SYMBOS_DOOMED.H
This malware was reported by: Trendmicro
This Symbian malware affects mobile devices running on Symbian operating system with Series 60 Platform user interface. Some of the affected phone models are the following:
W32/Appflet-B
This malware was reported by: Sophos
W32/Appflet-B is a mass-mailing worm for the Windows platform that sends itself out to email addresses harvested from the infected computer.
W32/Appflet-B may arrive in an email with the following characteristics:
Subject line: Axaye S
Troj/Ranck-DF
This malware was reported by: Sophos
Troj/Ranck-DF is a Trojan for the Windows platform.
The Trojan acts as a proxy server, allowing remote attackers the ability to route HTTP traffic through the infected computer.
BackDoor-CEP.cfg
This malware was reported by: Network Associates Inc
SymbOS.Doomboot.M
This malware was reported by: Symantec
SymbOS.Doomboot.M is a Trojan horse that drops corrupt files on to the compromised device. The Trojan runs on the Symbian operating system that is used in Nokia Series 60 cellular telephones.
The Trojan arrives as exoVirusStop v2.13.16.sis (63,393 bytes
BackDoor-CEP
This malware was reported by: Network Associates Inc
BackDoor-CSN
This malware was reported by: Network Associates Inc
Linux/Lupper.worm.a
This malware was reported by: Network Associates Inc
This worm, reported on November 6, 2005, was formerly detected as Linux/Lupper.worm. This variant spreads by exploiting web servers hosting vulnerable PHP/CGI scripts. It is a modified derivative of the Linux/Slapper
and BSD/Scalper
wo
BackDoor-CNW
This malware was reported by: Network Associates Inc
BackDoor-CMI
This malware was reported by: Network Associates Inc
Linux/BackDoor-Rev.b
This malware was reported by: Network Associates Inc
Downloader-AAA
This malware was reported by: Network Associates Inc
BackDoor-CDC
This malware was reported by: Network Associates Inc
Perl/Shellbot
This malware was reported by: Network Associates Inc
BackDoor-CUR.svr
This malware was reported by: Network Associates Inc
BackDoor-CUR
This malware was reported by: Network Associates Inc
Cardtrap.F
This malware was reported by: F-Secure
Cardtrap.F is a Symbian SIS file trojan that disables Symbian built in system
applications, installs several Cabir variants, drops SymbOS/Cabir.C worm and
copies Windows worms Win32.Rays,Win32.Padobot.Z and Win32.Cydog.B to the phone memory card.
Th
Nometz.B
This malware was reported by: Computer Associates
Skulls.S
This malware was reported by: F-Secure
Skulls.S is a variant of SymbOS/Skulls.C trojan. The component files
of the trojan are almost identical to Skulls.C. The main difference is
that Skulls.S drops Cabir.F several times into the same device.
If Skulls.S is installed only the calling fro
Locknut.C
This malware was reported by: F-Secure
Locknut.C is a malicious SIS file trojan that pretends to be
patch for Symbian Series 60 mobile phones.
When installed Locknut.C drops a binary that will crash a
critical System component, that will prevent any application
from being launched in the
Cardtrap.G
This malware was reported by: F-Secure
Cardtrap.G is a Symbian SIS file trojan that disables Symbian built in system
applications and copies Windows worms Win32.Rays,Win32.Padobot.Z
and Win32.Cydog.B to the phone memory card.
The Win32/Rays is copied with name System.exe and has the same
Troj/Stinx-E
This malware was reported by: Sophos
Troj/Stinx-E is a backdoor Trojan for the Windows platform.
Troj/Stinx-E connects to one of several IP addresses and runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and contro
Troj/ZDown-A
This malware was reported by: Sophos
Troj/ZDown-A is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/ZDown-A includes functionality to disable other software, including anti-virus, firewall and security rel
Troj/Shredl-B
This malware was reported by: Sophos
Troj/Shredl-B is a downloader Trojan for the Windows platform.
