Backdoor.Graybird.Q
This malware was reported by: Symantec
Backdoor.Graybird.Q is a Trojan horse program that hides its presence on the compromised computer and downloads remote files.
StartPage-HP
This malware was reported by: Network Associates Inc
Trojan.Hugesot
This malware was reported by: Symantec
Trojan.Hugesot is a Trojan horse that downloads remote files and attempts to start a command shell on the compromised computer.
WORM_REATLE.G
This malware was reported by: Trendmicro
This memory-resident worm propagates through networks by taking advantage of the following Windows vulnerabilities:
Glieder.BD
This malware was reported by: Computer Associates
Description Win32.Glieder.BD is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a 14,2
TROJ_RECHNUNG.A
This malware was reported by: Trendmicro
Bagle.CA
This malware was reported by: Computer Associates
Description Win32.Bagle.CA is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CB
This malware was reported by: Computer Associates
Description Win32.Bagle.CB is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
WORM_RECHNUNG.A
This malware was reported by: Trendmicro
MiniRC
This malware was reported by: Panda Software
MiniRC is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.MiniRC allows a remote user to administer the affected compute
DlVeeb.A
This malware was reported by: Computer Associates
Description Win32.DlVeeb.A is a trojan that downloads and executes arbitrary files. At the time of publishing, this trojan downloads Win32.Starimp.A (a worm that spr
Starimp.A
This malware was reported by: Computer Associates
Description Win32.Starimp.A is a worm that spreads via peer-to-peer file sharing networks. It also steals sensitive information, such as passwords and login informat
WORM_GOLDUN.A
This malware was reported by: Trendmicro
TROJ_YABE.A
This malware was reported by: Trendmicro
This Trojan downloader is manually spammed via email by a remote malicious user. It arrives as an attachment using the file name Ebay-rechnung.pdf.exe. The following is a sample screenshot of the email message accompanying this Trojan:
WORM_MYTOB.KC
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm propagates by sending a copy of itself as an email attachment to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine.
WORM_BAGLE.BJ
This malware was reported by: Trendmicro
TROJ_BAGLE.CZ
This malware was reported by: Trendmicro
Behavior Diagram
Spytrooper
This malware was reported by: Panda Software
Spytrooper is an adware type malware. It is a fake anti-malware program that warns users of non-existing threats, which can only be deleted after purchasing the full version of the program.When users buy the full version and register the product, the so-
W32/Bagle@MM!cpl
This malware was reported by: Network Associates Inc
-- Update September 12, 2005 --
Multiple new variants of this threat were recently mass spammed. Filenames include 1.cpl
and price.cpl
and may arrive in a ZIP file named newprice.zip
, price_09.zip, price
some number.zip
, etc
PWSteal.Drorar
This malware was reported by: Symantec
PWSteal.Drorar is a Trojan horse that attempts to steal system information and log keystrokes. It sends the gathered information to predetermined URLs.
W32.Starimp
This malware was reported by: Symantec
W32.Starimp is a worm that spreads through peer to peer networks, steals password details, and can download and execute remote files.
Trojan.Schoeberl
This malware was reported by: Symantec
Trojan.Schoeberl is a Trojan horse that downloads and executes remote files.
Trojan.Tooso.N
This malware was reported by: Symantec
Trojan.Tooso.N is a Trojan Horse that attempts to lower security settings and download other threats. This risk is mailed by W32.Beagle.CG@mm.
W32.Beagle.CG@mm
This malware was reported by: Symantec
W32.Beagle.CG@mm is a mass-mailing worm that uses its own SMTP engine to send out copies of Trojan.Tooso.N. The worm also opens a back door on the compromised computer on TCP port 80 and lowers security settings.
Bat/loop90
This malware was reported by: Network Associates Inc
Kit-EvilTool
This malware was reported by: Network Associates Inc
Glieder.BF
This malware was reported by: Computer Associates
Description Win32.Glieder.BF is a trojan that has been distributed as a 14,340-byte DLL, mass-mailed out by Win32.Bagle.CD.
Bobax.AK
This malware was reported by: Computer Associates
Adware-Beginto.dll
This malware was reported by: Network Associates Inc
PWSteal.Wayi
This malware was reported by: Symantec
PWSteal.Wayi is a Trojan horse that attempts to steal passwords for the Rexue Jianghu online game offered by wayi.com.tw. The Trojan sends the stolen information to a predetermined email address.
Banker.APM
This malware was reported by: Panda Software
Banker.APM is a password stealer type Trojan that attemtps to redirect websites belonging to several banking entities to a certain web server, which hosts web pages that imitate the original ones. By doing this, it could be able to trick unaware users in
Trojan.Win32.Agent.ij
This malware was reported by: F-Secure
Bagle.EK
This malware was reported by: Panda Software
Mitglieder.EV is a Trojan that attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:It deletes key files for their correct functioning.It deletes entries
JS/Wonka
This malware was reported by: Network Associates Inc
Warspy Family
This malware was reported by: Computer Associates
Description Win32.Warspy are a family of trojans that display a number of messages and fake errors on an affected system in order to lure users into visiting advert
Keylog-DesktopDetect
This malware was reported by: Network Associates Inc
Pakes
This malware was reported by: F-Secure
Doomboot.D
This malware was reported by: F-Secure
Doomboot.D is a close variant to Doomboot.C. The major diffenrence between
Doomboot.D and Doomboot.C is that Doomboot.D contains corrupted font file
from Fontal.A and theme file that changes the background and other images
on the phone.
