W32.Korgo.S
This malware was reported by: Symantec
W32.Korgo.M is a variant of W32.Korgo.B. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP port 3067 and on r
W32/Spybot-CW
This malware was reported by: Sophos
W32/Spybot-CW is a peer-to-peer and network worm with backdoor Trojan functionality.
W32/Spybot-CW copies itself to Navapsvcc.exe in the Windows system folder
and creates entries in the registry at the following locations to run itself on system r
Trojan.Ecure
This malware was reported by: Symantec
Trojan.Ecure is a Trojan horse that modifies the Hosts file and Internet Explorer home page.
Note: Virus definitions dated June 28th, 2004 or earlier may detect this as Trojan Horse.
Dialer-Generic
This malware was reported by: Network Associates Inc
W32.Korgo.N
This malware was reported by: Symantec
W32.Korgo.T is a variant of W32.Korgo.N. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP ports 113, 5111, a
W32/Agobot-KG
This malware was reported by: Sophos
W32/Rbot-CG
This malware was reported by: Sophos
W32/Rbot-CG is a backdoor Trojan and network worm that allows unauthorised
remote access to the infected computer via IRC channels while running in the
background as a service process.
In order to run automatically when Windows starts up the worm
PWS-WebMoney.gen
This malware was reported by: Network Associates Inc
W32.Doep.A
This malware was reported by: Symantec
W32.Doep.A is a worm that spreads through file-sharing networks, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet.
PWSteal.Refest
This malware was reported by: Symantec
PWSteal.Refest is a Trojan Horse that installs itself as a BHO (Browser Helper Object) for Internet Explorer and steals online banking information when it is submitted in web forms.
W32.Ainesey.A@mm
This malware was reported by: Symantec
W32.Ainesey.A@mm is a mass-mailing worm that sends a copy of itself to all the email addresses gathered from the computer.
The Subject, Body, and Attachment name in the email vary.
Bankhook.A
This malware was reported by: Panda Software
Bankhook.A is a Trojan that installs itself in the affected computer by taking advantage of several vulnerabilities.Bankhook.A is a DLL (Dynamic Link Library) that registers itself in order to ensure it is run whenever the browser Internet Explorer is la
StartPage-DU!htm
This malware was reported by: Network Associates Inc
StartPage-DU!text
This malware was reported by: Network Associates Inc
Downloader-KN
This malware was reported by: Network Associates Inc
Lodis.E
This malware was reported by: Computer Associates
W32/Yesenio.worm!vbs
This malware was reported by: Network Associates Inc
This threat is detected as W32/Yesenio.worm!vbs. The worm will drop MSIEXEC32.EXE which is detected as W32/Yesenio.worm.
Top of Page
W32/Yesenio.worm
This malware was reported by: Network Associates Inc
After the worm is executed, the following screen is displayed.
The worm attempts to access the Windows Address Book (WAB) and MAPI service in an attempt to mail itself out.
Top of Page
StartPage-EA
This malware was reported by: Network Associates Inc
MultiDropper-KM.b
This malware was reported by: Network Associates Inc
Downloader-LM
This malware was reported by: Network Associates Inc
Downloader-KU
This malware was reported by: Network Associates Inc
W32.Korgo.O
This malware was reported by: Symantec
W32.Korgo.O is a variant of W32.Korgo.I. This worm attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445. It also listens on TCP Port 3067 and ra
StartPage-CK
This malware was reported by: Network Associates Inc
Phishbank.U
This malware was reported by: Computer Associates
Korgo.W
This malware was reported by: Panda Software
Korgo.W is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.W connects to several web sites, to which
W32/Korgo.worm.s
This malware was reported by: Network Associates Inc
This self-executing worm spreads by exploiting a Microsoft Windows vulnerability:MS04-011 vulnerability (CAN-2003-0533)http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
The worm spreads with a random filename and acts
Webber.S
This malware was reported by: Panda Software
Webber.S is a backdoor that allows to gain remote control over the affected computer in order to carry out actions that would compromise users confidentiality, or even impede normal work.Webber.S sends confidential information to different web sites, as
Cabrotor
This malware was reported by: F-Secure
Cabrotor is backdoor, allowing an attacker to control the machine where it
runs. The trojan itself is a Windows PE EXE file written in Delphi.
