that has distributed denial of service and back door capabilities. The worm spreads to network shares, MySQL servers and Microsoft SQL servers protected by weak passwords, and by exploiting system vulnerabilities.
Note: Virus de
Rbot.BMB
This malware was reported by: Computer Associates
Rbot.BNL
This malware was reported by: Computer Associates
ForBot.LM
This malware was reported by: Computer Associates
Win32.ForBot.LM is an IRC-controlled worm that can be instructed to perform an array of malicious functions on an affected machine.
Rbot.BNE
This malware was reported by: Computer Associates
Dudrev.A
This malware was reported by: Computer Associates
Win32.Dudrev.A is a downloading trojan. It has been distributed as a UPX-packed, Win32 executable.
W32/Wurmark-F
This malware was reported by: Sophos