W32/Forbot-DV
This malware was reported by: Sophos
MyDoom.AN
This malware was reported by: F-Secure
MyDoom.AN appeared on January 27th, 2005. At the moment of the
creation of this description we had no reports about this variant
from the field. This worm variant is quite advanced comparing to
the previous ones.
W32/Bobax-G
This malware was reported by: Sophos
Gaobot.CRP
This malware was reported by: Panda Software
W32/Agobot-PH
This malware was reported by: Sophos
W32/Codbot-A
This malware was reported by: Sophos
Joke-ScreenMates
This malware was reported by: Network Associates Inc
W32/Sdbot.worm!166912
This malware was reported by: Network Associates Inc
This is a variant of W32/Sdbot.worm
which bears strong resemblance to the many other members of this rapidly growing family.
It is detected as W32/Sdbot.worm.gen.j
with the specified engine and DATs, and bears the following characteris
W32/HLLP.Philis.j
This malware was reported by: Network Associates Inc
This is a prepending file virus with the following characteristics:
Infects EXE files
Increases infected file length by 62,976 bytes
File Injector
Downloads file from a remote website
Spreads through open shares
Terminates processes ru
Wootbot.AL
This malware was reported by: F-Secure
W32/Rbot-UU
This malware was reported by: Sophos
W32/Rbot-AIX
This malware was reported by: Sophos
BackDoor-CKA
This malware was reported by: Network Associates Inc
W32.Cissi.W
This malware was reported by: Symantec
W32.Cissi.W is an IRC bot worm with back door capabilities that propagates through Windows network shares.
Backdoor.Sdbot.AN
This malware was reported by: Symantec
Backdoor.Sdbot.AN is a worm with back door capabilities that gives an attacker remote access to the compromised computer via IRC channels.
W32.Unfunner.A
This malware was reported by: Symantec
W32.Unfunner.A is a worm that propagates using MSN Messenger and undo the damages done by W32.Funner.
The worm is written in Microsoft Visual Basic.
Backdoor.Sdbot.AM
This malware was reported by: Symantec
Backdoor.Sdbot.AM is a network-aware worm with back door and denial of service capabilities. The worm spreads via network shares and allows a remote attacker to gain unauthorized access to the compromised computer.
Backdoor.Hebolani
This malware was reported by: Symantec
Backdoor.Hebolani is a Trojan that exploits the Windows User32.DLL ANI File Header Handling Stack-Based Buffer Overflow Vulnerability (BID 12233). The Trojan exists as a malformed animated cursor (.ani).
Backdoor.Sdbot.AL
This malware was reported by: Symantec
Backdoor.Sdbot.AL is a network-aware worm with back door and denial of service capabilities. The worm spreads via network shares and allows a remote attacker to gain unauthorized access to the compromised computer.
Troj/Goldun-G
This malware was reported by: Sophos
W32/MyDoom-AN
This malware was reported by: Sophos
Troj/Vidlo-H
This malware was reported by: Sophos
W32/Kassbot-A
This malware was reported by: Sophos
Trojan.Regger.A
This malware was reported by: Symantec
Trojan.Regger.A is a Trojan horse program that modifies Windows registry settings to add a predefined list of domains into Restricted Sites Zone for Internet Explorer.
Notes: Virus definitions dated January 29, 2005 or earlier may detect this threat as
Backdoor.Ranky.S
This malware was reported by: Symantec
Backdoor.Ranky.S is a back door program that allows a compromised computer to be used as a covert proxy.
Backdoor.Sdbot.AO
This malware was reported by: Symantec
Backdoor.Sdbot.AO is a worm with back door capabilities that gives an attacker remote access to the compromised computer via IRC channels.
W32.Mydoom.AN@mm
This malware was reported by: Symantec
W32.Mydoom.AN@mm is a mass-mailing worm that downloads a copy of Backdoor.Nemog.D. The email has a variable subject and attachment name. The attachment will have a .cpl, .exe, .pif, .scr, or .zip file extension.
The worm can also spread using ICQ inst
Memwatch.A
This malware was reported by: Computer Associates
Win32.Memwatch is a trojan that can download arbitrary files, and goes to great lengths to make itself difficult to remove from an affected system. Its main
Memwatch.B
This malware was reported by: Computer Associates
Memwatch
This malware was reported by: Computer Associates
Win32.Memwatch is a trojan that can download arbitrary files, and goes to great lengths to make itself difficult to remove from an affected system. Its main
W32.Mugly.H@mm
This malware was reported by: Symantec
W32.Mugly.H@mm is a worm that uses its own SMTP engine to spread by sending itself as an email attachment to addresses gathered from the compromised computer. The email will have a variable subject line and a variable attachment name. The attachment wi
VBS.Gormlez@mm
This malware was reported by: Symantec
VBS.Gormlez@mm is a mass-mailing worm that sends a copy of itself to all email addresses in the Windows Address Book and attempts to spread through file-sharing networks. The worm deletes files with a .dll, .vbs, .exe, or .wsh extension.
