Common Malware Enumeration (CME)

Common Malware Enumeration (CME) - CME List http://cme.mitre.org/data/list.html Malware threats that have been assigned identifiers by the CME initiative. en-us Copyright 2005, The MITRE Corporation New CME Assigned - CME-711 CME-711 is a Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats, Date Assigned: 2007-01-19T21:15:01Z http://cme.mitre.org/data/list.html#711 Mon, 22 Jan 2007 09:14:22 EST New CME Assigned - CME-416 CME-416 is a multi-component mass-mailing worm that downloads and executes files from the Internet. Date Assigned: 2006-11-03T13:20:35Z http://cme.mitre.org/data/list.html#416 Mon, 06 Nov 2006 18:56:11 EST New CME Assigned - CME-762 CME-762 is a worm that opens an IRC back door on the compromised host. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (Microsoft Security Bulletin MS06-040). Date Assigned: 2006-08-14T08:01:00Z http://cme.mitre.org/data/list.html#762 Mon, 14 Aug 2006 17:57:14 EDT New CME Assigned - CME-482 CME-482 is a worm that opens an IRC back door on the compromised host. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (Microsoft Security Bulletin MS06-040). Date Assigned: 2006-08-14T08:00:42Z http://cme.mitre.org/data/list.html#482 Mon, 14 Aug 2006 17:57:14 EDT New CME Assigned - CME-136 CME-136 is a Microsoft Word macro virus that drops a trojan onto the infected host. Date Assigned: 2006-06-29T08:21:35Z http://cme.mitre.org/data/list.html#136 Thu, 29 Jun 2006 16:00:12 EDT New CME Assigned - CME-476 CME-476 is a Microsoft Word macro virus that drops a trojan onto the infected host. Date Assigned: 2006-06-28T14:09:06Z http://cme.mitre.org/data/list.html#476 Wed, 28 Jun 2006 21:45:23 EDT New CME Assigned - CME-745 CME-745 is a Microsoft Word macro virus that drops a trojan onto the infected host. Date Assigned: 2006-06-28T14:07:05Z http://cme.mitre.org/data/list.html#745 Wed, 28 Jun 2006 16:15:23 EDT New CME Assigned - CME-934 This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment. Date Assigned: 2006-03-21T11:46:05Z http://cme.mitre.org/data/list.html#934 Mon, 20 Mar 2006 06:46:23 EST New CME Assigned - CME-4 This is a worm under Macintosh OS X that spreads via the iChat instant messaging application. Date Assigned: 2006-02-16T01:20:07Z http://cme.mitre.org/data/list.html#4 Thu, 16 Feb 2006 10:20:07 EST New CME Assigned - CME-328 This is a "Bagle" mass-mailer which demonstrates typical "Bagle" behavior: it has a .ZIP file attachment, it contains a simple message subject/body, and it spreads to others. Date Assigned: 2006-02-06T17:45:56Z http://cme.mitre.org/data/list.html#328 Mon, 06 Feb 2006 12:45:56 EST New CME Assigned - CME-24 This worm will destroy certain data files on an infected user's machine on Friday, February 3, 2006. Additional information can be found at: http://blogs.securiteam.com http://isc.sans.org/blackworm http://www.lurhq.com/blackworm.html Date Assigned: 2006-01-24T18:02:31Z http://cme.mitre.org/data/list.html#24 Tue, 24 Jan 2006 08:28:59 EST New CME Assigned - CME-503 Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer. Date Assigned: 2006-01-20T10:28:59Z http://cme.mitre.org/data/list.html#503 Fri, 20 Jan 2006 05:28:59 EST New CME Assigned - CME-681 A new variant of the Sober mass-mailing worm. Date Assigned: 2005-11-22T13:26:38Z http://cme.mitre.org/data/list.html#681 Tue, 22 Nov 2005 08:26:38 EST New CME Assigned - CME-157 A new variant of the Sober mass-mailing worm. Date Assigned: 2005-11-15T09:28:29Z http://cme.mitre.org/data/list.html#157 Tue, 15 Nov 2005 04:28:29 EST New CME Assigned - CME-589 A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony BMG Digital Rights Management (DRM) software to hide its presence. Date Assigned: 2005-11-10T16:44:13Z http://cme.mitre.org/data/list.html#589 Thu, 10 Nov 2005 11:44:13 EST New CME Assigned - CME-151 This is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment that mimics an image file. Date Assigned: 2005-10-06T04:42:19Z http://cme.mitre.org/data/list.html#151 Thu, 06 Oct 2005 12:42:19 EDT New CME Assigned - CME-581 A mass-mailing worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Date Assigned: 2005-08-25T19:15:37Z http://cme.mitre.org/data/list.html#581 Thu, 25 Aug 2005 15:15:37 EDT New CME Assigned - CME-164 A worm that spreads by exploiting Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in ). Date Assigned: 2005-08-25T19:14:39Z http://cme.mitre.org/data/list.html#164 Thu, 25 Aug 2005 15:14:39 EDT New CME Assigned - CME-354 A worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx). Date Assigned: 2005-08-25T19:11:44Z http://cme.mitre.org/data/list.html#354 Thu, 25 Aug 2005 15:11:44 EDT New CME Assigned - CME-637 A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described Microsoft Security Bulletin MS05-039 at in http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Date Assigned: 2005-08-25T19:10:34Z