W32/Mytob-AK
This malware was reported by: Sophos
W32/LegMir-AD
This malware was reported by: Sophos
Trojan.Servpam
This malware was reported by: Symantec
Trojan.Servpam is a Trojan horse that allows a compromised computer to be used as an email relay.
PWSteal.Bancos.T
This malware was reported by: Symantec
PWSteal.Bancos.T is a password stealing Trojan horse that logs keystrokes and steals information entered into certain banking Web sites. It also steals cached passwords from Microsoft Outlook.
W32.Kelvir.AP
This malware was reported by: Symantec
W32.Kelvir.AP is a worm that sends a message to all MSN messenger contacts on the compromised computer and attempts to download a file.
Trojan.Hotword
This malware was reported by: Symantec
Trojan.Hotword is a Trojan Horse program that logs keystrokes and opens a back door.
W32/Mytob-BW
This malware was reported by: Sophos
Troj/CashGrab-B
This malware was reported by: Sophos
W32.Allim.A
This malware was reported by: Symantec
W32.Allim.A is a worm that spreads a variant of the W32.Spybot.Worm through America Online Instant Messenger (AIM).
W32/Icpass-A
This malware was reported by: Sophos
W32/Rbot-ABB
This malware was reported by: Sophos
Nopir.A
This malware was reported by: Panda Software
Nopir.A is a worm that deletes all the files with a COM or MP3 extension from the affected computer. Therefore, on Windows 2003/XP/2000/NT computers, the file NTDETECT.COM will be deleted, and the computer will not start.This worm modifies several comput
W32/Kassbot-C
This malware was reported by: Sophos
W32/Wurmark-I
This malware was reported by: Sophos
HLLP.4096
This malware was reported by: Network Associates Inc
Note: AVERT discovered an incorrect identification with this detection on several files. The incorrect identification has been fixed with the release of the 4478 DAT files.
If you have had a detection of this on your systems please re-scan
Antiman
This malware was reported by: F-Secure
W32.Gaobot.DEY
This malware was reported by: Symantec
W32.Gaobot.DEY is a network-aware worm with back door capabilities that spreads to network shares protected by weak passwords and can be controlled through IRC channels. It also attempts to lower security settings by blocking access to security related
BackDoor-CPT
This malware was reported by: Network Associates Inc
W32.Mydoom.BL@mm
This malware was reported by: Symantec
W32.Mydoom.BL@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer.
W32/Mytob-BT
This malware was reported by: Sophos
W32/Mytob-AI
This malware was reported by: Sophos
Trojan.Vundo.B
This malware was reported by: Symantec
W32.Nopir.A
This malware was reported by: Symantec
W32.Nopir.A is a worm that deletes files on the infected computer and attempts to place itself in a shared eMule folder.
W32.Allim.B
This malware was reported by: Symantec
W32.Allim.B is a worm that spreads through America Online Instant Messenger (AIM) and drops a variant of Backdoor.Sdbot.
Banker.NL
This malware was reported by: Panda Software
W32.Kelvir.AW
This malware was reported by: Symantec
W32.Kelvir.AW is a worm that downloads a file and sends a message to all MSN messenger contacts on the compromised computer.
Note: Virus Definitions dated prior to April 28, 2005 may detect this threat as Trojan.KillAV.
W32.Netsky.AI@mm
This malware was reported by: Symantec
W32.Netsky.AI@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it gathers from certain files on the compromised computer, and copies itself to mapped network drives. The worm also downloads a copy of Backdoor.Ne
Backdoor.Lingosky
This malware was reported by: Symantec
Backdoor.Lingosky is a Trojan horse that opens a back door and allows the compromised computer to be used as a covert proxy.
Kedebe.B
This malware was reported by: Panda Software
Kedebe.B is a worm with backdoor characteristics that ends processes belonging to certain security tools, such as several antivirus programs and firewalls, among others. This leaves the affected computer vulnerable to attacks from other malware.Kedebe.B
W32/Banish-A
This malware was reported by: Sophos
W32/MyDoom-BN
This malware was reported by: Sophos
W32/Sdbot-ZC
This malware was reported by: Sophos
W32/Bropia.worm.aj
This malware was reported by: Network Associates Inc
This threat is similar to both the W32/Bropia and W32/Kelvir worm families. It attempts to send the following message to IM contacts via MSN Messenger:
rofl, is this you?
http://dba.{removed}
.us/pictures.php?email =
If the recipient
BackDoor-CQL
This malware was reported by: Network Associates Inc
W32.Allim!gen
This malware was reported by: Symantec
W32.Allim!gen is a generic detection for the W32.Allim family of worms. These worms spread through AOL Instant Messenger and drop a variant of Backdoor.Sdbot.
