WORM_SOBER.AG
This malware was reported by: Trendmicro
As of November 21, 2005 2:20 pm (Pacific Standard Time, GMT -8:00) TrendLabs has declared a Medium risk alert in order to control this new SOBER variant that is currently spreading in the United States, Canada, Brazil, New Zealand, Belgium, and Ger
WORM_MYTOB.MS
This malware was reported by: Trendmicro
This memory-resident worm propagates by attaching a copy of itself to an email message, which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Since its email propagation does not require any user intervention
W32/Rbot-AYA
This malware was reported by: Sophos
W32/Rbot-AYA is a worm with backdoor functionality for the Windows platform.
W32/Rbot-AYA spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (M
W32/Mytob-FN
This malware was reported by: Sophos
W32/Mytob-FN is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FN spreads through email. W32/Mytob-FN harvests email addresses from files on the infected computer an
W32/Sober-Z
This malware was reported by: Sophos
W32/Sober-Z is a worm for the Windows platform.
W32/Sober-Z sends itself as an email attachment to addresses found in files on the hard disk.
Emails messages sent by the worm take one of the following forms. Subject lines may vary by h
W32/Mytob-FO
This malware was reported by: Sophos
W32/Mytob-FO is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FO spreads through email. W32/Mytob-FO harvests email addresses from files on the infected computer an
Sober.W
This malware was reported by: Computer Associates
Description Win32.Sober.W is a worm that spreads via e-mail. It arrives in a ZIP archive that contains a 55,390-byte executable.
W32.Mogi
This malware was reported by: Symantec
W32.Mogi is a worm that spreads through file-sharing networks. It lowers security settings on the compromised computer and may attempt to perform denial of service attacks on third parties.
Bloodhound.Exploit.53
This malware was reported by: Symantec
Bloodhound.Exploit.53 is a heuristic detection for The Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039).
Trojan.Danmec
This malware was reported by: Symantec
Trojan.Danmec is a Trojan horse that sends information about the infected computer to a remote attacker.
W32/Mytob-FR
This malware was reported by: Sophos
W32/Mytob-FR is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FR runs continuously in the background, providing a backdoor server which allows a remote intruder to
Troj/QQRob-Y
This malware was reported by: Sophos
Troj/QQRob-Y is a password stealing Trojan for the Windows platform.
Troj/QQRob-Y includes functionality to access the internet and communicate with a remote server via HTTP, and may also attempt to download further code.
Troj/QQRob-Y
SymbOS.Pbstealer.A
This malware was reported by: Symantec
SymbOS.Pbstealer.A is a Trojan horse that runs on the Symbian OS, which is used as the operating system for Nokia Series 60 cellular telephones. The Trojan sends the users contact information database to other Bluetooth-enabled devices.
The Trojan arriv
Sober.Y
This malware was reported by: F-Secure
The Sober.Y worm was found on November 16th, 2005, however it
became widespread only on November 21st. This Sober variant is
similar to both Sober.K, that appeared on February 21st, 2005 and
the latest variants that appeared in the middle of November
Trojan.Goldun.H
This malware was reported by: Symantec
Trojan.Goldun.H is a Trojan horse that attempts to steal passwords entered into Web sites on the www.e-gold.com domain.
Downloader-TH
This malware was reported by: Network Associates Inc
Troj/Proxy-Y
This malware was reported by: Sophos
Troj/Proxy-Y is a proxy Trojan for the Windows platform.
The Trojan runs continuously in the background listening to a port and allows data to be routed through the computer.
W32/Mytob-FP
This malware was reported by: Sophos
W32/Mytob-FP is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FP runs continuously in the background, providing a backdoor server which allows a remote intruder to
Sober.AH
This malware was reported by: Panda Software
Sober.AH is a worm that ends several processes belonging to some security tools, among others.Sober.AH spreads via email, in a message written in English or German that contains an attached file with ZIP format.The email message will be written in German
W32/Sober@MM!M681
This malware was reported by: Network Associates Inc
-- Update November 22, 2005 --
The risk assessment of this threat has been upgraded to Medium due to the amount of spam emails being sent which include copies of this virus. Mcafee customers have been protected since the 4629 dat files
Troj/Agent-FE
This malware was reported by: Sophos
Troj/Agent-FE is a Trojan for the Windows platform.