Sober.J
This malware was reported by: F-Secure
Sober.J worm was seeded in e-mails on 31st of January 2005. It
is quite similar to the previous variants.
W32/Sober-J
This malware was reported by: Sophos
W32/Bagle-AY
This malware was reported by: Sophos
W32/Sober.k@MM
This malware was reported by: Network Associates Inc
Nuke-Rhad
This malware was reported by: Network Associates Inc
Proxy-Agent.d
This malware was reported by: Network Associates Inc
Linux/BackDoor-Caca
This malware was reported by: Network Associates Inc
W32.Sober.J@mm
This malware was reported by: Symantec
W32.Sober.J@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it gathers from the compromised computer.
The subject of the email varies and is in either English or German. The email sender address is spoofed. The
W32/Fungmush.worm.gen
This malware was reported by: Network Associates Inc
BackDoor-CNC
This malware was reported by: Network Associates Inc
W32/Rbot-UW
This malware was reported by: Sophos
W32/Bagle-BK
This malware was reported by: Sophos
W32/Grabot.worm
This malware was reported by: Network Associates Inc
This worm spreads through network shares using weak username and passwords. The worm attempts to connect to an Internet Relay Chat server (TCP Port 6667) to allow for a remote attack to send commands to the infected system:
To
W32/Agobot-PI
This malware was reported by: Sophos
W32/Wurmark-F
This malware was reported by: Sophos
PWSteal.Bancos.N
This malware was reported by: Symantec
PWSteal.Bancos.N is a password stealing Trojan horse program that logs keystrokes and steals information entered into certain banking Web sites. It may also take screenshots of certain banking Web pages in an attempt to steal passwords and other sensitiv
Sober.J
This malware was reported by: Computer Associates
Blewfit.A
This malware was reported by: Computer Associates
Win32.Blewfit.A is a trojan that monitors network traffic on an infected machine. It is UPX packed and is dropped by the trojan Win32.Webber.
W32/Lovgat.ac@MM
This malware was reported by: Network Associates Inc
This new variant of W32/Lovgate is packed multiple times.
Like its predecessors, this worm bears the following characteristics:
drops a backdoor component
attempts to copy itself to accessible or poorly secured remote shares, scanning c
W32/Lovgate.ac@MM
This malware was reported by: Network Associates Inc
This new variant of W32/Lovgate is packed multiple times.Like its predecessors, this worm bears the following characteristics:
drops a backdoor component
attempts to copy itself to accessible or poorly secured remote shares, scanning con
W32.Mydoom.AO@mm
This malware was reported by: Symantec
W32.Mydoom.AO@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on the compromised computer. It also propagates through file sharing networks.
The email will have a variable subject and attachme
W32/Bobax-F
This malware was reported by: Sophos
W32/Bobax-G
This malware was reported by: Sophos
W32/Mugly.i@MM
This malware was reported by: Network Associates Inc
Locknut.A
This malware was reported by: F-Secure
W32/Busan.worm.e
This malware was reported by: Network Associates Inc
W32/Lovgate.ac@MM
This malware was reported by: Network Associates Inc
This new variant of W32/Lovgate is packed multiple times.
Like its predecessors, this worm bears the following characteristics:
drops a backdoor component
attempts to copy itself to accessible or poorly secured remote shares, scanning c
Troj/Banito-E
This malware was reported by: Sophos
W32/Agobot-PH
This malware was reported by: Sophos
Sober.J
This malware was reported by: Panda Software
W32/Busan.worm.d!proxy
This malware was reported by: Network Associates Inc
W32/Sdbot-UN
This malware was reported by: Sophos
PWSteal.Sagic.B
This malware was reported by: Symantec
PWSteal.Sagic.B is a Trojan horse program that attempts to steal Yahoo! Instant Messenger passwords and information about the infected computer.
W32/MyDoom-AO
This malware was reported by: Sophos
W32/Rbot-UU
This malware was reported by: Sophos
Netmesser.A
This malware was reported by: Computer Associates
Locknut.A
This malware was reported by: Panda Software
Locknut.A is a Trojan that only affects cellular phones that use the operating system Symbian 7.0S or later.Locknut.A passes itself off as a patch for the cellphone, thus attempting to trick the user into running it. Once it is run, Locknut.A replaces th
W32/Busan.worm.d
This malware was reported by: Network Associates Inc
Some of the characteristics of this worm includes:
Open port 3128 on infected machine
Steals information about infected computer and emails it out
Connects to urls to download files
When run the worm drops the following file:
c:WIN
W32/Rbot-VD
This malware was reported by: Sophos
Troj/Goldun-G
This malware was reported by: Sophos
SymbOS.Locknut
This malware was reported by: Symantec
SymbOS.Locknut is a Trojan horse program that uses a vulnerability to cause devices running Symbian OS v7.0s to crash. A minor variant of this Trojan also installs a version of SymbOS.Cabir or SymbOS.Cabir.B on the compromised device.