Lupper.A
This malware was reported by: Panda Software
Lupper.A is a worm that only affects Linux platforms. It opens a port, in order to receive remote control commands, acting as a backdoor.Lupper.A exploits the vulnerabilities AWStats Rawlog Plugin Input Vulnerability and XML-RPC for PHP Remote Code Execu
BKDR_BREPLIBOT.C
This malware was reported by: Trendmicro
This memory-resident backdoor arrives on a system as an attachment in spammed email messages. It may also arrive as a dropped or downloaded file from a remote malicious user.
SymbOS.Doomboot.N
This malware was reported by: Symantec
SymbOS.Doomboot.N is a Trojan horse that drops corrupt files on to the compromised device. The Trojan runs on the Symbian operating system that is used in Nokia Series 60 cellular telephones.
The Trojan arrives as exoVirusStop 1.69.90.sis, in an attempt
Backdoor.Ryknos
This malware was reported by: Symantec
Breplibot.b
This malware was reported by: F-Secure
Breplibot.b is a backdoor with bot capabilities. It connects to several
IRC servers and waits for commands from the backdoor author. The
backdoor tries to utilize Sony DRM software for hiding its process,
file and registry keys. More information abou
W32/Rbot-AWM
This malware was reported by: Sophos
W32/Rbot-AWM is a network worm with backdoor Trojan functionality for the Windows platform.
W32/Rbot-AWM spreads using a variety of techniques including exploiting weak passwords on computers and SQL servers, exploiting operating system v
Troj/Bancban-HX
This malware was reported by: Sophos
Troj/Bancban-HX is a Trojan that attempts to steal information related to various banking websites.
Troj/Bancban-HX includes functionality to download further malicious code.
Trojan.Heoms
This malware was reported by: Symantec
Trojan.Heoms is a Korean-based Trojan horse that monitors URLs visited in Internet Explorer and sends this information to a remote Web site.
Ryknos.A
This malware was reported by: Panda Software
Ryknos.A is a backdoor that connects to the port 8080 of several IP addresses in order to receive remote control commands to carry out on the affected computer. It can delete, download and run files, for example.In order to attempt to hide its file, Rykn
Troj/Stinx-F
This malware was reported by: Sophos
Troj/Stinx-F is a backdoor Trojan for the Windows platform.
Troj/Stinx-F connects to one of several IP addresses and runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and contro
Troj/Dadobra-J
This malware was reported by: Sophos
Troj/Dadobra-J is a Trojan for the Windows platform.
Troj/Dadobra-J includes functionality to access the internet and communicate
with a remote server via HTTP.
BKDR_BREPLIBOT.D
This malware was reported by: Trendmicro
This memory-resident backdoor arrives on a system as an attachment in spammed email messages. It may also arrive as a dropped or downloaded file from a remote malicious user.
Breplibot.C
This malware was reported by: F-Secure
Breplibot.C is a backdoor with bot capabilities. It connects to several
IRC servers and waits for commands from the backdoor author. The
backdoor tries to utilize Sony DRM software for hiding its process,
file and registry keys. More information abou
Troj/RKPort-Fam
This malware was reported by: Sophos
Troj/RKPort-Fam is a family of kernel-mode driver rootkits.
Members of Troj/RKPort-Fam are capable of hiding information about activity on certain ports, providing stealthing by patching the kernel service descriptor table.
W32/Tilebot-AY
This malware was reported by: Sophos
W32/Tilebot-AY is a network worm and backdoor Trojan for the Windows platform.
W32/Tilebot-AY spreads by copying itself to network shares protected by weak passwords and by exploiting the following vulnerabilities: LSASS (MS04-011), RPC-D
Backdoor.Rykos.B
This malware was reported by: Symantec
Backdoor.Ryknos.B
This malware was reported by: Symantec
OutsBot.U
This malware was reported by: Computer Associates
Description Win32.OutsBot.U is an IRC-controlled backdoor trojan that allows unauthorized access to an affected machine.