Troj/Agent-FE includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Bancban-KA
This malware was reported by: Sophos
WORM_MYTOB.MU
This malware was reported by: Trendmicro
Like other MYTOB variants, this memory-resident worm spreads copies of itself as attachments to email messages that it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Through this SMTP engine, it is able to easi
W32.Mytob.MC@mm
This malware was reported by: Symantec
WORM_MYTOB.MV
This malware was reported by: Trendmicro
Similar to other MYTOB variants, this memory-resident worm propagates by sending copies of itself as an attachment to email messages, which it sends to target recipients, using its own Simple Mail Transfer Protocol (SMTP) engine.
Troj/Danmec-A
This malware was reported by: Sophos
Troj/Danmec-A is a Trojan for the Windows platform.
The Trojan opens a port and offers remote attackers the ability to route HTTP traffic through the infected computer. The Trojan may also download and install additional files.
W32/Mytob-FS
This malware was reported by: Sophos
W32/Mytob-FS is a mass-mailing worm and backdoor Trojan that can be controlled
through the Internet Relay Chat (IRC) network.
W32/Mytob-FS runs continuously in the background, providing a backdoor server
which allows a remote intruder t
Troj/Feutel-AI
This malware was reported by: Sophos
Troj/Feutel-AI is a backdoor Trojan for the Windows platform.
Chisyne Family
This malware was reported by: Computer Associates
Description Win32.Chisyne is a family of trojans that download and execute arbitrary files. In the wild, Win32.Chisyne has been observed to download variants of the
DlStwoyle Family
This malware was reported by: Computer Associates
Description Win32.Dlstwoyle is a family of trojans that can download and execute arbitrary files. In the wild, they have been observed to download variants of the Wi
SYMBOS_PBSTEAL.A
This malware was reported by: Trendmicro
This Symbian malware affects mobile devices running the Symbian operating system with the Series 60 Platform user interface. Among the phone models that use this operating system are the following:
SYMBOS_SKULLS.P
This malware was reported by: Trendmicro
This SYMBOS_SKULLS variant affects mobile phones running Symbian OS with the Series 60 Platform user interface.
Mops
This malware was reported by: Panda Software
Mops.A is a worm that installs other worm detected as Sdbot.FAR and a toolbar for Internet Explorer on the affected computer.Mops.A spreads via the instant messaging programs Yahoo Messenger and AOL Instant Messenger.
Mops.A
This malware was reported by: Panda Software
Mops.A is a worm that installs other worm detected as Sdbot.FAR and a toolbar for Internet Explorer on the affected computer.Mops.A spreads via the instant messaging programs Yahoo Messenger and AOL Instant Messenger.
BackDoor-AWI
This malware was reported by: Network Associates Inc
W32.Mytob.ME@mm
This malware was reported by: Symantec
W32.Mytob.ME@mm is a mass-mailing worm that opens a back door and lowers security settings on the compromised computer.
Crack-StyleXP
This malware was reported by: Network Associates Inc
Bagle.EO
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 23rd, 2005. It
was spammed in e-mails to a large amount of people as 1.EXE. As
in previous cases, the downloader was sent inside a ZIP archive.
TROJ_BAGLE.AH
This malware was reported by: Trendmicro
A Trojan application is a malware with no capability to spread into other systems. This Trojan arrives attached to an email message, which is manually spammed by a malicious user.
Bagle.EP
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 23rd, 2005. It
was spammed in e-mails to a large amount of people as 1.EXE. As
in previous cases, the downloader was sent inside a ZIP archive.
This is the second Bagle-related downloader for the last
W32/Bagle.gen@MM!9725
This malware was reported by: Network Associates Inc
Several new W32/Bagle downloader variants have been widely spammed to users (November 23, 2005). To date, they are detected as W32/Bagle.gen@MM
with the 4635 DATs.
