W32/Korgo.worm.r
This malware was reported by: Network Associates Inc
This new variant is a repacked version of its predecessor. Kindly refer to W32/Korgo.worm.p.
for more information.
Top of Page
Downloader-LC
This malware was reported by: Network Associates Inc
Generated.Zombie
This malware was reported by: Network Associates Inc
W32.Korgo.O
This malware was reported by: Symantec
W32.Korgo.O is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 5111
W32.Korgo.N
This malware was reported by: Symantec
W32.Korgo.N is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 5111
W32.Korgo.M
This malware was reported by: Symantec
W32.Korgo.M is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP port 113 and oth
W32/Korgo-P
This malware was reported by: Sophos
W32/Korgo-P is a network worm that uses the LSASS exploit to propagate
(see Microsoft Security Bulletin MS04-011 for more details).
W32/Korgo-P copies itself to the Windows system folder with a randomly-
generated filename between 5 and 8 charact
WORM_KORGO.Q
This malware was reported by: Trendmicro
This worm is a member of the KORGO family of worms, which propagates by exploiting a buffer overrun vulnerability in the Windows LSASS (Local Security Authority Subsystem Service). This vulnerability is discussed in detail in the following pages:
StartPage-CQ.gen
This malware was reported by: Network Associates Inc
Korgo.S
This malware was reported by: Computer Associates
Korgo.R
This malware was reported by: Computer Associates
Win32.Korgo.R is a worm that spreads by exploiting the Microsoft Windows LSASS buffer overflow vulnerability. It also opens a backdoor that allows unauthori
Lioten.FA
This malware was reported by: Computer Associates
Win32.Lioten.FA is a worm that spreads via network shares.
WORM_KORGO.R
This malware was reported by: Trendmicro
This multi-threaded worm arrives as an .EXE file with a randomly generated file name.
W32/Agobot-KC
This malware was reported by: Sophos
Downloader-JV
This malware was reported by: Network Associates Inc
Dialer-RAS.bb.gen
This malware was reported by: Network Associates Inc
Korgo.T
This malware was reported by: F-Secure
The Korgo.T (aka Padobot.K) variant was found on June 22nd, 2004.
It is very similar to the previous Korgo variants, discovered
since June 17th. Korgo.T worm spreads throughout the Internet
using a vulnerability in Microsoft Windows LSASS. A descripti
JS/Spy-Peep.dr
This malware was reported by: Network Associates Inc
Korgo.Q
This malware was reported by: Panda Software
Korgo.Q is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.Q connects to several web sites, to which
Keylog-Zubo.dr
This malware was reported by: Network Associates Inc
StartPage-DT
This malware was reported by: Network Associates Inc
VBS/Ypsan@MM
This malware was reported by: Network Associates Inc
On executing the infected script, the virus will copy itself as win32aplication.vbs into the %windir%
directory. The virus may infect files with the following extensions - vbs, vbe or bas.
The following registry keys will be added:
VBS/Cowpox@MM
This malware was reported by: Network Associates Inc
This script is detected pro-actively as VBS/Sevenc. On executing the infected VBScript, the virus will display the following message:
The following files will be copied:
C:windowssystemPorn_pic.jpg.vbs
C:Documents
Korgo.S
This malware was reported by: Panda Software
Korgo.S is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.S connects to several web sites, to which
Korgo.R
This malware was reported by: Panda Software
Korgo.R is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.R connects to several web sites, to which
StartPage-CX
This malware was reported by: Network Associates Inc
Backdoor.Berbew.F
This malware was reported by: Symantec
Backdoor.Berbew.F is a variant of Backdoor.Berbew. This Trojan attempts to steal cached passwords from an infected computer, and may display fake windows to gather confidential information.
W32/Korgo-M
This malware was reported by: Sophos
W32/Korgo-M is a network worm which uses the LSASS exploit to propagate. When executed the worm copies itself to the Windows system folder using a randomly generated name and creates the following registry entry so that the worm starts when a user log
W32.Korgo.P
This malware was reported by: Symantec
W32.Korgo.P is a minor variant of W32.Korgo.L. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113,
StartPage-AQ
This malware was reported by: Network Associates Inc
W32/Spybot.worm.gen.k
This malware was reported by: Network Associates Inc
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
X97M/Linik
This malware was reported by: Network Associates Inc
Top of Page
Tiebud
This malware was reported by: Network Associates Inc
Tiebud is a virus which infects the boot sector of floppy disks and the partition sector of hard disks.
Tiebud does not infect any files, and does not have a payload other than replication.
Top of Page
StartPage-AW
This malware was reported by: Network Associates Inc
WORM_KORGO.T
This malware was reported by: Trendmicro
This memory-resident worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following
SYMBOS_CABIR.A
This malware was reported by: Trendmicro
This proof-of-concept worm spreads through BLUETOOTH-enabled devices. It arrives as a .SIS file and installs itself in the APPS folder.
Rbot
This malware was reported by: Computer Associates
Korgo.U
This malware was reported by: F-Secure
The Korgo.U (aka Padobot.m) variant was found on June 24th, 2004.