Doomboot.D p
Hoax
This malware was reported by: F-Secure
Trojan-AOL
This malware was reported by: F-Secure
These are not viruses but trojan horses, made specifically to work
under the America On-Line front-end system.
not-virus:BadJoke
This malware was reported by: F-Secure
IM-Worm
This malware was reported by: F-Secure
Instant Messenger Worm (generic description)
An Instant Messenger worm is usually a standalone program that
spreads in Instant Messenger (IM) networks. There are a few
widely used instant messenger networks - ICQ, MSN, Yahoo!, AOL
and a few others.
SMS-Flooder
This malware was reported by: F-Secure
SMS Flooder (generic description)
An SMS Flooder is a trojan that sends a massive amount of SMS
messages to a single or multiple targets. A big amount of SMS
messages can cause a lot of inconvenience and annoyance and in
some cases crash specific har
Net-Worm
This malware was reported by: F-Secure
Network Worm (generic description)
A network worm is usually a standalone program that tries to copy
itself to other computers connected to the same LAN (Local Area
Network). Such worms travel from one computer to another using
shares. A share is a m
Trojan-AIM
This malware was reported by: F-Secure
Instant Messenger Trojan (generic description)
An Instant Messenger Trojan is usually a standalone program that
affects a certain Instant Messenger (IM) client. There are a few
widely used instant messenger networks - ICQ, MSN, Yahoo!, AOL
and a few
Email-Worm
This malware was reported by: F-Secure
Mass Mailer (generic description)
A mass-mailer, also called an Internet worm, is usually a
standalone program that sends itself as an e-mail attachment to
e-mail addresses that it could find on an infected computer. Mass
mailers became very widespre
IRC-Worm
This malware was reported by: F-Secure
IRC Worm (generic description)
An IRC worm is usually a standalone program that uses IRC
networks to spread itself. Such worm either tries to spread
itself by establishing connection to an IRC server or it can drop
specific scripts to an IRC client d
Starter.h
This malware was reported by: F-Secure
Trojan.Rohoteng
This malware was reported by: Symantec
Trojan.Rohoteng is a Trojan horse that attempts to steal confidential information related to online games running on the compromised computer. It then attempts to send this information to predetermined Web sites.
Keyspy.B
This malware was reported by: Panda Software
Keyspy.B is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.Keyspy.B is a program that can be used to monitor the comput
Mitglieder.EV
This malware was reported by: Panda Software
Mitglieder.EV is a Trojan that attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:It deletes key files for their correct functioning.It deletes entries
VBS.Inker.B@mm
This malware was reported by: Symantec
VBS.Inker.B@mm is a mass-mailing worm that changes icons, swaps mouse buttons, and lowers computer security settings.
PE_LISIMA.A-O
This malware was reported by: Trendmicro
This file infector prepends its code to every .EXE files it finds. The infected files are detected as PE_LISIMA.A. It may overwrite some files that it attempts to infect.
Mytob.JN
This malware was reported by: Panda Software
Mytob.JN is a worm with backdoor characteristics that opens a TCP port in order to connect to an IRC server and receive control commands, which allow the affected computer to be remotely administrated.This worm ends processes belonging to several securit
WORM_MYTOB.KH
This malware was reported by: Trendmicro
This memory-resident worm arrives on a system via email, which it sends to target recipients using its own SMTP engine. The said email contains the URL link http ://70.12{BLOCKED}.219:90/Confirm_Sheet.pif that, when clicked, downloads a copy of this
WORM_MYTOB.KI
This malware was reported by: Trendmicro
This worm propagates by sending a copy of itself as an attachment to email messages, which it then sends to target addresses using its own SMTP engine.
W32.Kelvir.II
This malware was reported by: Symantec
W32.Kelvir.II is a worm that spreads through MSN Messenger and downloads a copy of another threat, which is a Backdoor.Sdbot variant.
IRC_LISIMA.A
This malware was reported by: Trendmicro
WORM_ZOTOB.N
This malware was reported by: Trendmicro
This memory-resident worm propagates by exploiting the Windows Plug and Play vulnerability. For more information, please refer to the Microsoft Security Bulletin MS05-039 page.
W32.Esbot.D
This malware was reported by: Symantec
Trojan.Flush.F
This malware was reported by: Symantec
Trojan.Flush.F is a Trojan horse that modifies the DNS server settings on a compromised computer and redirects the browser to potentially malicious Web sites.