Rugrat
This malware was reported by: F-Secure
Rugrat is a simple direct-action file infector that targets 64-bit
Windows executables, 32-bit applications are not affected.
This virus only infects files in the current directory of the infected
executable and all of its subdirectories.
W32.Lovgate.Y@mm
This malware was reported by: Symantec
W32.Lovgate.Y@mm is a mass-mailing worm that also propagates through open network shares. It allows an attacker to access your computer. The email will have a variable subject and a file attachment with a .bat, .cmd, .exe, .pif, .scr, or .zip file extens
Downloader-LP
This malware was reported by: Network Associates Inc
Agent.E
This malware was reported by: Panda Software
Agent.E is a backdoor that installs a DLL (Dynamic Link Library) in the affected computer. This DLL allows to gain control over several functions of the browser Internet Explorer.Agent.E allows to carry out other actions, such as getting information on t
W32/Sdbot-JF
This malware was reported by: Sophos
W32/Sdbot-JF is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service proces
PWS-Banker
This malware was reported by: Network Associates Inc
W32/Sdbot-JG
This malware was reported by: Sophos
W32/Sdbot-JG is a network worm with backdoor capabilities which allows a remote intruder to access and control the computer via IRC channels.
W32/Sdbot-JG spreads over a network by copying itself to the Windows system folder of C$ and Admin$ shares
P2E.A
This malware was reported by: Panda Software
W32/Lovgate.ad@MM
This malware was reported by: Network Associates Inc
-- Update 2nd July, 2004 --
The risk assessment of this threat has been upgraded to medium due to an increase in prevalence.
If you think that you may be infected with this threat, and are unsure how to check your system, you may
do
StartPage-BN
This malware was reported by: Network Associates Inc
W32.Korgo.W
This malware was reported by: Symantec
W32.Korgo.W is a worm that attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011) on TCP port 445.
This variant also attempts to download and execute a file fro
W32.Lovgate.X@mm
This malware was reported by: Symantec
W32.Lovgate.X@mm is a variant of W32.Lovgate@mm. This mass-mailing worm attempts to email itself to all the email addresses that it finds on a computer.
The "sender" of the email is spoofed, and the subject line and message body of the email vary.
W3
W32/Rbot-CR
This malware was reported by: Sophos
W32/Rbot-CR is a network worm and backdoor for the Windows platform. W32/Rbot-CR allows a malicious user remote access to an infected computer.
The worm copies itself to a file named taskmngrs.exe in the Windows system folder and creates the follow
W32/Lovgate-AD
This malware was reported by: Sophos
W32/Sdbot-JP
This malware was reported by: Sophos
WORM_LOVGATE.Y
This malware was reported by: Trendmicro
This is a modified build of WORM_LOVGATE.W .
Lovgate.AE
This malware was reported by: F-Secure
Lovgate.AE worm was found on July 2nd, 2004. The worm spreads in
e-mails, local networks and peer-to-peer networks. Additionally the worm
drops a backdoor to an infected system.
Recovering from Lovgate.AE infection can be a laborious task, as
it dele
IRC-Deport
This malware was reported by: Network Associates Inc
WORM_AGOBOT.NL
This malware was reported by: Trendmicro
This memory-resident worm spreads through network shares. It uses NetBEUI functions to get any available list of user names and passwords. It then searches for shared folders and drops a copy of itself using the gathered list.
WORM_LOVGATE.AD
This malware was reported by: Trendmicro
WORM_LOVGATE.AE
This malware was reported by: Trendmicro
This worm propagates via email and network shares. It drops several files as its backdoor components. Trend Micro detects these dropped files as WORM_LOVGATE.Q and WORM_LOVGATE.V.
W32.Evaman@mm
This malware was reported by: Symantec
W32.Evaman@mm is a mass-mailing worm that spreads to addresses found at the Web site, email.people.yahoo.com.
The worm arrives as an attachment with an .exe or .scr extension.
Note: Symantec Consumer products that support Worm Blocking functionality
Backdoor.Ranky.H
This malware was reported by: Symantec
Backdoor.Ranky.H is a Trojan horse that runs as a proxy server by opening a random TCP port.
W32/Evaman-A
This malware was reported by: Sophos
W32/Evaman-A is a mass mailing worm.
