Ppa
This malware was reported by: Panda Software
Ppa is a hacking tool. Though these programs are legitimate and useful tools when they are appropriately used, a hacker could take advantage of them in order to carry out malicious actions.Ppa allows passwords to be obtained locally or remotely from diff
Trojan.Muquest
This malware was reported by: Symantec
Trojan.Muquest is a Trojan horse that allows the compromised computer to be used as an HTTP, SOCKS4, or SOCKS5 proxy server.
SymbOS.Cardtrp.G
This malware was reported by: Symantec
SymbOS.Cardtrp.G is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. It disables many programs installed on the device and installs W32.HLLW.Cydog@mm, SymbOS.Cabir, SymbOS.Cabir.
Sober.V
This malware was reported by: F-Secure
The Sober.V worm was found on November 15th, 2005. This Sober
variant is similar to Sober.T, that appeared yesterday:
http://www.f-secure.com/v-descs/sober_t.shtml
Like the previous variants, this one sends itself inside a ZIP
archive as an attachme
W32/Sober-T
This malware was reported by: Sophos
Troj/GrayBrd-EH
This malware was reported by: Sophos
Troj/GrayBrd-EH is a backdoor Trojan for the Windows platform.
Troj/GrayBrd-EH includes functionality to access the internet and communicate
with a remote server via HTTP.
Troj/Bancos-FR
This malware was reported by: Sophos
Troj/Bancos-FR is an internet banking Trojan.
Troj/Bancos-FR includes functionality to send notification messages to remote locations.
When first run Troj/Bancos-FR copies itself to <System> asklist32.exe.
Sober.Q
This malware was reported by: Computer Associates
Description Win32.Sober.Q is a worm that spreads via e-mail. It arrives in a ZIP archive that contains a 139,040-byte executable, which in turn creates a 129,568-byt
Sober.T
This malware was reported by: Computer Associates
Description Win32.Sober.T is a worm that spreads via e-mail. It arrives in a ZIP archive that contains a 135,968-byte executable, which in turn creates a 128,032-byt
W32/Sober-V
This malware was reported by: Sophos
W32/Sober-V is a mass-mailing worm for the Windows platform.
When first run, a message box may be displayed with the title "MS Outlook" and containing the text "Error in Outlook-Key".
The email characteristics will be one of the follow
Troj/Banker-HJ
This malware was reported by: Sophos
Troj/Banker-HJ is an internet banking Trojan.
W32/Sober.w@MM
This malware was reported by: Network Associates Inc
This mass-mailing worm may arrive in an email message as follows:
Subject:
Your eMail Password
Body:
Thanks for your registration! Your registration will not be complete until you re-confirm it. Please read the following agreeme
Sober.X
This malware was reported by: F-Secure
The Sober.X worm was found on November 15th, 2005. This Sober
variant is similar to Sober.T, that appeared yesterday:
http://www.f-secure.com/v-descs/sober_t.shtml
Like the previous variants, this one sends itself inside a ZIP
archive as an attachme
Sober.U
This malware was reported by: Computer Associates
Description Win32.Sober.U is a worm that spreads via e-mail. It arrives in a ZIP archive that contains a 140,064-byte executable, which in turn creates a 130,080-byt
W32.Sober.T@mm
This malware was reported by: Symantec
W32.Sober.T@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.
W32.Sober.V@mm
This malware was reported by: Symantec
W32/Brontok-G
This malware was reported by: Sophos
W32/Brontok-G is an email worm for the Windows platform.
W32.Sober.W@mm
This malware was reported by: Symantec
Backdoor.Danrit
This malware was reported by: Symantec
Backdoor.Danrit is a Trojan horse that logs keystrokes and opens a back door.
W32/Sober-X
This malware was reported by: Sophos
W32/Sober-X emails messages in German to addresses found in files on the hard
disk.
When first run, a message box may be displayed with the title "WinZip" and containing the text "Error in Packed Data Header".
Troj/Bancban-IA
This malware was reported by: Sophos
Troj/Bancban-IA is a password stealing Trojan for the Windows platform.
Troj/Bancban-IA attempts to record the account details of customers of certain Brazilian online banking websites.
Sober.V
This malware was reported by: Computer Associates
Description Win32.Sober.V is a worm that spreads via e-mail. It arrives in a ZIP archive that contains a 131,104-byte executable, which in turn creates a 125,600-byt
Sober.Z
This malware was reported by: F-Secure
The Sober.Z worm was found on November 15th, 2005. This Sober
variant is similar to Sober.T, that appeared on November 14th:
http://www.f-secure.com/v-descs/sober_t.shtml
Like the previous variants, this one sends itself inside a ZIP
archive as an a
Sober.AC
This malware was reported by: Panda Software
Sober.AC is a worm that ends several processes belonging to some security tools, among others.Sober.AC spreads via email, in a message written in English or German.The email message will be written in German only if the mail domain extension is one of th
Adware-WhileUSurf
This malware was reported by: Network Associates Inc
W32/Rbot-AXG
This malware was reported by: Sophos
W32/Rbot-AXG is a network worm with backdoor functionality for the Windows platform.