W32/Mytob-FK
This malware was reported by: Sophos
W32/Mytob-FK is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FK spreads through email. W32/Mytob-FK harvests email addresses from files on the infected computer an
Adware-SmartShopper
This malware was reported by: Network Associates Inc
OutsBot.V
This malware was reported by: Computer Associates
Description Win32.OutsBot.V is an IRC-controlled backdoor trojan that allows unauthorized access to an affected machine.
Bloodhound.Exploit.52
This malware was reported by: Symantec
Bloodhound.Exploit.52 is a heuristic detection for the Flash Player 7 Improper Memory Access Vulnerability, as described in the Macromedia Product Security Bulletin MPSB05-07.
Trojan.Kondeli
This malware was reported by: Symantec
Trojan.Kondeli is a Trojan horse that exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039).
W32/Francette-W
This malware was reported by: Sophos
W32/Francette-W is a worm and IRC backdoor Trojan for the Windows platform.
W32/Francette-W spreads to other network computers by exploiting common buffer overflow vulnerabilities, including RPC-DCOM (MS04-012).
W32/Francette-W runs c
W32/Stando-E
This malware was reported by: Sophos
W32/Stando-A is a worm for the Windows platform.
W32/Stando-A copies itself to the root folder of available disk drives with the filename sys.exe and creates the hidden file autorun.inf to run it.
Troj/Clagger-A
This malware was reported by: Sophos
Troj/Clagger-A is a downloader Trojan for the Windows platform.
Troj/Clagger-A includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Clagger-A attempts to disable firewall software.
W32/Appflet-B
This malware was reported by: Sophos
W32/Appflet-B is a mass-mailing worm for the Windows platform that sends itself out to email addresses harvested from the infected computer.
W32/Appflet-B may arrive in an email with the following characteristics:
Subject line: Axaye S
TROJ_KILLFYL.AC
This malware was reported by: Trendmicro
Breplibot.D
This malware was reported by: F-Secure
XCP
This malware was reported by: Panda Software
XCP is a rootkit, which is a program used in order to hide files, processes and entries in the Windows Registry.It is installed by the anti-piracy protection software incorporated in some audio CDs from the company Sony BMG, in order to hide the files an
Skulls.T
This malware was reported by: F-Secure
Skulls.T is a SIS file trojan that pretends to be installation file
for Bluetooth range extender software.
When installed Skulls.T disables several built in applications,
drops component files from Locknut.A, Doomboot.A and installs
Cabir.B and Cabi
W32/Badgrad-B
This malware was reported by: Sophos
W32/Badgrad-B is a worm for the Windows platform.
Troj/ZDown-A
This malware was reported by: Sophos
Troj/ZDown-A is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/ZDown-A includes functionality to disable other software, including anti-virus, firewall and security rel
PHP/BackDoor.gen
This malware was reported by: Network Associates Inc
Troj/Torpig-K
This malware was reported by: Sophos
Troj/Torpig-K is an information stealing Trojan for the Windows platform.
The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a rem
Troj/Stinx-E
This malware was reported by: Sophos
Troj/Stinx-E is a backdoor Trojan for the Windows platform.
Troj/Stinx-E connects to one of several IP addresses and runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and contro
W32/Mytob-FL
This malware was reported by: Sophos
W32/Mytob-FL is a mass-mailing worm and backdoor Trojan that can be controlled
through the Internet Relay Chat (IRC) network.
W32/Mytob-FL spreads through email. W32/Mytob-FL harvests email addresses from
files on the infected computer
WORM_SAVAGE.B
This malware was reported by: Trendmicro
Upon initial execution, this memory-resident worm creates the file named DOCUMENT, which contains garbage values, into the Windows temporary folder. It then executes the file using Notepad, making users think that they have opened a text file, when
W32/Yusufali-B
This malware was reported by: Sophos
W32/Yusufali-B is a worm for the Windows platform.