When W32/Evaman-A infects your computer, it copies itself to the Windows system folder using the name wintasks.exe and creates the following registry entry so that it activates whenever you logon to your compute
PE_LOVGATE.AD
This malware was reported by: Trendmicro
This memory-resident file-infector spreads through email and network shares. It drops several components and copies of itself in the Windows, Windows system, and root folders.
Bagle.AD
This malware was reported by: Panda Software
Bagle.AD is a worm that spreads via e-mail in a message with variable characteristics and through P2P file sharing programs.
W32/Bagle.ad@MM
This malware was reported by: Network Associates Inc
Bagle.Y
This malware was reported by: Computer Associates
Win32.Bagle.Y is a worm that spreads via e-mail and peer-to-peer file sharing. The worm itself is a UPX-packed executable, approximately 60,000 bytes in len
W32/Evaman@MM
This malware was reported by: Network Associates Inc
--Update 5th July 2004--
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.news.com.au/common/story_page/0,4057,10046398%255E15306,00.html
--
PE_LOVGATE.AC
This malware was reported by: Trendmicro
This memory-resident file-infector spreads through email and network shares. It drops several components and copies of itself in the Windows, Windows system, and root folders.
Korgo.X
This malware was reported by: Panda Software
Korgo.X is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.Korgo.X attempts to connect to several IRC serve
Evaman.A
This malware was reported by: Computer Associates
Win32.Evaman is a worm that spreads via e-mail. It has been distributed as a 14,848-byte, UPX-packed Win32.executable.
W32/Bagle-AD
This malware was reported by: Sophos
A detailed analysis will be published here shortly. Please check again later.
W32/Rbot-CP
This malware was reported by: Sophos
W32/Rbot-CP is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process
WORM_BAGLE.AD
This malware was reported by: Trendmicro
To control the spread of this WORM_BAGLE variant, TrendLabs has declared a Medium Risk (YELLOW) alert as of July 5, 2004, 2:40 AM (GMT -07:00; Daylight Saving Time).
Evaman.A
This malware was reported by: Panda Software
Evaman.A is a worm without damaging effects that spreads via e-mail, in a message that seems to be returned to sender because of a false error.Evaman.A sends itself out to all the addresses it finds in the web site email.people.yahoo.com.Sometimes Evaman
W32/Bagle.ae@MM
This malware was reported by: Network Associates Inc
Evaman.A
This malware was reported by: F-Secure
Evaman.A is a simple massmailer. It sends itself in emails appearing to be
error messages.
W32.Beagle.Y@mm
This malware was reported by: Symantec
W32.Beagle.Y@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1234.
Symantec Security Response has developed a removal tool to clean the infections of W32.Beagle.Y@mm.
W32.Mota.A@mm
This malware was reported by: Symantec
W32.Mota.A is a worm that propagates by sending itself to email addresses gathered from the computer.
Trojan.Spabot
This malware was reported by: Symantec
Trojan.Spabot is a Trojan horse that allows an infected computer to be used as an spam email relay.
W32/Lovgate-F
This malware was reported by: Sophos
A detailed analysis will be published here shortly. Please check again later.
Bagle.AA
This malware was reported by: F-Secure
WORM_LOVGATE.AF
This malware was reported by: Trendmicro
This worm propagates via email and network shares. It drops several files as its backdoor components, which Trend Micro detects as WORM_LOVGATE.V.
WORM_EVAMAN.A
This malware was reported by: Trendmicro
This memory-resident worm propagates via email with the following details:
TROJ_REFEST.A
This malware was reported by: Trendmicro
This Trojan program drops a .DLL file in the Windows system folder with a random file name composed of lower case characters.
W32.Beagle.Z@mm
This malware was reported by: Symantec
W32.Beagle.Z@mm is a mass-mailing worm that uses its own SMTP engine to spread through email and opens a backdoor on TCP port 1234.
The worm is functionally similar to W32.Beagle.Y@mm and is packed with PeX.
Symantec Security Response has developed a
PWSteal.Likmet.A
This malware was reported by: Symantec
PWSteal.Likmet.A is a Trojan horse that displays a fake MSN Messenger logon window and steals the password provided.
