Aimdes.D
This malware was reported by: Computer Associates
Win32.Aimdes.D is a worm that spreads through the AOL Instant Messenger network and attempts to spread via e-mail. It has been distributed as a 53,248 byte
Aimdes.A
This malware was reported by: Computer Associates
Win32.Aimdes.A is a worm that attempts to spread through AOL Instant Messenger and e-mail. It has been distributed as a 36,864-byte Win32 executable.
W32.Randex.CST
This malware was reported by: Symantec
W32.Randex.CST is a network-aware worm that spreads to network shares protected by weak passwords. The worm also opens a back door on the compromised computer and may be remotely controlled via IRC channels.
W32.Spybot.KAI
This malware was reported by: Symantec
W32.Spybot.KAI is a worm that propagates through file sharing networks. The worm opens a back door on the compromised computer allowing a remote attacker to have unauthorized access via IRC channels.
Toxbot
This malware was reported by: Computer Associates
W32/Sdbot-VN
This malware was reported by: Sophos
W32/Sdbot-VL
This malware was reported by: Sophos
Downloader-VQ
This malware was reported by: Network Associates Inc
W32/Kelvir-A
This malware was reported by: Sophos
W32/Domwis-G
This malware was reported by: Sophos
Stang.B
This malware was reported by: Panda Software
Stang.B is a worm that ends the processes LSASS.EXE and SVCHOST.EXE, which belong to the Windows operating system.The process LSASS.EXE deals with local security and login policies and if it is ended, a countdown message is displayed, and the computer is
W32/Sdranck-B
This malware was reported by: Sophos
W32/Bropia-Q
This malware was reported by: Sophos
W32/Mydoom.bg@MM
This malware was reported by: Network Associates Inc
This threat is proactively detected as W32/Mydoom.gen@MM with the 4405 DAT files, or newer, when using the 4.4.00 scan engine.
This Mydoom variant combines the Mydoom mass-mailing functionality with W32/Sdbot.worm functionallity.
The virus
Mytob.A
This malware was reported by: F-Secure
A new worm Mytob.A which has MyDoom family functionality as
well as borrows some of the bot family functionality has been
spotted. The bot contains code to spread via network using
LSASS vulnerability.
W32.Inforyou.A@mm
This malware was reported by: Symantec
W32.Inforyou.A@mm is a mass-mailing worm that sends itself to email addresses gathered from the compromised computer using its own SMTP engine. The email has a variable subject and attachment name. The attachment will have a .pif, .scr, .exe, or .zip ext
W32.Kipis.M@mm
This malware was reported by: Symantec
W32.Kipis.M@mm is a mass-mailing worm that spreads by sending an email to addresses it finds on a compromised computer and by copying itself to network shares.
W32.Spybot.KEG
This malware was reported by: Symantec
W32.Spybot.KEG is a worm that has distributed denial of service and back door capabilities. The worm spreads to network shares protected by weak passwords and by exploiting vulnerabilities.
W32.Namshare
This malware was reported by: Symantec
W32.Namshare is a worm that attempts to spread through file-sharing networks. This worm does not appear to have a malicious payload.
W32.Mytob@mm
This malware was reported by: Symantec
PWSteal.Ldpinch.D
This malware was reported by: Symantec
PWSteal.Ldpinch.D is a Trojan horse program that attempts to steal information from an infected computer and send it to the author of the Trojan.
W32/Poebot-I
This malware was reported by: Sophos
W32/Sdranck-A
This malware was reported by: Sophos
W32.Conycspa.G@mm
This malware was reported by: Symantec
W32.Conycspa.G@mm is a mass mailing worm that downloads and executes files from the Internet.
Note: Virus definitions dated February 26, 2005 or earlier may detect this threat as Trojan.Bookmarker.
W32/Bropia-R
This malware was reported by: Sophos
W32.Refaz
This malware was reported by: Symantec
W32.Refaz is a worm that propagates through file-sharing networks and network shares. The worm also modifies certain .HTML files on the compromised computer.