It is very similar to the previous Korgo variants, discovered
since June 17th. Korgo.U worm spreads throughout the Internet
using a vulnerability in Microsoft Windows LSASS. A descripti
Downloader.JH
This malware was reported by: Panda Software
WORM_KORGO.S
This malware was reported by: Trendmicro
This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:
W32.Korgo.Q
This malware was reported by: Symantec
W32.Korgo.Q is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on random TCP ports betwe
W32.Korgo!gen
This malware was reported by: Symantec
W32.Korgo!gen is a generic detection that detects variants of W32.Korgo.
W32.Randex.ATS
This malware was reported by: Symantec
W32.Randex.ATS is a network-aware worm that attempts to connect to a predetermined IRC server.
W32/Korgo-R
This malware was reported by: Sophos
W32/Korgo-R is a network worm using the LSASS exploit to propagate (MS04-011). When executed the worm copies itself to the Windows system folder using a randomly generate name and creates the following registry entry so that the worm starts when a use
WORM_KORGO.V
This malware was reported by: Trendmicro
This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:
JS.Scob.Trojan
This malware was reported by: Symantec
JS.Scob.Trojan is a simple trojan that executes a JavaScript file from a remote server.
Korgo.T
This malware was reported by: Panda Software
Korgo.T is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.T connects to several web sites, to which
Padodor.W
This malware was reported by: F-Secure
Padodor backdoor was created by a Russian hacker group called
HangUp Team. This backdoor steals users personal information
including credit card numbers, logins and password that a user
types and other sensitive information. The Padodor.w variant was
Scob
This malware was reported by: F-Secure
Scob is a trojan downloader written in JavaScript. It has been found from a
number of web sites at June 24th, 2004. The trojan has been found to be
appended to existing files at those web servers, for example pictures such
as jpeg files.
When execut
Toofer
This malware was reported by: Computer Associates
ModalDZoneBypass.exploit
This malware was reported by: Computer Associates
W32/Korgo-S
This malware was reported by: Sophos
W32/Korgo-S is a network worm which uses the LSASS exploit to propagate (MS04-011) . When executed the worm copies itself to the Windows system folder using a randomly generated name and creates the following registry entry so that the worm starts whe
Korgo.U
This malware was reported by: Panda Software
Korgo.U is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.U connects to several web sites, to which
W32/NetskyP-Dam
This malware was reported by: Sophos
Sophos Anti-Virus detects as W32/NetskyP-Dam damaged, non-working samples of W32/Netsky-P.
Webber.P
This malware was reported by: Panda Software
Webber.P is a backdoor that allows to gain remote control over the affected computer through the TCP port 23232, in order to carry out actions that would compromise users confidentiality, or even impede normal work.In addition, Webber.P opens two TCP por
BackDoor-AXJ
This malware was reported by: Network Associates Inc
JS/Scob-A
This malware was reported by: Sophos
JS/Scob-A is a Java script trojan that is reported to be appended to HTML files on IIS machines.
JS/Scob-A downloads a file from a Russian website, this website is no longer accessible.
JS_JECT.A
This malware was reported by: Trendmicro
This Trojan script usually arrives as an encrypted Java script file embedded in malicious Web pages. It exploits several vulnerabilities in Internet Explorer in order to download and execute malicious files on the affected system.
JS_SCOB.A
This malware was reported by: Trendmicro
This Trojan script is usually embedded in malicious Web pages. It can also be dropped by another malware, which is detected by Trend Micro as TROJ_SCOB.A.
WORM_KORGO.U
This malware was reported by: Trendmicro
This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:
W32.Korgo.R
This malware was reported by: Symantec
W32.Korgo.R is a variant of W32.Korgo.M. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP port 113 and oth
Scob
This malware was reported by: Network Associates Inc
Backdoor.Berbew.G
This malware was reported by: Symantec
Backdoor.Berbew.G attempts to steal cached passwords and may display fake windows to gather confidential information.
WORM_BLEBLA.B
This malware was reported by: Trendmicro
This destructive worm is a variant of WORM_BLEBLA.A. This Internet worm spreads by sending a copy of itself via email to all addresses found on the user address book.
Dialer-188
This malware was reported by: Network Associates Inc
Backdoor.Botex
This malware was reported by: Symantec
Backdoor.Botex is a Backdoor Trojan horse that allows unauthorized, remote access to a compromised computer. It also attempts to steal system and user information.
W32/Mota.worm
This malware was reported by: Network Associates Inc
The worm may arrive as an e-mail file attachment with the file attachment being either a .scr
or .pif
or .zip
file. When the attachment is executed (manually) , it runs silently, no gui message boxes are displayed.
It copies itse
MSNPeriod
This malware was reported by: Network Associates Inc
DDoS-Ferlect
This malware was reported by: Network Associates Inc
BackDoor-CCL
This malware was reported by: Network Associates Inc
BackDoor-AXY
This malware was reported by: Network Associates Inc
W32/Rbot-CA
This malware was reported by: Sophos
W32/Rbot-CA is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process
TrojanDownloader.Win32.Small
This malware was reported by: F-Secure
IRC-Xevol
This malware was reported by: Network Associates Inc
W32/Agobot-KE
This malware was reported by: Sophos
W32/Agobot-KE is a backdoor Trojan and worm which spreads to computers
protected by weak passwords.