SymbOS/Cabir.l
This malware was reported by: Network Associates Inc
This variant of SymbOS/Cabir contains the following files in its installable package (.SIS
file):
marcos.mdl [2,216 bytes]
velasco.app [9,388 bytes]
velasco.rsc [18 bytes]
If the .SIS
installer package is executed, the
Anker.A
This malware was reported by: F-Secure
Anker is a simple e-mail worm that spreads itself inside a ZIP
archive. The archive is downloaded from the Geocities webserver
(from one of user accounts) just before spreading.
Trojan.Holax
This malware was reported by: Symantec
W32/Rbot-VC
This malware was reported by: Sophos
Troj/Vidlo-H
This malware was reported by: Sophos
SymbOS/Cabir.n
This malware was reported by: Network Associates Inc
This variant of SymbOS/Cabir contains the following files in its installable package (.SIS
file):flo.mdl [2,544 bytes]
-SEXY-.app [11,932 bytes]
-SEXY-.rsc [44 bytes]
If the .SIS
installer package is executed, t
QLowZones-10
This malware was reported by: Network Associates Inc
Bropia.D
This malware was reported by: Computer Associates
Win32.Bropia.D is a worm that spreads via MSN Messenger. It may also be able to spread using Windows Messenger. It drops a variant of the Rbot worm family,
Imiserv.D
This malware was reported by: Computer Associates
Win32.Imiserv.D is a dowloading trojan.
Trojan.Comxt.B
This malware was reported by: Symantec
Trojan.Comxt.B is a Trojan horse program that downloads remote files. The Trojan uses alternate data streams and rootkit technology to hide its presence on the compromised computer.
W32/Bropia.worm.g
This malware was reported by: Network Associates Inc
This is a worm that propagates through MSN messenger and drops a variant of W32/Sdbot.worm.gen.t
worm.
The worm drops a copy of itself into the C: directory using any of the following filenames:
LOL.scr
Webcam.pif
bedroom-thong
Bropia.E
This malware was reported by: Computer Associates
Win32.Bropia.E is a worm that spreads via MSN Messenger. It may also be able to spread using Windows Messenger. It drops a variant of the Rbot worm family,
W32.Bropia.J
This malware was reported by: Symantec
SymbOS/Cabir.o
This malware was reported by: Network Associates Inc
This variant of SymbOS/Cabir contains the following files in its installable package (
.SIS
file):
flo.mdl [2,544 bytes]
mobile.app [11,932 bytes]
mobile.rsc [44 bytes]
If the .SIS
installer package is execute
SymbOS/Cabir.q
This malware was reported by: Network Associates Inc
This variant of SymbOS/Cabir contains the following files in its installable package (
.SIS
file):
flo.mdl [2,544 bytes]
Crazy!.app [11,932 bytes]
Crazy!.rsc [44 bytes]
If the .SIS
installer package is execute
SymbOS/Cabir.p
This malware was reported by: Network Associates Inc
This variant of SymbOS/Cabir contains the following files in its installable package (
.SIS
file):
flo.mdl [2,544 bytes]
22207-.app [11,932 bytes]
22207-.rsc [44 bytes]
If the .SIS
installer package is execute
Bropia.F
This malware was reported by: F-Secure
Bropia.F is a minor variant of Bropia.A. Like the previous variants,
it uses MSN messenger for spreading. It also drops a variant of Rbot
on the infected system.
SymbOS/Cabir.r
This malware was reported by: Network Associates Inc
This variant of SymbOS/Cabir contains the following files in its installable package (
.SIS
file):
flo.mdl [2,544 bytes]
fuyuan.app [11,932 bytes]
fuyuan.rsc [44 bytes]
If the .SIS
installer package is execute
W32/Bobax-H
This malware was reported by: Sophos
W32/Sober-J
This malware was reported by: Sophos
SymbOS/Cabir.t
This malware was reported by: Network Associates Inc
This variant of SymbOS/Cabir contains the following files in its installable package (
.SIS
file):
flo.mdl [2,544 bytes]
iLoveU.app [11,932 bytes]
iLoveU.rsc [44 bytes]
If the .SIS
installer package is execut
SymbOS/Cabir.s
This malware was reported by: Network Associates Inc
This variant of SymbOS/Cabir contains the following files in its installable package (
.SIS
file):
flo.mdl [2,544 bytes]
guan4u.app [11,932 bytes]
guan4u.rsc [44 bytes]
If the .SIS
installer package is execut
Bropia.E
This malware was reported by: Panda Software
Bropia.E is a worm that installs another worm, detected by Panda Software as W32/Gaobot.CTX.worm, on the affected computer.Bropia.E spreads via MSN Messenger.
W32/Bropia-D
This malware was reported by: Sophos
W32/Rbot-UW
This malware was reported by: Sophos
W32/Agobot-PI
This malware was reported by: Sophos
Downloader.ALQ
This malware was reported by: Panda Software