StartPage-DC!hosts
This malware was reported by: Network Associates Inc
W32/Plexus.b@MM
This malware was reported by: Network Associates Inc
Qhosts.apd
This malware was reported by: Network Associates Inc
EPOC.Cabir
This malware was reported by: Symantec
EPOC.Cabir is a proof-of-concept worm that replicates on Series 60 phones. This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device.
For example, even a Bluetooth-enabled printer will be
Cabir
This malware was reported by: F-Secure
Cabir is a bluetooth using worm that runs in Symbian
mobile phones that support Series 60 platform.
Cabir replicates over bluetooth connections and arrives
to phone messaging inbox as caribe.sis file what contains the worm.
When user clicks the cari
Zafi.A
This malware was reported by: F-Secure
Zafi is a mass-mailing worm that sends infected emails with
Hungarian text and an attachment disguised as a link.
The worm sends emails only to addresses that end with .hu so
it is not likely to spread outside Hungary.
Zafi was programmed to be acti
W32/Rbot-AQ
This malware was reported by: Sophos
W32/Rbot-AQ is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote
access to the infected computer via IRC channels while running in the
background.
In order to r
EPOC_CABIR.A
This malware was reported by: Trendmicro
This proof-of-concept worm spreads through BLUETOOTH-enabled devices. It arrives as a .SIS file and installs itself in the APPS folder.
Sober.H
This malware was reported by: Panda Software
W32/Rbot-AS
This malware was reported by: Sophos
W32/Rbot-AS is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote
access to the infected computer via IRC channels while running in the
background as a service proc
StartPage-DU
This malware was reported by: Network Associates Inc
StartPage-CZ
This malware was reported by: Network Associates Inc
StartPage-DK
This malware was reported by: Network Associates Inc
StartPage-DP
This malware was reported by: Network Associates Inc
RemAdm-PSKill
This malware was reported by: Network Associates Inc
Symb/Cabir-A
This malware was reported by: Sophos
Symb/Cabir-A is a worm written specifically for Nokia Series 60 mobile phones running the Symbian operating system.
The worm spreads as a Symbian SIS package named Caribe.sis. The package contains three components caribe.app, flo.mdl and caribe.rsc
Trojan.Boxed.B
This malware was reported by: Symantec
Trojan.Boxed.B is a variant of Trojan.Boxed.A. This Trojan horse performs a Denial of Service (DoS) attack on certain Web sites. DoS attacks are used to deny legitimate users access to a Web site.
Trojan.Boxed.B differs from Trojan.Boxed.A in the servic
Trojan.Boxed.A
This malware was reported by: Symantec
Trojan.Boxed.A is a Trojan horse that performs a Denial of Service (DoS) attack on certain Web sites. DoS attacks are used to deny legitimate users access to a Web site.
Bloodhound.Exploit.10
This malware was reported by: Symantec
Bloodhound.Exploit.10 is a heuristic detection for a Microsoft Internet Explorer cross-zone scripting exploit. This exploit uses redirection and delayed script injection through a modal dialog box.
This vulnerability was originally reported on June 6,
Cabir
This malware was reported by: Panda Software
Cabir.A is a worm that only affects mobile phones with a Symbian operating system and with Bluetooth technology built-in. This technology allows wireless connections of electronic devices, such as keyboards, mouses, PDAs, etc.Cabir.A does not have any da
StartPage-DB
This malware was reported by: Network Associates Inc
JS/Stealus
This malware was reported by: Network Associates Inc
Symbian/Cabir
This malware was reported by: Network Associates Inc
This worm is a proof of concept. It uses Bluetooth communication to transmit itself in the form of a Symbian SIS package from one mobile phone to another. The worm will only work on Series 60 mobile devices. Propagation was confirmed on Noki
PSW.Banker.B
This malware was reported by: Computer Associates
Cabir.A
This malware was reported by: Computer Associates
Bambo
This malware was reported by: Computer Associates
Win32.Bambo is a family of trojans that contain advanced backdoor functionality that allows unauthorized access to and extended control of an affected machi
Hostblock
This malware was reported by: Computer Associates
W32/Agobot-WR
This malware was reported by: Sophos
W32/Agobot-WR is an IRC backdoor Trojan and network worm.
W32/Agobot-WR is capable of spreading to computers on the local network
protected by weak passwords and on the internet.
When first run W32/Agobot-WR copies itself to the Windows system
W32/Rbot-AV
This malware was reported by: Sophos
W32/Rbot-AV is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote
access to the infected computer via IRC channels while running in the
background as a service proc
Adware-IntDel
This malware was reported by: Network Associates Inc
Cabir.B
This malware was reported by: F-Secure
Cabir.B is a minor variant of Cabir.A the only significant
difference is that the Cabir.B displays different text on the
start dialog when worm starts the first time or phone reboots.