ELF_LUPPER.C
This malware was reported by: Trendmicro
This executable Linux file (ELF) is a command line tool used in connecting to various ports. It may be used to connect back to remote malicious users, thus providing them a shell to control an affected system.
Sober.AG
This malware was reported by: Panda Software
Sober.AG is a worm that spreads via email, in a message written in English or German.The email message will be written in German only if the mail domain extension is one of the following: de (Germany), ch (Switzerland), at (Austria) or li (Liechtenstein)
Sober.AF
This malware was reported by: Panda Software
Sober.AF is a worm that spreads via email, in a message written in English or German.The email message will be written in German only if the mail domain extension is one of the following: de (Germany), ch (Switzerland), at (Austria) or li (Liechtenstein)
Sober.AE
This malware was reported by: Panda Software
Sober.AE is a worm that spreads via email, in a message written in English or German.The email message will be written in German only if the mail domain extension is one of the following: de (Germany), ch (Switzerland), at (Austria) or li (Liechtenstein)
Sober.AD
This malware was reported by: Panda Software
Sober.AD is a worm that spreads via email, in a message written in English or German.The email message will be written in German only if the mail domain extension is one of the following: de (Germany), ch (Switzerland), at (Austria) or li (Liechtenstein)
W32/Mario-C
This malware was reported by: Sophos
W32/Mario-C is a worm for the Windows platform.
W32/Mario-C displays a fake error message with a title "Windows" and a window text of "File Corrupted, Re-install".
If terminated, W32/Mario-C may display a fake error message with a titl
W32/Sober-R
This malware was reported by: Sophos
W32/Sdbot.worm.gen.w!64512
This malware was reported by: Network Associates Inc
This worm bears the following characteristics:
propagates to machines with poorly secured network shares (weak username/password combinations) or accessible share (where local credentials are sufficient to write files to other systems)
Backdoor.Suckit
This malware was reported by: Symantec
Backdoor.Tuckist is a Trojan horse program that runs on Linux systems running kernel 2.2.x or 2.4.x. It opens a back door on the compromised computer and is able to hide its files, processes and open ports.
Note: Virus definitions dated November 17th, 2
Prockill-DF
This malware was reported by: Network Associates Inc
Troj/Delf-PE
This malware was reported by: Sophos
Troj/Delf-PE is an information stealing Trojan for the Windows platform.
The Trojan has the ability to communicate with a remote server.
W32/Sober-S
This malware was reported by: Sophos
W32/Sober-S is a mass-mailing worm.
The email sent by W32/Sober-S depends on the recipient address.
The email characteristics will be one of the following:
Subject line: Ihre eMail!
Message text:
Guten Tag,
Ok, hier haben Sie
Generic Adware.c
This malware was reported by: Network Associates Inc
W32/Spybot-EF
This malware was reported by: Sophos
W32/Spybot-EF is a worm and IRC backdoor Trojan for the Windows platform.
W32/Spybot-EF spreads via file sharing on P2P networks.
W32/Spybot-EF runs continuously in the background, providing a backdoor server
which allows a remote int
New Malware.n
This malware was reported by: Network Associates Inc
Generic PUP.a
This malware was reported by: Network Associates Inc
Galorion Family
This malware was reported by: Computer Associates
Description Win32.Galorion are a family of downloading trojans.
Cussifide Family
This malware was reported by: Computer Associates
Description Win32.Cussifide are a family of trojans that silently download and execute adware on the affected system. The trojan consists of two components; a droppe
WORM_SOBER.AE
This malware was reported by: Trendmicro
To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
Troj/Zlob-BC
This malware was reported by: Sophos
Troj/Zlob-BC is a downloader Trojan.
Troj/Zlob-BC will contact predefined remote sites and download data. The Trojan may then download further executable files and run them.
Troj/Zlob-BC displays the following fake warning message:
W32/Sober-T
This malware was reported by: Sophos
PE_BOBAX.AK
This malware was reported by: Trendmicro
This file infector infects all executable (.EXE) files running on the compromised machine.
Keylog-Ardamax.dr
This malware was reported by: Network Associates Inc
W32/Tilebot-BG
This malware was reported by: Sophos
W32/Tilebot-BG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-BG spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (M
W32/Sober-V
This malware was reported by: Sophos
W32/Sober-V is a mass-mailing worm for the Windows platform.