These are downloader trojans. However, like previous Bagle variants, it
Bagle.ES
This malware was reported by: F-Secure
This Bagle-related downloader appeared on November 23rd, 2005. It
was spammed in e-mails to a large amount of people as 1.EXE. As
in previous cases, the downloader was sent inside a ZIP archive.
Bagle.ER
This malware was reported by: F-Secure
Bagle.EQ
This malware was reported by: F-Secure
W32/Bobax.worm.gen
This malware was reported by: Network Associates Inc
This self-executing worm spreads by exploiting a Microsoft Windows vulnerability [MS04-011 vulnerability (CAN-2003-0533)]. Newer variants of this worm are polymorphic, and mutate upon each execution.
Note:
Users should install the Mic
Troj/BagleDl-AF
This malware was reported by: Sophos
Troj/BagleDl-AF is a Trojan for the Windows platform.
Troj/BagleDl-AF attempts to download further malicious software from pre-specified URLs.
Troj/BagleDl-AF opens a graphics file named ntimage.gif when first run.
W32/Bagle.gen!7B14EBCA
This malware was reported by: Network Associates Inc
Troj/Jupdrop-A
This malware was reported by: Sophos
Troj/Jupdrop-A is a dropper Trojan for the Windows platform.
Troj/RemLoad-A
This malware was reported by: Sophos
Troj/RemLoad-A is a Trojan for the Windows platform.
Troj/RemLoad-A includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/RemLoad-A may download and execute further files, and can retrieve in
Bagle.ET
This malware was reported by: F-Secure
This Bagle downloader has been found on November 23rd, 2005. It
was spammed in e-mails as ZIP attachment. The archive contains
a binary executable named 12.EXE.
Troj/BagleDl-AH
This malware was reported by: Sophos
Troj/BagleDl-AH is a Trojan for the Windows platform.
When first run, Troj/BagleDl-AH opens a graphics file named ntimage.gif with default image viewer.
Troj/BagleDl-AH attempts to download further malicious software from pre-specified
W32/Rbot-AYA
This malware was reported by: Sophos
W32/Rbot-AYA is a worm with backdoor functionality for the Windows platform.
W32/Rbot-AYA spreads to other network computers by exploiting common buffer overflow vulnerabilities, including: LSASS (MS04-011), RPC-DCOM (MS04-012), WKS (M
W32/Sober-Z
This malware was reported by: Sophos
W32/Sober-Z is a worm for the Windows platform.
W32/Sober-Z sends itself as an email attachment to addresses found in files on the hard disk.
Emails messages sent by the worm take one of the following forms. Subject lines may vary by h
Trojan.Anserin
This malware was reported by: Symantec
Trojan.Anserin is a Trojan horse program that logs keystrokes and steals information entered into certain banking Web sites.
W97M.Toler
This malware was reported by: Symantec
W97M.Toler is a macro virus that infects and inserts text into other Microsoft Word documents.
Troj/BagleDl-AK
This malware was reported by: Sophos
Troj/BagleDL-AK is a Trojan for the Windows platform.
Troj/BagleDL-AK will attempt to download and execute a file from the internet.
The file downloaded from the internet is detected by Sophos as Troj/BagleDl-AD.
W32/Mytob-FR
This malware was reported by: Sophos
W32/Mytob-FR is a mass-mailing worm and backdoor Trojan that can be controlled through the Internet Relay Chat (IRC) network.
W32/Mytob-FR runs continuously in the background, providing a backdoor server which allows a remote intruder to
Troj/Proxy-Y
This malware was reported by: Sophos
Troj/Proxy-Y is a proxy Trojan for the Windows platform.
The Trojan runs continuously in the background listening to a port and allows data to be routed through the computer.