W32.Kelvir.AX
This malware was reported by: Symantec
W32.Kelvir.AX is a Trojan that sends a message to all MSN messenger contacts on the compromised computer.
Bancos.NL
This malware was reported by: Panda Software
Keylog-Dss
This malware was reported by: Network Associates Inc
W32/Nopir
This malware was reported by: Network Associates Inc
W32/Mytob-AJ
This malware was reported by: Sophos
PortScan-Angry
This malware was reported by: Network Associates Inc
W32/Agobot-RV
This malware was reported by: Sophos
W32/Antiman-A
This malware was reported by: Sophos
BackDoor-CQQ
This malware was reported by: Network Associates Inc
Troj/PcClient-R
This malware was reported by: Sophos
W32/Mytob-AK
This malware was reported by: Sophos
W32.Spybot.OFN
This malware was reported by: Symantec
W32.Spybot.OFN is a network-aware worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities. W32.Spybot.OFN may be downloaded by W32.Kel
W32.Kelvir.AZ
This malware was reported by: Symantec
W32.Kelvir.AZ is a worm that sends a message to all MSN messenger contacts on the compromised computer.
Trojan.StartPage.O
This malware was reported by: Symantec
Trojan.StartPage.O is a Trojan horse that modifies settings in Internet Explorer.
Trojan.Riler.D
This malware was reported by: Symantec
Trojan.Riler.D is a back door Trojan horse that installs itself as a layered service provider (LSP) and allows a remote attacker to have unauthorized access to the compromised computer.
W32.Mytob.BR@mm
This malware was reported by: Symantec
W32.Mytob.BR@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm also spreads through network shares by exploiting The Microsoft Win
W32.Topion.A
This malware was reported by: Symantec
W32.Topion.A is a network-aware worm that copies itself to network shares.
W32/Mytob-BW
This malware was reported by: Sophos
W32/Sdbot-XV
This malware was reported by: Sophos
W32/Icpass-A
This malware was reported by: Sophos
W32.Mytob.BS@mm
This malware was reported by: Symantec
W32.Mytob.BS@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the
compromised computer.
The worm also spreads through network shares by exploiting the Microsoft Windo
W32.Kelvir.BA
This malware was reported by: Symantec
W32.Kelvir.BA is a worm that attempts to spread W32.Spybot.OFN to all MSN Messenger contacts on the compromised computer through MSN Messenger.
Troj/LegMir-DR
This malware was reported by: Sophos
W32/Mytob-BT
This malware was reported by: Sophos
Backdoor.Doyorg
This malware was reported by: Symantec
Backdoor.Doyorg is a back door Trojan which allows unauthorized remote access. The Trojan may arrive via an instant message received in AOL Instant Messenger (AIM).
W32.Banish.A@mm
This malware was reported by: Symantec
W32.Banish.A@mm is a mass-mailing worm that also spreads through the network by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (as described in Microsoft Security Bulletin MS04-011).
W32/Oscarbot
This malware was reported by: Network Associates Inc
Several variants/repackaged versions of the bot were discovered in the last few days. Additionally, similar Sdbot variants have been discovered recently that also use this AIM vector.
This threat "spreads" via a hyperlink that is received
Backdoor.Heplane
This malware was reported by: Symantec
Backdoor.Heplane is a back door Trojan that allows a remote attacker to have unauthorized access to the compromised computer. It also acts as a proxy server.
