TROJ_BAGLE.DA
This malware was reported by: Trendmicro
To get a one glance comprehensive view of the behavior of this Trojan, refer to the Behavior Diagram shown below.
Bagle.BI
This malware was reported by: F-Secure
This Bagle downloader appeared on September 19th, 2005.
The infected emails always contain a 35kB file called "text.exe"
inside an archive with names like newprice.zip, price_09.zip or price2.zip.
It is quite similar to earlier Bagle varia
W32.Peerload.A
This malware was reported by: Symantec
W32.Peerload.A is a worm that spreads through file-sharing networks, such as Kazaa, eMule, Shareaza, and iMesh.
Mitglieder.EW
This malware was reported by: Panda Software
Mitglieder.EW is a Trojan that attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:It deletes entries of the Windows Registry that store several configu
RemoteAny
This malware was reported by: Panda Software
RemoteAny is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.RemoteAny is a program that can be used to control remotely
W32/Bagle.ck
This malware was reported by: Network Associates Inc
This Bagle variant has been mass spammed and arrives in a ZIP file. Such as:
price.zip (containing price_09.exe)
MD5: 61c65b52028ecb6e2d6a81fa69209e77 [exe]
This variant copies itself to the %WinDir% system32 as WINSHOST.EXE and a
W32/Licu.worm
This malware was reported by: Network Associates Inc
Trojan.Tooso.O
This malware was reported by: Symantec
Trojan.Tooso.O is a Trojan horse that attempts to lower security settings and download other threats.
W32/Bagle.cl
This malware was reported by: Network Associates Inc
This Bagle variant has been mass spammed and arrives in a ZIP file. Such as:
price.zip (containing price_list.exe)
MD5: a543640698380e7a3fe5607cfc42304c [exe]
This variant copies itself to the %WinDir% system32 as WINSHOST.EXE and a
Trojan.Tooso.P
This malware was reported by: Symantec
Trojan.Tooso.P is a minor variant of Trojan.Tooso.O that attempts to lower security settings and download other threats.
WORM_BAGLE.DA
This malware was reported by: Trendmicro
Like earlier BAGLE variants, this worm uses a Trojan component in order to propagate. It does this by sending out email messages containing copies of TROJ_BAGLE.DA to target recipients using its own SMTP engine.
W32/Bagle.cn
This malware was reported by: Network Associates Inc
This Bagle variant has been mass spammed and arrives in a ZIP file. Such as:
price_new.zip (containing price_20.exe)
MD5: c5880d41ea9e32bbc65a3bf20727bbbc [exe]
This variant copies itself to the %WinDir% system32 as WINSHOST.EXE an
SymbOS.Doomboot.E
This malware was reported by: Symantec
SymbOS.Doomboot.E is a Trojan horse that drops corrupt files on to the compromised device. The Trojan runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones.
Glieder.BI
This malware was reported by: Computer Associates
Description Win32.Glieder.BI is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BJ
This malware was reported by: Computer Associates
Description Win32.Glieder.BJ is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BK
This malware was reported by: Computer Associates
Description Win32.Glieder.BK is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a 35,5
Glieder.BL
This malware was reported by: Computer Associates
Description Win32.Glieder.BL is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BM
This malware was reported by: Computer Associates
Description Win32.Glieder.BM is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a 35,1
Glieder.BN
This malware was reported by: Computer Associates
Description Win32.Glieder.BN is a trojan that downloads and executes arbitrary files from a long hardcoded list of particular URLs. It has been distributed as a 35,5
Bagle.CG
This malware was reported by: Computer Associates
Description Win32.Bagle.CG is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CH