W32/Bropia-S
This malware was reported by: Sophos
W32/MyDoom-BD
This malware was reported by: Sophos
Trojan.Lazar
This malware was reported by: Symantec
Trojan.Lazar is a Trojan horse that downloads other programs. It contacts a remote computer for instructions on files to download and configuration changes to make to the infected computer.
Note: Virus definitions dated February 5, 2005 or earlier may d
W32.Holcas.A@mm
This malware was reported by: Symantec
W32.Holcas.A@mm is a mass-mailing worm that uses MAPI commands to send itself to all addresses found in the Windows Address Book. It also attempts to send itself via IRC.
The email has the following characteristics:
Subject: hola como estas, ;o)
Attac
W32.Elitper.A@mm
This malware was reported by: Symantec
W32.Elitper.A@mm is a mass-mailing worm that spreads using MAPI and through file-sharing networks. It also lowers Windows security settings by preventing access to antivirus-related Web sites.
The worm is written in Microsoft Visual Basic.
W32/MyDoom-BG
This malware was reported by: Sophos
W32/Agobot-QE
This malware was reported by: Sophos
Troj/Dloader-IE
This malware was reported by: Sophos
Proxy-Agent.g
This malware was reported by: Network Associates Inc
W32.Mytob.B@mm
This malware was reported by: Symantec
PWS-Goldun.dr
This malware was reported by: Network Associates Inc
Mytob.A
This malware was reported by: Panda Software
Mytob.A is a worm with backdoor characteristics. It connects to the server irc.blackcarder.net and accepts remote commands that are run in the affected computed, which allows hackers to gain remote control over it.In addition to this, Mytob.A deletes sev
Keylog-Sters
This malware was reported by: Network Associates Inc
PWS-QQRob
This malware was reported by: Network Associates Inc
MultiDropper-MI
This malware was reported by: Network Associates Inc
W32/Sdbot.worm.32768
This malware was reported by: Network Associates Inc
This variant is double packed, firstly with Morphine packer and then UPX packer.
When run, it copies itself to the WINDOWS SYSTEM (%sysDir%) directory as WZDSVC.EXE.
It creates and starts the following service:
Wireless Zero Daemon
Th
Mytob.B
This malware was reported by: F-Secure
Mytob.B is a minor variant of Mytob.A worm. It combines
functionality of MyDoom family of e-mail worms and IRC bots.
Please read the following page for more information:
http://www.f-secure.com/v-descs/mytob_a.shtml
W32/Agobot-QL
This malware was reported by: Sophos
W32/Codbot-Gen
This malware was reported by: Sophos
W32/Sdbot-VN
This malware was reported by: Sophos
W32.Spybot.KHC
This malware was reported by: Symantec
W32.Spybot.KHC is a worm that has distributed denial of service and back door capabilities. The worm spreads to network shares protected by weak passwords and by exploiting vulnerabilities.
Note: Virus definitions dated prior to February 28, 2005 may de
W32.Mytob.C@mm
This malware was reported by: Symantec
W32.Mytob.C@mm is a mass-mailing worm that uses it own SMTP engine to send an email to addresses that it gathers from the Windows Address Book on the compromised computer.
The worm also has the ability to open a back door and spread through the network
Troj/Kelebek-G
This malware was reported by: Sophos
W32/Kelvir-A
This malware was reported by: Sophos
Trojan.Eman
This malware was reported by: Symantec
Trojan.Eman is a Browser Helper Object which attempts to download and execute arbitrary code from a predetermined website.
Trojan.Mumuboy.C
This malware was reported by: Symantec
Trojan.Mumuboy.C is a Trojan horse that steals confidential information and emails it to a remote attacker. The Trojan also attempts to terminate several security-related processes.
W32.Zellome@m
This malware was reported by: Symantec
W32.Zellome@m is a worm that uses it own SMTP engine to send an email to addresses gathered from a compromised computer.
Backdoor.Spyboter.gen
This malware was reported by: Symantec
Backdoor.Spyboter.gen is a detection for a family of Trojans that open a back door on the compromised computer and allow the exploited computer to be remotely controlled via IRC channels.