Fantibag.A
This malware was reported by: Panda Software
Fantibag.A is a Trojan that prevents the user from accessing several web sites that mosltly belong to antivirus companies.In order to do so, Fantibag.A uses API functions belonging to RRAS (Routing Remote Access Service), which provide functionalities of
Bobic.k
This malware was reported by: F-Secure
Adware-Adwin
This malware was reported by: Network Associates Inc
P2load.A
This malware was reported by: Panda Software
P2load.A is a worm that modifies the start page and the search options of Internet Explorer.Additionally, it redirects the attempts of connection to a Google page to other website that imitates it. This way, when affected users attempt to search in
Bagle.EI
This malware was reported by: Panda Software
Bagle.EI is a worm that sends a copy of the Trojan detected as Mitglieder.EU to the email addresses it manages to gather.In addition, Bagle.EI prevents certain worms, such as several variants of Netsky, from being executed whenever Windows is started. In
Spyware-Buddy
This malware was reported by: Network Associates Inc
W32.Mytob.JN@mm
This malware was reported by: Symantec
W32.Mytob.JN@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
W32.Mytob.JM@mm
This malware was reported by: Symantec
W32.Mytob.JM@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
WORM_AHKER.K
This malware was reported by: Trendmicro
This memory-resident worm may arrive via email as an attachment. It may also be downloaded from a malicious Web site.
Bagle.CC
This malware was reported by: Computer Associates
Description Win32.Bagle.CC is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Adware-AdStart
This malware was reported by: Network Associates Inc
Adware-AdultId
This malware was reported by: Network Associates Inc
Bagle.CD
This malware was reported by: Computer Associates
Bagle.CE
This malware was reported by: Computer Associates
Bagle.CF
This malware was reported by: Computer Associates
Doomboot.E
This malware was reported by: F-Secure
Skulls.N
This malware was reported by: F-Secure
Adware-Isearch.dr
This malware was reported by: Network Associates Inc
W32.Iberio
This malware was reported by: Symantec
Adware-Look2me.dr
This malware was reported by: Network Associates Inc
Adware-eUniverse.dr
This malware was reported by: Network Associates Inc
W32.Pexmor@mm
This malware was reported by: Symantec
WORM_REATLE.H
This malware was reported by: Trendmicro
This worm arrives on a system as an email attachment that is sent to target addresses using its own Simple Mail Transfer Protocol (SMTP) engine.
WORM_ZOTOB.O
This malware was reported by: Trendmicro
This worm propagates by exploiting the Windows Plug and Play vulnerability. It scans random IP addresses to locate vulnerable machines to exploit. For more information about the said vulnerability, refer to the following Microsoft Web page:
WORM_MYTOB.KB
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this worm propagates by attaching itself to email messages that it sends to target addresses using its own Simple Mail Transfer Protocol (SMTP) engine.
WORM_SOBER.AA
This malware was reported by: Trendmicro
This worm arrives on a system as a dropped file of VBS_SOBER.AA. Upon execution it drops and executes several copies of itself using the following file names in the user’s Temporary folder:
VBS_SOBER.AA
This malware was reported by: Trendmicro
W32.Dafet.A
This malware was reported by: Symantec
W32.Dafet.A is a worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039).
X97M.Millenmic
This malware was reported by: Symantec
X97M.Millenmic is a macro virus that infects Microsoft Excel workbooks.
WORM_BAGLE.CZ
This malware was reported by: Trendmicro
Like other BAGLE variants, this memory-resident worm utilizes a Trojan downloader to propagate. Trend Micro detects the Trojan component as TROJ_BAGLE.CZ. Using its own SMTP (Simple Mail Transfer Protocol) engine, this worm sends email messages with
SYMBOS_DOOMED.E
This malware was reported by: Trendmicro
This Symbian malware affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. Some of the affected phone models are the following:
WORM_WURMARK.P
This malware was reported by: Trendmicro
This worm is capable of spreading via email. It uses its own built-in Simple Mail Transfer Protocol (SMTP) engine, enabling it to send bulk messages without having to use other email applications like Outlook Express. It sends a copy of itself as an
WORM_P2LOAD.A
This malware was reported by: Trendmicro
This worm propagates by dropping copies of itself in the shared folders of the following peer-to-peer file sharing applications:
W32.Looked.F
This malware was reported by: Symantec
W32.Looked.F is a worm that spreads through network shares and attempts to infect .exe files. It also lowers security settings and downloads and executes a remote file.
W32.Lanieca.H@mm
This malware was reported by: Symantec
W32.Lanieca.H@mm is a mass-mailing worm that uses its own SMTP engine to send itself to addresses it gathers from the compromised computer. The worm also logs keystrokes and steals various passwords.
Licu.A
This malware was reported by: Computer Associates
Description Licu.A is a worm that spreads via e-mail and floppy disks. It exists as a UPX-packed, 31,232 byte executable file. It spreads in a polymoprhic form in VB
W32/Bagle.cj@MM
This malware was reported by: Network Associates Inc
W32/Bagle.ci
This malware was reported by: Network Associates Inc
Adware-AtomicLog
This malware was reported by: Network Associates Inc