For more details, see description of Cabir.A
http://www.f-secure.
StartPage-BT
This malware was reported by: Network Associates Inc
PWS-Respa
This malware was reported by: Network Associates Inc
Dialer-198
This malware was reported by: Network Associates Inc
PWSteal.Bamer.A
This malware was reported by: Symantec
PWSteal.Bamer.A steals passwords when you visit Web sites the belong to certain banks.
One indication of possible infections is the display of the message:
Invalid Operation at 0000:FF15
Download.Ject
This malware was reported by: Symantec
Download.Ject is a Trojan horse that attempts to download and install a file by exploiting vulnerabilities in Internet Explorer (BID 10472, BID 10473). The Trojan is triggered by visiting a Web site that contains the exploit code.
Note: Virus definit
Downloader.HC
This malware was reported by: Panda Software
StartPage-DQ
This malware was reported by: Network Associates Inc
Backdoor-CGB
This malware was reported by: Network Associates Inc
Cabir.B
This malware was reported by: Computer Associates
Dabber.B
This malware was reported by: Computer Associates
Win32.Dabber.B is a worm that spreads via the LSASS buffer overflow exploit, and to machines previously compromised by Win32.Sasser (using TCP port 5554). I
Startpage.DK
This malware was reported by: Computer Associates
Startpage.EV
This malware was reported by: Computer Associates
W32/Rbot-AY
This malware was reported by: Sophos
W32/Rbot-AY is a worm and backdoor. The worm spreads by exploiting various
operating system vulnerabilities, weak passwords on shares and SQL servers
and backdoors opened by other worms and Trojans.
W32/Rbot-AY creates a copy of itself named vide
W32/Rbot-AX
This malware was reported by: Sophos
W32/Rbot-AX is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote
access to the infected computer via IRC channels while running in the
background as a service proc
Argen
This malware was reported by: Panda Software
Argen is a malware type joke. These harmless programs display fake error messages on screen warning about the execution of destructive actions, fake these actions or change the mouse or screen settings.To be more precise, Argen displays several windows o
Dialer-133
This malware was reported by: Network Associates Inc
Downloader-IQ
This malware was reported by: Network Associates Inc
Downloader-KK
This malware was reported by: Network Associates Inc
WORM_SDBOT.RZ
This malware was reported by: Trendmicro
This memory-resident worm spreads through network shares. It uses NetBEUI functions to get any available list of user names and passwords. It then searches for shared folders and drops a copy of itself by using the gathered list.
W32/Agobot-KB
This malware was reported by: Sophos
W32/Agobot-KB is a backdoor Trojan and worm which spreads to computers
protected by weak passwords.
When first run, W32/Agobot-KB copies itself to the Windows system folder as
msft32.exe and creates the following registry entries to run itself on
StartPage.FH
This malware was reported by: Panda Software
W32/Lovgate-V
This malware was reported by: Sophos
W32.Korgo.L
This malware was reported by: Symantec
W32.Korgo.L is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 3067,
Backdoor.Nibu.H
This malware was reported by: Symantec
Backdoor.Nibu.H opens a backdoor Trojan horse on a compromised system. It also runs a keylogger, periodically sending the stolen information to a predetermined email address.
Due to bugs in the code, this threat may not function as intended.
StartPage-AI.gen
This malware was reported by: Network Associates Inc
W32/Sdbot.worm.gen
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.h
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.p
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.n
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.m
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.k
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Sdbot.worm.gen.j
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Korgo.worm.p
This malware was reported by: Network Associates Inc
This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:
MS04-011 vulnerability (CAN-2003-0533)http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
The worm spreads with a random filename and acts
Cruxis.A
This malware was reported by: Computer Associates
Win32.Cruxis.A is a backdoor trojan that allows unauthorized access to an affected machine. It consists of several components, including legitimate and prop
W32/Rbot-BC
This malware was reported by: Sophos
W32/Rbot-BC is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the
background as a service proces
WORM_KORGO.M
This malware was reported by: Trendmicro
This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of an affected system. The said vulnerability is discussed in detail in the following pages:
WORM_KORGO.L
This malware was reported by: Trendmicro
This worm is a member of the KORGO family of worms, which propagates by exploiting a buffer overrun vulnerability in the Windows LSASS (Local Security Authority Subsystem Service). This vulnerability is discussed in detail in the following pages:
W32/Sdbot-JB
This malware was reported by: Sophos
W32/Sdbot-JB is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote
access to the infected computer via IRC channels while running in the
background as a service pro
WORM_KORGO.I
This malware was reported by: Trendmicro
This worm is another variant of the KORGO family of worms. It similarly exploits the Windows LSASS vulnerability, a buffer overrun that allows remote code execution and enables an attacker to gain full control of an affected system. This vulnerability is
Hombia
This malware was reported by: F-Secure
Hombia is very simple appeding infector written with the batch language. It
contains a destructive payload witch can activate only some environments
depending on the regional settings.