This malware was reported by: Computer Associates
Description Win32.Bagle.CH is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CI
This malware was reported by: Computer Associates
Description Win32.Bagle.CI is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Eyeveg.M
This malware was reported by: F-Secure
Eyeveg.m is an e-mail worm that sends e-mails with URLs to its
infected files that are located on different webservers. Some of
those webservers were hacked to upload malware files. The malware
files are located inside ZIP archives. The worm also has
Bagle.DF
This malware was reported by: F-Secure
This Bagle downloader appeared on September 19th, 2005. It is
quite similar to earlier Bagle variants like Bagle.BY:
http://www.f-secure.com/v-descs/bagle_by.shtml
Bagle.DE
This malware was reported by: F-Secure
This Bagle downloader appeared on September 19th, 2005. It is
quite similar to earlier Bagle variants like Bagle.BY:
http://www.f-secure.com/v-descs/bagle_by.shtml
Bagle.DD
This malware was reported by: F-Secure
This Bagle downloader appeared on September 19th, 2005. It is
quite similar to earlier Bagle variants like Bagle.BY:
http://www.f-secure.com/v-descs/bagle_by.shtml
Bagle.DB
This malware was reported by: F-Secure
This Bagle downloader appeared on September 19th, 2005. It is
quite similar to earlier Bagle variants like Bagle.BY:
http://www.f-secure.com/v-descs/bagle_by.shtml
Bagle.DA
This malware was reported by: F-Secure
This Bagle downloader appeared on September 19th, 2005. It is
quite similar to earlier Bagle variants like Bagle.BY:
http://www.f-secure.com/v-descs/bagle_by.shtml
Bagle.CY
This malware was reported by: F-Secure
This Bagle downloader appeared on September 19th, 2005. It is
quite similar to earlier Bagle variants like Bagle.BY:
http://www.f-secure.com/v-descs/bagle_by.shtml
Bagle.CZ
This malware was reported by: F-Secure
The Bagle.CZ is a mass-mailer. It sends out infected messages
containing another Bagle-related component, Bagle.DB. This
mass-mailer is downloaded by the Bagle.CX downloader:
http://www.f-secure.com/v-descs/bagle_cx.shtml
Bagle.CX
This malware was reported by: F-Secure
This Bagle-related downloader appeared on September 19th, 2005.
This particular downloader is fetched from one of websites by
another Bagle downloader (that appeared yesterday), however it is
not similar to it.
This particular downloader tries do dow
Sdbot.FAH
This malware was reported by: Panda Software
Sdbot.FAH is a worm that connects to several IRC servers in order to receive remote control commands, acting as a backdoor. It can be instructed to download and run files, log the keystrokes typed by the user, execute commands, etc.Additionally, Sdbot.FA
Bagle.DC
This malware was reported by: F-Secure
The Bagle.DC is a trojan dropper. It appeared on September 19th,
2005. It is fetched from one of websites by Bagle-related
downloaders that appeared yesterday. This trojan dropper drops a
DLL file and injects it into Windows Explorer process. The DLL
Adware-Pushtoolbar
This malware was reported by: Network Associates Inc
Bagle.DG
This malware was reported by: F-Secure
This Bagle downloader appeared on September 20th, 2005. It is
quite similar to earlier Bagle variants like Bagle.BY:
http://www.f-secure.com/v-descs/bagle_by.shtml
W32/Bagle.cj
This malware was reported by: Network Associates Inc
Cardtrap.A
This malware was reported by: F-Secure
Cardtrap.A is a malicious SIS file trojan, which tries to disable
large number of system and third party applications and installs
Windows malware on the phone memory card.
The Cardtrap.A installs Windows worms Win32/Padobot.Z and Win32/Rays to the
W32.Ahker.N@mm
This malware was reported by: Symantec
W32.Ahker.N@mm is a mass-mailing worm that sends a copy of itself to email addresses gathered from the compromised computer and performs a denial of service attack against the www.cnn.com domain.