Glieder.CF
This malware was reported by: Computer Associates
Description Win32.Glieder.CF is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 9,8
Glieder.CG
This malware was reported by: Computer Associates
Description Win32.Glieder.CG is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 9,2
Glieder.CH
This malware was reported by: Computer Associates
Description Win32.Glieder.CH is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been distributed as a 9,7
Glieder.CI
This malware was reported by: Computer Associates
Description Win32.Glieder.CI is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been mass-mailed as a 9,7
Glieder.CJ
This malware was reported by: Computer Associates
Description Win32.Glieder.CJ is a trojan that downloads and executes arbitrary files from a long, hardcoded list of particular URLs. It has been mass-mailed as a 9,7
Troj/Bancos-FV
This malware was reported by: Sophos
Troj/Bancos-FV is an internet banking Trojan for the Windows platform.
When first run Troj/Bancos-FV copies itself to <Windows>kernels32.exe.
Troj/Agent-FE
This malware was reported by: Sophos
Troj/Agent-FE is a Trojan for the Windows platform.
Troj/Agent-FE includes functionality to access the internet and communicate with a remote server via HTTP.
WORM_BAGLE.BX
This malware was reported by: Trendmicro
This memory-resident worm propagates via email messages. The email it sends has the following details:
HTool-CrackSearch
This malware was reported by: Network Associates Inc
Keygen-XPStyle
This malware was reported by: Network Associates Inc
W32/Mytob-FV
This malware was reported by: Sophos
W32/Mytob-FV is a mass-mailing worm and backdoor Trojan that can be controlled
through the Internet Relay Chat (IRC) network.
W32/Mytob-FV spreads to other network computers by exploiting common buffer
overflow vulnerabilities, includin
Troj/Danmec-A
This malware was reported by: Sophos
Troj/Danmec-A is a Trojan for the Windows platform.
The Trojan opens a port and offers remote attackers the ability to route HTTP traffic through the infected computer. The Trojan may also download and install additional files.
WORM_MYTOB.MX
This malware was reported by: Trendmicro
As of November 24, 2005 at 2:34 am (Pacific Standard Time, GMT -8:00), TrendLabs has declared a Medium risk alert in order to control the spread of WORM_MYTOB.MX. TrendLabs has received several infection reports indicating that this malware is curre
TROJ_BAGLE.AJ
This malware was reported by: Trendmicro
This memory-resident Trojan arrives as a downloaded file by another malware that Trend Micro detects as TROJ_BAGLE.AH. On execution, it drops a copy of itself and a DLL component that it injects into the EXPLORER.EXE process. The said routine enable
W32/Mytob-FX
This malware was reported by: Sophos
W32/Mytob-FX is a mass-mailing worm and IRC backdoor Trojan for the Windows platform.
W32/Mytob-FX may arrive as an attachment in an email with various characteristics.
W32/Mytob-FX runs continuously in the background, providing a back
W32/Mytob-FS
This malware was reported by: Sophos
W32/Mytob-FS is a mass-mailing worm and backdoor Trojan that can be controlled
through the Internet Relay Chat (IRC) network.
W32/Mytob-FS runs continuously in the background, providing a backdoor server
which allows a remote intruder t
TROJ_MONURL.D
This malware was reported by: Trendmicro
This Trojan arrives as a dropped file by another malware that Trend Micro detects as WORM_MYTOB.MX.
Troj/Banload-J
This malware was reported by: Sophos
Troj/Banload-J is a downloader for the Windows platform.
Troj/Banload-J attempts to download and execute a file to <System>imgrt.scr.
Troj/BagleDl-AF
This malware was reported by: Sophos
Troj/BagleDl-AF is a Trojan for the Windows platform.
Troj/BagleDl-AF attempts to download further malicious software from pre-specified URLs.
Troj/BagleDl-AF opens a graphics file named ntimage.gif when first run.
Troj/RemLoad-B
This malware was reported by: Sophos
Troj/RemLoad-B is a Trojan for the Windows platform.
Troj/RemLoad-B includes functionality to access the internet and communicate with a remote server via HTTP.