Trojan.Otinet
This malware was reported by: Symantec
Trojan.Otinet is a Trojan horse program that uses the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-11) to force other computers to download a malicious program.
Evaman.B
This malware was reported by: Computer Associates
Win32.Evaman.B is a worm that spreads via e-mail. It has been distributed as a 14,848-byte, UPX-packed Win32.executable.
Boxed
This malware was reported by: Computer Associates
Win32.Boxed is a family of trojans used to perform Denial of Service attacks against specific hosts. Variants of this family seen by CA have generally been
Bagle.Z
This malware was reported by: Computer Associates
Win32.Bagle.Z is a worm that spreads via e-mail and peer-to-peer file sharing. The worm itself is a PEX-packed executable, approximately 60,000 bytes in len
W32/Sdbot-JS
This malware was reported by: Sophos
W32/Sdbot-JS is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service proces
W32.Lovgate.Z@mm
This malware was reported by: Symantec
W32.Lovgate.Z@mm is a mass-mailing worm that also spreads through open network shares.
The email will have a variable subject and file attachment name, with a .bat, .exe, .pif, or .scr file extension.
W32.Lovgate.Z@mm spreads through the DCOM RPC vuln
W32/Lovgate-AH
This malware was reported by: Sophos
A detailed analysis will be published here shortly. Please check again later.
W32/Lovgate.af@MM
This malware was reported by: Network Associates Inc
This new variant of W32/Lovgate is packed multiple times
Like its predecessors, this worm bears the following characteristics:
attempts to copy itself to accessible or poorly secured remote shares, scanning contiguous IP ranges, seeking a
Trojan.Ecure.B
This malware was reported by: Symantec
Trojan.Ecure.B is a Trojan horse that modifies the Hosts file and the Internet Explorer home page.
W32.Mota.A
This malware was reported by: Symantec
W32.Mota.A is a worm that propagates by sending itself to email addresses gathered from the computer.
SymbOS.Cabir
This malware was reported by: Symantec
SymbOS.Cabir is a proof-of-concept worm that replicates on Series 60 phones. This worm repeatedly sends itself to the first Bluetooth-enabled device that it can find, regardless of the type of device.
For example, even a Bluetooth-enabled printer will
Lovgate.AL
This malware was reported by: Computer Associates
Lovgate.AL is a worm that spreads via e-mail, network shares, exploitation of a Windows RPCSS vulnerability (MS03-039) and the Kazaa file sharing network. I
Lovgate.AO
This malware was reported by: Computer Associates
Lovgate.AO is a worm that spreads via e-mail, network shares, exploitation of a Windows RPCSS vulnerability (MS03-039) and the Kazaa file sharing network. I
Lovgate.AH
This malware was reported by: F-Secure
Lovgate.AH worm was found in July 2004. The worm spreads in
e-mails, local networks and peer-to-peer networks. Additionally the worm
drops a backdoor to an infected system.
Lovgate.AH renames all found .EXE files to .~EX and drops itself as
an .EXE f
W32/Lovgate-AG
This malware was reported by: Sophos
W32/Sdbot-JY
This malware was reported by: Sophos
W32/Sdbot-JY is a worm which attempts to spread using P2P shared folders. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service proces
Trojan.Ecure.C
This malware was reported by: Symantec
Trojan.Ecure.C is a Trojan horse that modifies the Hosts file and the Internet Explorer home page.
W32/Rbot-CZ
This malware was reported by: Sophos
W32/Rbot-CZ is a worm which attempts to spread to remote network shares. It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process
La Bible Des Moines Hoax
This malware was reported by: Network Associates Inc
W32.Lovgate.AB@mm
This malware was reported by: Symantec
W32.Lovgate.AB@mm is mass-mailing worm that also spreads through open network shares. Once a system is infected, a remote attacker can access it. The email will have a variable subject and a file attachment with a .exe, .pif, .scr, .com, .rar, or .zip
Protoride.S
This malware was reported by: Computer Associates
Winshow.N
This malware was reported by: Computer Associates
W32/Agobot-KM
This malware was reported by: Sophos
W32/Agobot-KM is a network worm that spreads to other computers by exploiting network services with either weak passwords or unpatched vulnerabilities.
In order to run automatically when Windows starts up W32/Agobot-KM copies itself to the file MSV