When first run, W32/Agobot-KE moves itself to the Windows system folder as
VDISP.EXE and creates the following registry entries to run itself on
W32.Bugbear.K@mm
This malware was reported by: Symantec
W32.Bugbear.K@mm worm is:
A variant of W32.Bugbear.B@mm and W32.Bugbear.E@mm.
A mass-mailing worm that also spreads through network shares.
Polymorphic and also infects .exe files.
Possesses keylogging capabilities.
Downloader-LY
This malware was reported by: Network Associates Inc
Trojan.Chost
This malware was reported by: Symantec
Trojan.Chost modifies the Windows Hosts file to prevent access or redirect users to certain Web sites.
Scob.A
This malware was reported by: Panda Software
Scob.A is a Trojan that only affects Windows XP/2000/NT computers that act as web servers, provided that they have IIS (Internet Information Services) v5.0 installed.Scob.A modifies the configuration settings of that application so that a malicious JavaS
DialogArg
This malware was reported by: Panda Software
DialogArg represents a set of Trojans that contain a malicious JavaScript code, with instructions for downloading an executable file from an specific IP address.This code is added to HTML, CSS or GIF files, among others, downloaded from a web site hosted
Downloader-JY
This malware was reported by: Network Associates Inc
BackDoor-AXJ.gen
This malware was reported by: Network Associates Inc
W32.Randex.ATX
This malware was reported by: Symantec
W32.Randex.ATX is a network-aware worm that may be remotely controlled using IRC.
Trojan.Boxed.D
This malware was reported by: Symantec
Trojan.Boxed.D is a Trojan horse that performs a Denial of Service (DoS) attack on certain Web sites. DoS attacks are used to deny legitimate users access to a Web site.
Trojan.Errhijack
This malware was reported by: Symantec
Trojan.Errhijack is a browser hijacker that resets the default settings for error conditions in Microsoft Internet Explorer. Once this happens, if a you type a URL that does not exist, or there is any type of browser failure, you will be redirected to an
Backdoor.Hacarmy.D
This malware was reported by: Symantec
Backdoor.Hacarmy.D is a Backdoor Trojan horse that gives an attacker control over a compromised computer.
Plexus.B
This malware was reported by: Computer Associates
Win32.Plexus.B is a worm that spreads via e-mail, peer-to-peer file sharing networks and by exploiting vulnerabilities in the Windows operating system via p
Korgo.V
This malware was reported by: Panda Software
Korgo.V is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.V connects to several web sites, to which
Masteseq
This malware was reported by: Computer Associates
Win32.Masteseq is a backdoor which provides unauthorized access to a compromised Windows machine. It tries to hide its presence on a machine using several s
W32/Rbot-CC
This malware was reported by: Sophos
W32/Rbot-CC is a member of the W32/Rbot family of worms with backdoor
component.
In order to run automatically when Windows starts up the worm copies
itself to the file goawv.exe in the Windows system folder
and adds the following registry entri
Downloader-KZ
This malware was reported by: Network Associates Inc
W32.Gaobot.AUS
This malware was reported by: Symantec
W32.Gaobot.AUS is a repacked variant of W32.Gaobot.SN. The worm spreads through open network shares and through backdoors that the Mydoom family of worms open. It allows attackers to access an infected computer using a predetermined IRC channel.
Needy.N
This malware was reported by: F-Secure
Needy trojan family consists of trojans thatare written in
Java and use vulnerability in Microsoft Internet Explorer
Java Runtime. Usually these trojans change Internet Explorer
homepage and search settings and some variants also download
executable
Needy.M
This malware was reported by: F-Secure
Needy trojan family consists of trojans thatare written in
Java and use vulnerability in Microsoft Internet Explorer
Java Runtime. Usually these trojans change Internet Explorer
homepage and search settings and some variants also download
executable
Needy.K
This malware was reported by: F-Secure
Needy trojan family consists of trojans thatare written in
Java and use vulnerability in Microsoft Internet Explorer
Java Runtime. Usually these trojans change Internet Explorer
homepage and search settings and some variants also download
executable
Needy.J
This malware was reported by: F-Secure
Needy trojan family consists of trojans thatare written in
Java and use vulnerability in Microsoft Internet Explorer
Java Runtime. Usually these trojans change Internet Explorer
homepage and search settings and some variants also download
executable
Needy.L
This malware was reported by: F-Secure
Needy trojan family consists of trojans thatare written in
Java and use vulnerability in Microsoft Internet Explorer
Java Runtime. Usually these trojans change Internet Explorer
homepage and search settings and some variants also download
executable
W32.Korgo.V
This malware was reported by: Symantec
W32.Korgo.V is a variant of W32.Korgo.N. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on random TCP ports betwe
W32.Korgo.U
This malware was reported by: Symantec
W32.Korgo.O is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP Port 3067 and ra
W32.Korgo.T
This malware was reported by: Symantec
W32.Korgo.T is a variant of W32.Korgo.N. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 5111, a