Bagle.AZ
This malware was reported by: Computer Associates
Description Win32.Bagle.AZ is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32.Glieder.N.), which a
Glieder.N
This malware was reported by: Computer Associates
Description Win32.Glieder.N is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-packed, 34,304-byte, W
Bagle.BB
This malware was reported by: F-Secure
This trojan dropper appeared on March 1st, 2005. The dropper is
sent by Bagle.be worm as an attachment to its infected e-mails.
The dropper is sent inside a ZIP archive. The distribution was
quite high, so we set Radar Level 2 for this dropper.
The d
Trojan.Tooso
This malware was reported by: Symantec
Trojan.Tooso is a Trojan horse that interferes with the operation of security software by terminating processes, stopping services, removing registry entries, and deleting files.
W32/Mytob-C
This malware was reported by: Sophos
W32/Sdranck-B
This malware was reported by: Sophos
Bagle.BA
This malware was reported by: Computer Associates
Description Win32.Bagle.BA is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32.Glieder.O.), which a
Glieder.O
This malware was reported by: Computer Associates
Description Win32.Glieder.O is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-packed, 34,304-byte, W
Trojan.Tooso.B
This malware was reported by: Symantec
Trojan.Tooso.B is a Trojan horse that attempts to disable security-related software by terminating processes, stopping services, removing registry entries, and deleting files.
It has been reported that Trojan.Tooso.B is being emailed out by copies of W3
Bagle.BE
This malware was reported by: F-Secure
Another new Bagle variant - Bagle.BE has been found on March 1st, 2005.
This Bagle sends infected messages containing another Bagle-related
component.
The worm also contains a backdoor that listens on TCP port 80.
W32/Bagle.bn@MM
This malware was reported by: Network Associates Inc
AVERT has received a sample of this threat and is currently in the process of analyzing it. Details will be posted when they are available. Please check back shortly.
This bagle variant has been found to be downloaded by:
W32/Bagle.dldr
W32/Mydoom.bi@MM
This malware was reported by: Network Associates Inc
This Mydoom variant combines the Mydoom mass-mailing functionality with W32/Sdbot.worm functionallity.
The virus arrives in an email message as follows:
From:
(Spoofed email sender)
Do not assume that the sender address is an indication
Bagle.BF
This malware was reported by: F-Secure
Glieder.P
This malware was reported by: Computer Associates
Description Win32.Glieder.P is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-packed, 34,304-byte, W
Glieder.Q
This malware was reported by: Computer Associates
Description Win32.Glieder.Q is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-packed, 34,304-byte, W
Bagle.BB
This malware was reported by: Computer Associates
Description Win32.Bagle.BB is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32.Glieder.Q.), which a
W32.Beagle.BG@mm
This malware was reported by: Symantec
W32.Beagle.BG@mm is a mass-mailing worm that uses its own SMTP engine to spread copies of Trojan.Tooso.B.
The worm opens a back door and allows a remote attacker to have unauthorized access to the compromised computer.
Mitglieder.BO
This malware was reported by: Panda Software
Mitglieder.BO is a Trojan that heavily attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:It deletes key files belonging to them from the affected comp
W32/Assiral-B
This malware was reported by: Sophos
W32/Poebot-I
This malware was reported by: Sophos
W32.Beagle.BH@mm
This malware was reported by: Symantec
W32.Beagle.BH@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of Trojan.Tooso.B. Trojan.Tooso.B then downloads W32.Beagle.BH@mm on to the compromised computer.
The worm also opens a back door on TCP port 80.
The worm is
Trojan.Tooso.C
This malware was reported by: Symantec
Trojan.Tooso.C is a Trojan horse that interferes with the operation of security software by terminating processes, stopping services, removing registry entries, and deleting files.