http://cme.mitre.org/data/list.html#637 Thu, 25 Aug 2005 15:10:34 EDT New CME Assigned - CME-702 A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Date Assigned: 2005-08-25T19:08:19Z http://cme.mitre.org/data/list.html#702 Thu, 25 Aug 2005 15:08:19 EDT New CME Assigned - CME-15 A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Date Assigned: 2005-08-25T19:05:04Z http://cme.mitre.org/data/list.html#15 Thu, 25 Aug 2005 15:05:04 EDT New CME Assigned - CME-419 A mass-mailing worm that opens a back door, downloads remote files, and lowers security settings on the compromised computer. The worm spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) and by sending a copy of itself to email addresses gathered. Date Assigned: 2005-08-25T19:02:14Z http://cme.mitre.org/data/list.html#419 Thu, 25 Aug 2005 15:02:14 EDT New CME Assigned - CME-243 A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Date Assigned: 2005-08-25T15:13:50Z http://cme.mitre.org/data/list.html#243 Thu, 25 Aug 2005 15:13:50 EDT New CME Assigned - CME-284 A worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx). Date Assigned: 2005-08-25T15:12:53Z http://cme.mitre.org/data/list.html#284 Thu, 25 Aug 2005 15:12:53 EDT New CME Assigned - CME-540 A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Date Assigned: 2005-08-17T05:29:17Z http://cme.mitre.org/data/list.html#540 Wed, 17 Aug 2005 01:29:17 EDT New CME Assigned - CME-477 A mass-mailing worm that uses its own SMTP engine to email copies of itself to addresses gathered from the compromised computer. The worm also opens a back door on TCP Port 9030 on the compromised computer. Date Assigned: 2005-08-04T15:01:16Z http://cme.mitre.org/data/list.html#477 Thu, 04 Aug 2005 11:01:16 EDT New CME Assigned - CME-875 A mass-mailing worm that opens a back door and attempts to propagate by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011) on TCP port 445. Date Assigned: 2005-07-15T14:14:55Z http://cme.mitre.org/data/list.html#875 Fri, 15 Jul 2005 10:14:55 EDT New CME Assigned - CME-96 A trojan downloader. Date Assigned: 2005-07-14T09:05:08Z http://cme.mitre.org/data/list.html#96 Thu, 14 Jul 2005 05:05:08 EDT New CME Assigned - CME-323 A password stealing trojan that downloads a dll, which is used to intercept user keystrokes. The collected data is posted to another web site. Date Assigned: 2005-07-08T08:28:11Z http://cme.mitre.org/data/list.html#323 Fri, 08 Jul 2005 04:28:11 EDT New CME Assigned - CME-746 A trojan downloader that downloads an executable from a malware Web site. Date Assigned: 2005-07-08T08:26:49Z http://cme.mitre.org/data/list.html#746 Fri, 08 Jul 2005 04:26:49 EDT New CME Assigned - CME-402 A trojan that downloads adware and spyware programs on the infected system. Date Assigned: 2005-07-04T10:34:56Z http://cme.mitre.org/data/list.html#402 Mon, 04 Jul 2005 06:34:56 EDT New CME Assigned - CME-978 A trojan downloader that downloads malware from several different Internet addresses. Date Assigned: 2005-07-04T10:34:14Z http://cme.mitre.org/data/list.html#978 Mon, 04 Jul 2005 06:34:14 EDT New CME Assigned - CME-766 A Trojan horse that interferes with the operation of security software by ending processes, stopping services, removing registry entries, and deleting files. Date Assigned: 2005-06-01T11:52:49Z http://cme.mitre.org/data/list.html#766 Wed, 01 Jun 2005 07:52:49 EDT New CME Assigned - CME-456 A mass-mailing worm that sends itself as an email attachment to addresses gathered from the compromised computer. It uses its own SMTP engine to spread. The email may be in either English or German. Date Assigned: 2005-05-02T19:15:44Z http://cme.mitre.org/data/list.html#456 Mon, 02 May 2005 15:15:44 EDT New CME Assigned - CME-414 A mass-mailing worm arrives in an email messages that is designed to trick users into thinking that someone else is receiving their email. Date Assigned: 2005-04-21T05:09:46Z http://cme.mitre.org/data/list.html#414 Thu, 21 Apr 2005 01:09:46 EDT New CME Assigned - CME-901 A variant of the Mydoom worm. It spreads via email through SMTP, gathering target recipients from the Windows Address Book, the Temporary Internet Files folder, and certain fixed drives. Notably, it skips email addresses that contain certain strings. Date Assigned: 2005-02-28T21:42:00Z http://cme.mitre.org/data/list.html#901 Mon, 28 Feb 2005 16:42:00 EDT New CME Assigned - CME-245 A worm that spreads as an attachment to an infected email. The worm harvests addresses from the local address book and installs a proxy server. This Bagle variant spreads either as Windows PE EXE file or a Windows Control Panel Applet (CPL) file, both about 20 KB in size. Date Assigned: 2004-11-22T14:00:04Z http://cme.mitre.org/data/list.html#245 Mon, 22 Nov 2004 09:00:04 EDT New CME Assigned - CME-473 A variant of the Bagle worm. Date Assigned: 2004-11-22T14:00:04Z http://cme.mitre.org/data/list.html#473 Mon, 22 Nov 2004 09:00:04 EDT