W32/Yusufali-B analyses the title of the window in focus looking for various words. Some of the words W32/Yusufali-B searches for are:
sex
teen
xx
Phallus
jeggar
Priapus
Phallic
Troj/Bancban-HX
This malware was reported by: Sophos
Troj/Bancban-HX is a Trojan that attempts to steal information related to various banking websites.
Troj/Bancban-HX includes functionality to download further malicious code.
Troj/Banker-GV
This malware was reported by: Sophos
Troj/Banker-GV is an internet banking Trojan for the Windows platform.
Troj/Stinx-F
This malware was reported by: Sophos
Troj/Stinx-F is a backdoor Trojan for the Windows platform.
Troj/Stinx-F connects to one of several IP addresses and runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and contro
Troj/GrayBrd-EH
This malware was reported by: Sophos
Troj/GrayBrd-EH is a backdoor Trojan for the Windows platform.
Troj/GrayBrd-EH includes functionality to access the internet and communicate
with a remote server via HTTP.
Troj/RKPort-Fam
This malware was reported by: Sophos
Troj/RKPort-Fam is a family of kernel-mode driver rootkits.
Members of Troj/RKPort-Fam are capable of hiding information about activity on certain ports, providing stealthing by patching the kernel service descriptor table.
TROJ_CAGER.B
This malware was reported by: Trendmicro
This memory-resident Trojan may be downloaded from the Internet, dropped by another malware, or manually installed by a user.
Troj/Bancos-FR
This malware was reported by: Sophos
Troj/Bancos-FR is an internet banking Trojan.
Troj/Bancos-FR includes functionality to send notification messages to remote locations.
When first run Troj/Bancos-FR copies itself to <System> asklist32.exe.
W32/Mytob-FK
This malware was reported by: Sophos
W32/Mytob-FK is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FK spreads through email. W32/Mytob-FK harvests email addresses from files on the infected computer an
WORM_AGOBOT.AWO
This malware was reported by: Trendmicro
This memory-resident worm propagates by dropping a copy of itself into network shares. If the said shares are password-protected, it uses NetBEUI functions to get any available lists of user names and passwords as its login credentials. It then sear
Troj/Banker-HJ
This malware was reported by: Sophos
Troj/Banker-HJ is an internet banking Trojan.
W32/Francette-W
This malware was reported by: Sophos
W32/Francette-W is a worm and IRC backdoor Trojan for the Windows platform.
W32/Francette-W spreads to other network computers by exploiting common buffer overflow vulnerabilities, including RPC-DCOM (MS04-012).
W32/Francette-W runs c
Skulls.U
This malware was reported by: F-Secure
Skulls.U is a SIS file trojan that pretends to be installation file
for Battery Extender software.
When installed Skulls.U disables several built in applications,
drops component files from Locknut.A, Doomboot.A and installs
Cabir.B and Cabir.X
In
Troj/Clagger-A
This malware was reported by: Sophos
Troj/Clagger-A is a downloader Trojan for the Windows platform.
Troj/Clagger-A includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Clagger-A attempts to disable firewall software.
Troj/Bancban-IA
This malware was reported by: Sophos
Troj/Bancban-IA is a password stealing Trojan for the Windows platform.
Troj/Bancban-IA attempts to record the account details of customers of certain Brazilian online banking websites.
W32/Badgrad-B
This malware was reported by: Sophos
W32/Badgrad-B is a worm for the Windows platform.
Sober.T
This malware was reported by: F-Secure
The Sober.T worm was found on November 14th, 2005. This Sober
variant is similar to the previous ones - it sends itself as an
attachment in e-mail messages with English or German texts.
WORM_MYTOB.ML
This malware was reported by: Trendmicro
Upon execution, this memory-resident worm drops a copy of itself as any of the following files in the specified locations:
WORM_SOBER.AD
This malware was reported by: Trendmicro
To get a one glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
W32/Rbot-AXG
This malware was reported by: Sophos
W32/Rbot-AXG is a network worm with backdoor functionality for the Windows platform.