This Trojan is similar to a variant of the W32.Beagle@mm family of worm
Bagle.BG
This malware was reported by: F-Secure
This trojan dropper appeared on March 1st, 2005. The dropper was
spread in e-mail messages, but we are not sure whether they were
seeded e-mails or there was some Bagle variant behind that. At
the moment of creation of this description we have not see
Bagle.BD
This malware was reported by: F-Secure
This trojan dropper appeared on March 1st, 2005. The dropper is
sent by Bagle.bf worm as an attachment to its infected e-mails.
The dropper is sent inside a ZIP archive.
The dropped trojan is detected as Email-Worm.Win32.Bagle.bb.
Small.TL
This malware was reported by: F-Secure
This trojan dropper appeared on February 28th, 2005. The dropper
was spread in e-mail messages, but we are not sure whether they
were seeded e-mails or there was some Bagle variant behind that.
At the moment of creation of this description we have not
Trojan.Tooso.D
This malware was reported by: Symantec
Trojan.Tooso.D is a Trojan horse that disables security software by terminating processes, stopping services, removing registry entries, and deleting files.
This Trojan is similar to a variant of the W32.Beagle@mm family of worms, but it does not send
Bagle.BN
This malware was reported by: Panda Software
Bagle.BC
This malware was reported by: Computer Associates
Description Win32.Bagle.BC is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32.Glieder.R.), which a
Glieder.R
This malware was reported by: Computer Associates
Description Win32.Glieder.R is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a PeX-packed, 34,304-byte, W
W32/Francette-Q
This malware was reported by: Sophos
StartPage-GN
This malware was reported by: Network Associates Inc
W32.Spybot.KHO
This malware was reported by: Symantec
W32.Spybot.KHO is a worm that has distributed denial of service and back door capabilities. The worm spreads to network shares protected by weak passwords and by exploiting computer vulnerabilities.
W32.Poxdar
This malware was reported by: Symantec
W32.Poxdar is a network-aware worm that has distributed denial of service and back door capabilities. The worm spreads by exploiting vulnerabilities.
Notes:
Further investigation has revealed that the Microsoft Windows Server Message Block Handlers Rem
W32.Gaobot.CPX
This malware was reported by: Symantec
W32.Gaobot.CPX is a network-aware worm with back door, keylogging, and denial of service capabilities. The worm spreads by exploiting common system vulnerabilities, weak passwords and systems compromised by various back doors.
W32.Beagle.BJ@mm
This malware was reported by: Symantec
W32.Beagle.BJ@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of Trojan.Tooso.B, which then downloads W32.Beagle.BJ@mm on to the compromised computer.
The worm also opens a back door on TCP port 80, and is packed with PeX.
W32.Beagle.BI@MM
This malware was reported by: Symantec
W32.Beagle.BI@mm is a mass-mailing worm that uses its own SMTP engine to spread copies of Trojan.Tooso.C, which then downloads W32.Beagle.BI@mm on to the compromised computer.
The worm also opens a back door on TCP port 80, and is packed with PeX.
VBS/Speery-A
This malware was reported by: Sophos
W32/Bropia-S
This malware was reported by: Sophos
Tofger.AT
This malware was reported by: Panda Software
W32/Mytob-A
This malware was reported by: Sophos
W32/MyDoom-BG
This malware was reported by: Sophos
Bloodhound.Exploit.28
This malware was reported by: Symantec
Bloodhound.Exploit.28 is a heuristic detection for the VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vulnerability (which is described in Security Focus BID 11974).
W32.Myfip.R
This malware was reported by: Symantec
W32.Myfip.R is a network-aware worm that steals files from a compromised computer.
W32/Agobot-QO
This malware was reported by: Sophos
W32/Mytob.gen@MM
This malware was reported by: Network Associates Inc
This detection covers multiple variants of a mass-mailing worm that combines W32/Mydoom@MM functionality with W32/Sdbot.worm functionality. The following description serves as an example of some of the variants:
The virus arrives in an ema
Bloodhound.Exploit.29
This malware was reported by: Symantec
Bloodhound.Exploit.29 is a heuristic detection for the Channel Definition Format (CDF) Cross Domain Vulnerability as described in Microsoft Security Bulletin MS05-014.