When first run, a message box may be displayed with the title "MS Outlook" and containing the text "Error in Outlook-Key".
The email characteristics will be one of the follow
Troj/Bancban-IL
This malware was reported by: Sophos
Troj/Bancban-IL is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Bancban-IL attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces
W32/Brontok-G
This malware was reported by: Sophos
W32/Brontok-G is an email worm for the Windows platform.
Startpage-YBM
This malware was reported by: Network Associates Inc
W32/Bereb.worm!p2p
This malware was reported by: Network Associates Inc
McAfee users were proactively protected from this threat under the following conditions (detection name New Malware.b):
4.2.40+ scan engine in use
4302 DATs files
program heuristics enabled
compressed file scanning enabled (default)
W32/Specx.worm
This malware was reported by: Network Associates Inc
TROJ_KROTTEN.C
This malware was reported by: Trendmicro
ALS.Bursted.B
This malware was reported by: Symantec
ALS.Bursted.B is a virus that is written in the AutoLisp scripting language used by AutoCAD.
The virus may arrive as a text file named acad.lsp in the same directory as an AutoCAD drawing file (.dwg).
Backdoor.Foobot
This malware was reported by: Symantec
Backdoor.Foobot is a Trojan horse that opens a back door on the compromised computer.
Backdoor.Naninf.A
This malware was reported by: Symantec
Backdoor.Naninf.A is a Trojan horse that allows a remote attacker to have unauthorized access to the compromised computer through IRC channels.
Analysis revealed that Backdoor.Naninf.A and Backdoor.Ryknos are similar in construction with the major dif
Backdoor.Tuckist
This malware was reported by: Symantec
Backdoor.Tuckist is a Trojan horse program that runs on Linux systems running kernel 2.2.x or 2.4.x. It opens a back door on the compromised computer and is able to hide its files, processes and open ports.
Note: Virus definitions dated November 17th, 2
Backdoor.Tuckist
This malware was reported by: Symantec
Backdoor.Tuckist is a Trojan horse program that runs on Linux systems running kernel 2.2.x or 2.4.x. It opens a back door on the compromised computer and is able to hide its files, processes and open ports.
Note: Virus definitions dated November 17th, 2
Troj/Cosiam-E
This malware was reported by: Sophos
Troj/Cosiam-E is a proxy Trojan with backdoor capabilities.
Troj/Cosiam-E will contact a remote location in order to report details of the infected computer.
Troj/Cosiam-E is capable of downloading and running further executable files.
W32/Sober-X
This malware was reported by: Sophos
W32/Sober-X emails messages in German to addresses found in files on the hard
disk.
When first run, a message box may be displayed with the title "WinZip" and containing the text "Error in Packed Data Header".
Linux.Plupii.B
This malware was reported by: Symantec
Linux.Plupii.B is a worm with back door capabilities that spreads by exploiting vulnerabilities.
W32/Mytob-FM
This malware was reported by: Sophos
W32/Mytob-FM is a mass-mailing worm and IRC backdoor for the Windows platform.
W32/Mytob-FM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via I
Lupper.D
This malware was reported by: Computer Associates
Backdoor.Naninf.B
This malware was reported by: Symantec
Backdoor.Naninf.B is a Trojan horse program that allows a remote attacker to have unauthorized access to the compromised computer through IRC channels.
Skulls.V
This malware was reported by: F-Secure
Skulls.V is a SIS file trojan that pretends to be installation file
for Battery Extender software.
When installed Skulls.V disables several built in applications,
drops component files from Locknut.A, Doomboot.A and installs
Cabir.B and Cabir.X
In
Troj/Banload-H
This malware was reported by: Sophos
Troj/Banload-H is a Trojan for the Windows platform.
Troj/Banload-H includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Banload-H may try to silently download and execute programs from a pr
W32/Mario-C
This malware was reported by: Sophos
W32/Mario-C is a worm for the Windows platform.
W32/Mario-C displays a fake error message with a title "Windows" and a window text of "File Corrupted, Re-install".
If terminated, W32/Mario-C may display a fake error message with a titl
Troj/Keylog-AR
This malware was reported by: Sophos
Troj/Keylog-AR is a keylogging Trojan for the Windows platform.
The Trojan logs keypresses and mouse clicks to the following files:
<Windows>\_key.txt
<Windows>\_mouse.txt
Troj/Delf-PE
This malware was reported by: Sophos
Troj/Delf-PE is an information stealing Trojan for the Windows platform.
The Trojan has the ability to communicate with a remote server.
Troj/Lecna-F
This malware was reported by: Sophos
Troj/Zlob-BC
This malware was reported by: Sophos
Troj/Zlob-BC is a downloader Trojan.
Troj/Zlob-BC will contact predefined remote sites and download data. The Trojan may then download further executable files and run them.