Troj/Torpig-K
This malware was reported by: Sophos
Troj/Torpig-K is an information stealing Trojan for the Windows platform.
The Trojan attempts to steal passwords, as well as logging keypresses and open window titles to text files and periodically sends the collected information to a rem
W32/Sober.u@MM
This malware was reported by: Network Associates Inc
This threat is proactively detected as New Malware.n with the current DAT files when scanning with program heuristics enabled. This is the second Sober variant discovered today, W32/Sober.t@MM
was discovered a little over 12 hours earlie
WORM_CHOD.J
This malware was reported by: Trendmicro
SymbOS.Cardtrp.F
This malware was reported by: Symantec
SymbOS.Cardtrp.F is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables many programs installed on the device and installs SymbOS.Cabir and SymbOS.Skulls.C onto the comp
W32/Sober-R
This malware was reported by: Sophos
W32/Mytob-FL
This malware was reported by: Sophos
W32/Mytob-FL is a mass-mailing worm and backdoor Trojan that can be controlled
through the Internet Relay Chat (IRC) network.
W32/Mytob-FL spreads through email. W32/Mytob-FL harvests email addresses from
files on the infected computer
W32/Sober.t@MM
This malware was reported by: Network Associates Inc
-- Update November 15, 2005 --
Many Sober droppers have been discovered over the past 36 hours. These are mass-spammed executables. While some are detected with the specified DAT files, others may require newer DAT files. The major
W32.Sober.S@mm
This malware was reported by: Symantec
W32.Sober.S@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.
Sober.R
This malware was reported by: Computer Associates
Description Win32.Sober.R is a worm that spreads via e-mail. It arrives in a ZIP archive that contains a 135,680-byte executable, which in turn creates a 127,888-byt
W32/Sober.v@MM
This malware was reported by: Network Associates Inc
This detection is for the mass mailing worm written in Visual Basic. Several virus droppers have been mass spammed over the past 36 hours.
MD5 Values:
92825a0655f791fa3589466ecac2ce68
3d038bc3df5bb15e7f9449e9b5439707
It ma
Adware-STIEBar
This malware was reported by: Network Associates Inc
Sober.S
This malware was reported by: Computer Associates
W32/Sober-S
This malware was reported by: Sophos
W32/Sober-S is a mass-mailing worm.
The email sent by W32/Sober-S depends on the recipient address.
The email characteristics will be one of the following:
Subject line: Ihre eMail!
Message text:
Guten Tag,
Ok, hier haben Sie
W32/Yusufali-B
This malware was reported by: Sophos
W32/Yusufali-B is a worm for the Windows platform.
W32/Yusufali-B analyses the title of the window in focus looking for various words. Some of the words W32/Yusufali-B searches for are:
sex
teen
xx
Phallus
jeggar
Priapus
Phallic
Sober.W
This malware was reported by: F-Secure
The Sober.W worm was found on November 15th, 2005. This Sober
variant is similar to Sober.T, that appeared yesterday:
http://www.f-secure.com/v-descs/sober_t.shtml
Like the previous variants, this one sends itself inside a ZIP
archive as an attachme
Sober.U
This malware was reported by: F-Secure
The Sober.U worm was found on November 15th, 2005. This Sober
variant is similar to Sober.T, that appeared yesterday:
http://www.f-secure.com/v-descs/sober_t.shtml
Like the previous variants, this one sends itself inside a ZIP
archive as an attachme
W32/Spybot-EF
This malware was reported by: Sophos
W32/Spybot-EF is a worm and IRC backdoor Trojan for the Windows platform.
W32/Spybot-EF spreads via file sharing on P2P networks.
W32/Spybot-EF runs continuously in the background, providing a backdoor server
which allows a remote int
Troj/Banker-GV
This malware was reported by: Sophos
Troj/Banker-GV is an internet banking Trojan for the Windows platform.