W32/Rbot-ABO
This malware was reported by: Sophos
W32/Banish-A
This malware was reported by: Sophos
Uploader-X
This malware was reported by: Network Associates Inc
Skulls.J
This malware was reported by: F-Secure
Appdisabler.A
This malware was reported by: F-Secure
Appdisabler.A is a malicious SIS file dropper, which is dropped by
Skulls.J trojan. Appdisabler.A tries to disable third party file
managers and drops SymbOS/Locknut.B trojan and SymbOS/Cabir.Y worm
Cabir.Y
This malware was reported by: F-Secure
Cabir.Y is a minor variant of Cabir.B the only significant
difference is that Cabir.Y Spreads in symTEE.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
Cabir.V
This malware was reported by: F-Secure
Cabir.V is a minor variant of Cabir.B the only significant
difference is that Cabir.V Spreads in GAVNOR.SIS while Cabir.B
uses Caribe.sis
For more details, see description of Cabir.A
http://www.f-secure.com/v-descs/cabir.shtml
W32/Sdbot-XW
This malware was reported by: Sophos
W32/MyDoom-BN
This malware was reported by: Sophos
W32/Sober-N
This malware was reported by: Sophos
W32/Kassbot-C
This malware was reported by: Sophos
W32/Sober.p@MM
This malware was reported by: Network Associates Inc
This threat is proactively detected with the 4473 DAT files, or newer, as W32/Sober.gen@MM.
AVERT is currently analyzing this threat. More details will be posted shortly.
This threat arrives in an email message with one of the following a
Sober.P
This malware was reported by: F-Secure
Sober.P email worm was found on May 2nd, 2005.
It sends itself as an attachment in e-mail messages with English or German texts.
W32.Sober.O@mm
This malware was reported by: Symantec
SymbOS/Locknut.C
This malware was reported by: Network Associates Inc
Troj/Bbprox-A
This malware was reported by: Sophos
Sober.V
This malware was reported by: Panda Software
Sober.V is a worm that spreads via email, in a message written in English or German.The email message will be written in German only if the mail domain extension is one of the following: de (Germany), ch (Switzerland), at (Austria) or li (Liechtenstein).
W32.Spybot.OGX
This malware was reported by: Symantec
W32.Spybot.OGX is a network-aware worm that has distributed denial of service and back door capabilities. The worm spreads through network shares protected by weak passwords and by exploiting vulnerabilities.
W32.Kelvir.BD
This malware was reported by: Symantec
W32.Kelvir.BD is a worm that downloads a remote file and sends a message to all MSN messenger contacts on the compromised computer.
Backdoor.Staprew.B
This malware was reported by: Symantec
Backdoor.Staprew.B is a back door server program that allows a remote attacker to have unauthorized access to the compromised computer.
PWSteal.Bancos.U
This malware was reported by: Symantec
PWSteal.Bancos.U is a password stealing Trojan horse that logs keystrokes and steals information entered into certain banking Web sites. The Trojan may also take screenshots of certain banking Web pages in an attempt to collect passwords and other sensit
W32/Rbot-ABP
This malware was reported by: Sophos
Troj/PcClient-R
This malware was reported by: Sophos
W32.Mytob.BT@mm
This malware was reported by: Symantec
W32.Mytob.BT@mm is a mass-mailing worm with back door functionality that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm also spreads through network shares by exploiting The Microsoft Windo
Skulls.I
This malware was reported by: F-Secure
Skulls.I is an edited version of Skulls.D SIS file trojan,
it contains several variants of Cabir worm, and several
copies of Locknut.B trojan.
Skulls.K
This malware was reported by: F-Secure
Skulls.K is an edited version of Skulls.H SIS file trojan,
it disables third party applications and installs Cabir.M worm
and Locknut.B trojan on the device.
Agent.aa
This malware was reported by: F-Secure
Agent.aa is a data stealing trojan that tries to steal account
information from the infected computer. It steals cached
credientials from the system and monitors active web browsers,
logging keystrokes sent to online banks. It can also take
screensho
Troj/Zlob-I
This malware was reported by: Sophos
W32/Sdbot-XV
This malware was reported by: Sophos
W32/Mytob-CA
This malware was reported by: Sophos
W32/Agobot-RV
This malware was reported by: Sophos
W32.Mytob.BU@mm
This malware was reported by: Symantec
W32.Mytob.BU@mm is a mass-mailing worm that uses its own SMTP engine to send an email to addresses that it gathers from the compromised computer.
The worm also opens a back door and spreads through the network by exploiting the Microsoft Windows DCOM R
W32/Rbot-ABQ
This malware was reported by: Sophos
Troj/LegMir-DR
This malware was reported by: Sophos
W32.Mydoom.BN@mm
This malware was reported by: Symantec
Troj/Fireby-B
This malware was reported by: Sophos
W32/Rbot-ABO
This malware was reported by: Sophos