Troj/Zlob-BC displays the following fake warning message:
W32/Tilebot-BG
This malware was reported by: Sophos
W32/Tilebot-BG is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-BG spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), PNP (M
WORM_MYTOB.MO
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm spreads copies of itself as attachments to email messages that it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. This worm does not need other applicat
Troj/PWSYahoo-A
This malware was reported by: Sophos
Troj/PWSYahoo-A is a password stealing Trojan targeting the Yahoo! Messenging service.
Troj/Bancban-IL
This malware was reported by: Sophos
Troj/Bancban-IL is a password stealing Trojan targeted at customers of Brazilian banks.
Troj/Bancban-IL attempts to log keypresses entered into certain websites and online banking applications. The Trojan may display fake user interfaces
W32.Sober.X@mm
This malware was reported by: Symantec
W32.Sober.X@mm is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment to addresses gathered from the compromised computer. The email may be in either English or German.
W32/Tilebot-BJ
This malware was reported by: Sophos
W32/Tilebot-BJ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-BJ spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039)
W32/Mytob-FN
This malware was reported by: Sophos
W32/Mytob-FN is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FN spreads through email. W32/Mytob-FN harvests email addresses from files on the infected computer an
Troj/Cosiam-E
This malware was reported by: Sophos
Troj/Cosiam-E is a proxy Trojan with backdoor capabilities.
Troj/Cosiam-E will contact a remote location in order to report details of the infected computer.
Troj/Cosiam-E is capable of downloading and running further executable files.
W32/Mytob-FO
This malware was reported by: Sophos
W32/Mytob-FO is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FO spreads through email. W32/Mytob-FO harvests email addresses from files on the infected computer an
W32/Mytob-FM
This malware was reported by: Sophos
W32/Mytob-FM is a mass-mailing worm and IRC backdoor for the Windows platform.
W32/Mytob-FM runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via I
Troj/QQRob-Y
This malware was reported by: Sophos
Troj/QQRob-Y is a password stealing Trojan for the Windows platform.
Troj/QQRob-Y includes functionality to access the internet and communicate with a remote server via HTTP, and may also attempt to download further code.
Troj/QQRob-Y
Troj/Banload-H
This malware was reported by: Sophos
Troj/Banload-H is a Trojan for the Windows platform.
Troj/Banload-H includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Banload-H may try to silently download and execute programs from a pr
WORM_MYTOB.MQ
This malware was reported by: Trendmicro
Like other MYTOB variants, this memory-resident worm spreads copies of itself via network shares and as attachments to email messages that it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Through this SMTP eng
W32/Mytob-FP
This malware was reported by: Sophos
W32/Mytob-FP is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FP runs continuously in the background, providing a backdoor server which allows a remote intruder to
Troj/Keylog-AR
This malware was reported by: Sophos
Troj/Keylog-AR is a keylogging Trojan for the Windows platform.
The Trojan logs keypresses and mouse clicks to the following files:
<Windows>\_key.txt
<Windows>\_mouse.txt
Troj/Bancban-KA
This malware was reported by: Sophos
Troj/Lecna-F
This malware was reported by: Sophos
W32.Mytob.LZ@mm
This malware was reported by: Symantec
W32.Mytob.LZ@mm is a mass-mailing worm that also spreads through network shares and by exploiting a vulnerability.
Note: Virus definitions dated November 21st, 2005 or earlier may detect this threat as W32.Mytob.FZ@mm.
OutsBot.Y
This malware was reported by: Computer Associates
Description Outsbot.Y is an IRC-controlled backdoor trojan that allows unauthorized access to an affected machine.
Robknot Family
This malware was reported by: Computer Associates
Troj/Feutel-AI
This malware was reported by: Sophos
Troj/Feutel-AI is a backdoor Trojan for the Windows platform.
Troj/PWSYahoo-A
This malware was reported by: Sophos
Troj/PWSYahoo-A is a password stealing Trojan targeting the Yahoo! Messenging service.
Pbstealer.A
This malware was reported by: F-Secure
SymbOS/Pbstealer.A is a trojan application that runs under Symbian Series
60 platform. Pbstealer.A pretends to be utility software that compacts
the phone contacts database. Instead of compacting information
Pbstealer.A reads the contact informatio
Troj/RemLoad-A
This malware was reported by: Sophos
Troj/RemLoad-A is a Trojan for the Windows platform.
Troj/RemLoad-A includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/RemLoad-A may download and execute further files, and can retrieve in
W32/Tilebot-BJ
This malware was reported by: Sophos
W32/Tilebot-BJ is a worm and IRC backdoor Trojan for the Windows platform.
W32/Tilebot-BJ spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: WKS (MS03-049) (CAN-2003-0812), PNP (MS05-039)