Mepe.A
This malware was reported by: Panda Software
Mepe.A is a worm that attempts to close the windows belonging to several system tools, in computer with their operating system in Spanish: Administrador de Tareas (Task Manager), Panel de Control (Control Panel), Editor del Registro (Windows Registry Edi
W32/Bagle.gen
This malware was reported by: Network Associates Inc
-- Update September 20, 2005 --
During the past 48 hours at least a dozen different Bagle variants have been discovered. The current Bagle distribution model is as follows:
Previously infected machines are used to mass-spam new variants
Trojan.Tooso.Q
This malware was reported by: Symantec
Glieder.BO
This malware was reported by: Computer Associates
Description Win32.Glieder.BO is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BP
This malware was reported by: Computer Associates
Description Win32.Glieder.BP is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BQ
This malware was reported by: Computer Associates
Description Win32.Glieder.BQ is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BR
This malware was reported by: Computer Associates
Description Win32.Glieder.BR is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BS
This malware was reported by: Computer Associates
Description Win32.Glieder.BS is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 38,
Glieder.BT
This malware was reported by: Computer Associates
Description Win32.Glieder.BT is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 36,
Bagle.CJ
This malware was reported by: Computer Associates
Description Win32.Bagle.CJ is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CK
This malware was reported by: Computer Associates
Description Win32.Bagle.CK is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CL
This malware was reported by: Computer Associates
Description Win32.Bagle.CL is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CM
This malware was reported by: Computer Associates
Description Win32.Bagle.CM is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CN
This malware was reported by: Computer Associates
Description Win32.Bagle.CN is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CO
This malware was reported by: Computer Associates
Description Win32.Bagle.CO is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CP
This malware was reported by: Computer Associates
Description Win32.Bagle.CP is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Bagle.CQ
This malware was reported by: Computer Associates
Description Win32.Bagle.CQ is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Glieder.BU
This malware was reported by: Computer Associates
Description Win32.Glieder.BU is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BV
This malware was reported by: Computer Associates
Description Win32.Glieder.BV is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Glieder.BW
This malware was reported by: Computer Associates
Description Win32.Glieder.BW is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Bagle.CR
This malware was reported by: Computer Associates
Description Win32.Bagle.CR is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
SymbOS/MultiDropper.G
This malware was reported by: Network Associates Inc
PE_BOBAX.AI
This malware was reported by: Trendmicro
Glieder.BX
This malware was reported by: Computer Associates
Description Win32.Glieder.BX is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 35,
Bagle.CS
This malware was reported by: Computer Associates
Description Win32.Bagle.CS is a worm that spreads via e-mail. Rather than putting itself in e-mail attachments, it uses a separate downloader component (called Win32
Adware-PortalScan
This malware was reported by: Network Associates Inc
WORM_CHOD.H
This malware was reported by: Trendmicro
Upon execution, this memory-resident worm creates a randomly generated folder in the Windows system folder. It then drops the file KERNEL32.EXE in the created folder.
Adware-SSF!Hosts
This malware was reported by: Network Associates Inc
PWSteal.Ragnarok
This malware was reported by: Symantec
PWSteal.Ragnarok is a Trojan Horse that attempts to steal information related to the Ragnarok online game, and send it to a predetermined email address.
WORM_GUAP.D
This malware was reported by: Trendmicro
This worm spreads via the popular instant messaging program AOL Instant Messenger (AIM). It attempts to send a message to all online or available contacts of an affected user. The said message contains a link that, when clicked, downloads a copy of
Backdoor.Brakkeshell
This malware was reported by: Symantec
Backdoor.Brakkeshell is a Trojan horse that opens a back door on the compromised computer and waits for commands.
Adware-Quickbar
This malware was reported by: Network Associates Inc
W32.Mytob.JS@mm
This malware was reported by: Symantec
W32.Mytob.JS@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
SYMBOS_BLAKSYM.A
This malware was reported by: Trendmicro
W32/Mytob.eq@MM
This malware was reported by: Network Associates Inc
This detection is for a mass-mailing worm that combines W32/Mydoom@MM functionality with W32/Sdbot.worm functionality.
Mail Propagation
The virus arrives in an email message as follows:
From:
(Spoofed email sender)
Do not ass
WORM_WURMARK.Q
This malware was reported by: Trendmicro
This worm propagates by sending a copy of itself as an attachment to email messages, which it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine.
W32/Mytob.dm@MM
This malware was reported by: Network Associates Inc
This detection is for a mass-mailing worm that combines W32/Mydoom@MM functionality with W32/Sdbot.worm functionality.