When executed, it attempts to infect a single file with ".B
Korgo.P
This malware was reported by: F-Secure
This Korgo (aka Padobot) variant was found on June 17th, 2004. It
is a bit modified comparing to previous Korgo variants. Korgo.P
worm spreads throughout the Internet using a vulnerability in
Microsoft Windows LSASS. A description of the vulnerability
W32/Dansh-A
This malware was reported by: Sophos
W32/Dansh-A is a network worm and IRC backdoor Trojan which can copy itself
to the Windows System32 folder as DESKTOP.EXE when executed. This worm
also attempts to spread to remote network shares. The backdoor Trojan functionality allows unauthorise
Downloader-LE
This malware was reported by: Network Associates Inc
W97M.MLHR
This malware was reported by: Symantec
W97M.Anisc
This malware was reported by: Symantec
Trojan.Wintrash
This malware was reported by: Symantec
WORM_KORGO.N
This malware was reported by: Trendmicro
This worm is a member of the KORGO family of worms, which propagates by exploiting a buffer overrun vulnerability in the Windows LSASS (Local Security Authority Subsystem Service). This vulnerability is discussed in detail in the following pages:
Sober.H
This malware was reported by: Computer Associates
Unlike other members of the Sober family, Win32.Sober.H does not mass-mail itself out, instead, it hijacks an affected machine and uses it to harvest e-mail
Korgo.O
This malware was reported by: Panda Software
Korgo.N
This malware was reported by: Panda Software
Korgo.M
This malware was reported by: Panda Software
Korgo.Q
This malware was reported by: F-Secure
The Korgo.Q (aka Padobot.H) variant was found on June 21st, 2004.
It is very similar to the previous Korgo variant, discovered on
June 17th. Korgo.Q worm spreads throughout the Internet using a
vulnerability in Microsoft Windows LSASS. A description o
Korgo.P
This malware was reported by: Panda Software
Korgo.P is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.P connects to several web sites, to which
WORM_LOVGATE.AB
This malware was reported by: Trendmicro
This worm drops copies of itself in several locations using varying file names. It also drops its backdoor components, which are detected by Trend Micro as WORM_LOVGATE.Q.
W32/Bugbear.b@MM
This malware was reported by: Network Associates Inc
W32/Rbot-BI
This malware was reported by: Sophos
W32/Rbot-BI is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process
WORM_KORGO.P
This malware was reported by: Trendmicro
This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:
Backdoor.Ranky.G
This malware was reported by: Symantec
Backdoor.Ranky.G is a Trojan horse that runs as a proxy server. It opens a randomly selected TCP port.
Backdoor.Hacarmy.C
This malware was reported by: Symantec
Backdoor.Hacarmy.C is a Backdoor Trojan horse that gives an attacker control over a compromised computer.
IPScanner.A
This malware was reported by: Panda Software
IPScanner.A is a Hacking Tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.IPScanner.A is a tool that is designed for monitoring com
W32/Gaobot.worm.gen.r
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
W32/Gaobot.worm.gen.s
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
AIM-Lowdown
This malware was reported by: Network Associates Inc
W32/Korgo.worm.q
This malware was reported by: Network Associates Inc
This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:
MS04-011 vulnerability (CAN-2003-0533)http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
The worm spreads with a random filename and acts
W32/Setclo.worm
This malware was reported by: Network Associates Inc
This worm propagates via open shares on the network.
When executed the worm copies itself to the C: drive and to the root of any open share as SETUP.EXE.
In addition to this an AUTORUN.INF file is also dropped in the root of all drives int
JS/Exploit-DialogArg.a
This malware was reported by: Network Associates Inc
Ourtime.A
This malware was reported by: Computer Associates
Win32.Ourtime.A is a worm that spreads through peer-to-peer file sharing networks such as Kazaa and Overnet. The worm itself is a 61,952-byte, UPX-packed Wi
Tubty.A
This malware was reported by: Computer Associates
W32/Rbot-BL
This malware was reported by: Sophos
W32/Rbot-BL is a worm which attempts to spread to remote network shares. It
also contains backdoor Trojan functionality, allowing unauthorised remote
access to the infected computer via IRC channels while running in the
background as a service proc