When run, Troj/RemLoad-B may display a fake error message stating that a p
Troj/Jupdrop-A
This malware was reported by: Sophos
Troj/Jupdrop-A is a dropper Trojan for the Windows platform.
SpyMon
This malware was reported by: Panda Software
SpyMon belongs to the category of Potentially Unwanted Programs, also known as PUPs. It allows other computers to be remotely controlled. Following a client-server architecture, the computer where it is installed acts as client, while the computers that
Dialer.inf
This malware was reported by: Network Associates Inc
Dialer-251.dr
This malware was reported by: Network Associates Inc
Dialer-251
This malware was reported by: Network Associates Inc
JS_ONLOADXPLT.A
This malware was reported by: Trendmicro
This JavaScript (JS) is a proof-of-concept exploit. It is initiated when Internet Explorer (IE) fails to correctly initialize the Windows() JavaScript function when used in conjunction with an onLoad event in the BODY HTML tag. Thus, IE encounters
PE_PARDIS.A
This malware was reported by: Trendmicro
PE_BOBAX.AK-O
This malware was reported by: Trendmicro
Mitglieder.GB
This malware was reported by: Panda Software
Mitglieder.GB is a Trojan that attempts to download and run a file from different websites on the affected computer every four hours.Mitglieder.GB has been massively sent via email in a message that contains an attached file with a ZIP extension.
TROJ_DANMEC.A
This malware was reported by: Trendmicro
Bloodhound.Exploit.54
This malware was reported by: Symantec
Bloodhound.Exploit.54 is a heuristic detection for the Microsoft Internet Explorer JavaScript Window() Vulnerability, as described in CAN-2005-1790.
W32.Secefa.A
This malware was reported by: Symantec
W32.Secefa.A is a worm with back door capabilities that drops another threat onto the compromised computer.
W32/Bobax-T
This malware was reported by: Sophos
W32/Bobax-T is a mass-mailing network worm and backdoor Trojan for the Windows platform.
W32/Bobax-T spreads by sending itself to email addresses found on the infected computer and by exploiting the PNP (MS05-039) vulnerability.
Messag
Troj/BagleDl-AH
This malware was reported by: Sophos
Troj/BagleDl-AH is a Trojan for the Windows platform.
When first run, Troj/BagleDl-AH opens a graphics file named ntimage.gif with default image viewer.
Troj/BagleDl-AH attempts to download further malicious software from pre-specified
Troj/Skbot-A
This malware was reported by: Sophos
Troj/Skbot-A is a backdoor Trojan for the Windows platform.
Troj/Skbot-A may have been dropped onto an infected system as the file <Windows>Systemlsass.exe.
When Troj/Skbot-A is installed it creates the file <System>w32t
W32/Mytob.he@MM
This malware was reported by: Network Associates Inc
This detection is for a mass-mailing worm that combines
W32/Mydoom@MM
functionality with W32/Sdbot.worm
functionality. Its behavior is largely similar to other W32/Mytob
variants.
This variant installs a downloader component
Mytob.do
This malware was reported by: F-Secure
The Mytob.do is a typical variant of Mytob. It combines the
functionality of IRC bot and mass-mailing worm.
Troj/Dloadr-AAP
This malware was reported by: Sophos
Troj/Dloadr-AAP is a downloader Trojan which will download, install and run new software without notification that it is doing so.
Troj/BagleDl-AK
This malware was reported by: Sophos
Troj/BagleDL-AK is a Trojan for the Windows platform.
Troj/BagleDL-AK will attempt to download and execute a file from the internet.
The file downloaded from the internet is detected by Sophos as Troj/BagleDl-AD.
Appdisabler.I
This malware was reported by: F-Secure
Appdisabler.I is a malicious SIS file trojan, which tries to disable
large number of third party applications.
TROJ_MITGLIEDR.AA
This malware was reported by: Trendmicro
Drever.D
This malware was reported by: F-Secure
Drever.D is a malicious SIS file trojan that disables the
Simworks Symbian Anti-Virus software.
Drever.D does not affect F-Secure Mobile Anti-Virus.