Mail Propagation
The virus arrives in an email message as follows:
From:
(Spoofed email sender)
Do not ass
New Malware.s
This malware was reported by: Network Associates Inc
SYMBOS_DOOMED.F
This malware was reported by: Trendmicro
This Symbian malware affects mobile devices running the Symbian operating system with the Series 60 Platform user interface. It particularly affects the following mobile phone models:
SYMBOS_DOOMED.G
This malware was reported by: Trendmicro
This Symbian malware affects mobile devices running on Symbian operating system (OS) with the Series 60 Platform user interface. Some of the affected phone models are the following:
TROJ_DROPPER.LV
This malware was reported by: Trendmicro
This Trojan may be dropped by other malware. It may also be downloaded by clicking a link in an email message being spread by WORM_MYTOB.KM.
WORM_MYTOB.KM
This malware was reported by: Trendmicro
This memory-resident worm propagates by sending out an email message containing a spoofed URL that when clicked redirects a user to the following Web site:
SYMBOS_SKULLS.O
This malware was reported by: Trendmicro
This SYMBOS variant affects mobile devices running the Symbian operating system with the Series 60 Platform user interface.
Adware-DogPile
This malware was reported by: Network Associates Inc
SYMBOS_CARDTRP.A
This malware was reported by: Trendmicro
This Symbian malware affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. Some of the affected phone models are the following:
X97M/Bobmon.b
This malware was reported by: Network Associates Inc
Keylogger.Stranget
This malware was reported by: Symantec
Keylogger.Stranget is a Trojan horse that logs keystrokes, steals passwords and system information, and sends the stolen information to a remote attacker. The Trojan also downloads files and opens an FTP server.
Spyware-YSKKeylog
This malware was reported by: Network Associates Inc
Adware-NeoToolbar
This malware was reported by: Network Associates Inc
Mitglieder.FB
This malware was reported by: Panda Software
Mitglieder.FB is a Trojan that attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:It deletes key files for their correct functioning.It deletes entries
Adware-Dashbar
This malware was reported by: Network Associates Inc
Adware-RxToolBar
This malware was reported by: Network Associates Inc
Adware-MBKWBar
This malware was reported by: Network Associates Inc
WORM_WURMARK.R
This malware was reported by: Trendmicro
This worm is capable of spreading via email. It uses its own built-in Simple Mail Transfer Protocol (SMTP) engine, enabling it to send bulk messages without having to use other email applications like Outlook Express. It sends a copy of itself as an
Trojan.Win32.Agent.vj
This malware was reported by: F-Secure
Fontal.D
This malware was reported by: F-Secure
Fontal.D is a SIS file trojan that installs corrupted Font file into infected device,
thus causing the device to fail at next reboot. Fontal.D also drops Commwarrior.B and
another copy of itself into the device.
If a phone is infected with Fontal.D,
Doomboot.F
This malware was reported by: F-Secure
Doomboot.F is a close variant to Doomboot.D. The only major difference between
Doomboot.F and Doomboot.D is that Doomboot.F contains different theme file and
drops SymbOS/Fontal.D trojan and SymbOS/Commwarrior.B worm into the device.
Doomboot.F pret
Adware-Xupiter.dldr
This malware was reported by: Network Associates Inc
Skulls.O
This malware was reported by: F-Secure
Skulls.O is an edited version of Skulls.D SIS file trojan,
it disables built in applications and third party applications
when installed on the device.
In addition of files from Skulls.D, Skulls.O drops file from
Fontal.A and Commwarrior.B on the de
SymbOS.Cardtrp.A
This malware was reported by: Symantec
SymbOS.Cardtrp.A is a Trojan horse that runs on the Symbian operating system, which is used in Nokia Series 60 cellular telephones. It also drops Windows threats, installs SymbOS.Cabir.B, and disables several applications on the compromised device.
W32.Lanieca.I@mm
This malware was reported by: Symantec
W32.Lanieca.I@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses it gathers from the compromised computer. It logs keystrokes and steals various passwords.
Adware-FFinder
This malware was reported by: Network Associates Inc