2007-01-19T21:15:01Z CME-711 is a Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats, Win32.Small.dam W32/Downloader.AYDY TR/Dldr.Small.DBX Win32/Pecoan Trojan.Downloader-647 Win32/Fuclip.A W32/Small.DAM!tr Small.DAM Downloader.Tibs Trojan-Downloader.Win32.Small.dam Downloader-BAI!M711 Win32/Nuwar.N@MM!CME-711 W32/Tibs.gen12 Trj/Alanchum.NX!CME-711 Troj/DwnLdr-FYD Trojan.Peacomm TROJ_SMALL.EDW 2006-11-03T13:20:35Z CME-416 is a multi-component mass-mailing worm that downloads and executes files from the Internet. W32/Warezov.GC TR/Dldr.Stration.C Win32/Stration.Variant!Worm Worm.Stration.LY Win32/Stration.NO W32/Stration.DS@mm I-Worm/Stration Email-Worm.W32.Warezov.ez W32/Stration@MM Win32/Stration.DH@mm!CME-416 W32/Stration.ATT W32/Spamta.KG.worm W32/Strati-Gen W32.Stration.DL@mm WORM_STRAT.DR 2006-08-14T08:01:00Z CME-762 is a worm that opens an IRC back door on the compromised host. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (Microsoft Security Bulletin MS06-040). Worm/IRCBot.9374 W32/Ircbot.TT Win32/Cuebot.K!Worm Trojan.IRCBot-690 Win32/IRCBot.OO W32/Graweg.A!tr.bdr BackDoor.Generic3.GBB!CME-762 Backdoor.Win32.IRCBot.st backdoor:Win32/Graweg.B IRC-Mocbot!MS06-040 W32/Oscarbot.KD W32/Cuebot-M W32.Wargbot WORM_IRCBOT.JK 2006-08-14T08:00:42Z CME-482 is a worm that opens an IRC back door on the compromised host. It spreads by exploiting the Microsoft Windows Server Service Remote Buffer Overflow Vulnerability (Microsoft Security Bulletin MS06-040). Worm/IRCBot.9609 W32/Ircbot.TU Win32/Cuebot.J!Worm Trojan.IRCBot-689 Win32/IRCBot.OO W32/Graweg.B!tr.bdr BackDoor.Generic3.GBC!CME-482 Backdoor.Win32.IRCBot.st IRC-Mocbot!MS06-040 backdoor:Win32/Graweg.A W32/Oscarbot.KD W32/Cuebot-L W32.Wargbot WORM_IRCBOT.JL 2006-06-29T08:21:35Z CME-136 is a Microsoft Word macro virus that drops a trojan onto the infected host. W2000M/Kukudro.C W97M/Kukudro.C W97M/Kukudro.B:trojan Trojan.Dropper.MSWord.MyNo-3 W97M/TrojanDropper.Lafool.NAA WM/Kukudro.C W97M/Kukudro W2000M/Kukudro.C Trojan-Dropper.MSWord.Lafool.j W97M/Kukudro.c W97M/Kukudro.C!CME-136 W97/Kukudro.C!CME-136 WM97/Kukudr-Fam W97M.Kukudro.A 2006-06-28T14:09:06Z CME-476 is a Microsoft Word macro virus that drops a trojan onto the infected host. W2000M/Kukudro.B W97M/Kukudro.B W97M/Pricheck.B Trojan.Dropper.MSWord.MyNo-2 W97M/TrojanDropper.Lafool.NAA WM/Kukudro.B W97M/Kukudro W2000M/Kukudro.B Trojan-Dropper.MSWord.Lafool.j W97M/Kukudro.b!CME-476 W97M/Kukudro.B!CME-476 W97/Kukudro.A WM97/Kukudro-B W97M.Kukudro.A W97M_DLOADER.BVS 2006-06-28T14:07:05Z CME-745 is a Microsoft Word macro virus that drops a trojan onto the infected host. W2000M/Kukudro.A W97M/Kukudro.A W97M/Kukudr Trojan.Dropper.MSWord.MyNo-1 W97M/TrojanDropper.Lafool.I Kukudro.A WM/Lafool.I!tr W97/Kukudro W2000M/Kukudro.A Trojan-Dropper.MSWord.Lafool.i W97M/Kukudro.a!CME-745 W97M/Kukudro.A!CME-745 W97M/Pricheck.A W97/Kukudro.A!CME-745 WM97/Kukudro-A W97M.Kukudro.A W97M_DLOADER.BKV 2006-03-21T11:46:05Z This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment. Win32.Agent.adu W32/Downloader.SEL@dl TR/Dldr.Small.NIH Win32/Clagger.Q Trojan.Downloader.Small-1133 Win32/TrojanDownloader.Small.NIH W32/Small.NIJ!dldr Generic.QYK TR/Dldr.Small.NIH Agent.ACX Trojan-Downloader:Win32.Agent.adu Downloader-ATM!CME-934 TrojanDownloader:Win32/Clagger.C!CME-934 W32/Clagger.C Trj/Nabload.CC!CME-934 Troj/Clagger-K PWSteal.Tarno.T TROJ_CLAGGER.D 2006-02-16T01:20:07Z This is a worm under Macintosh OS X that spreads via the iChat instant messaging application. MacOS/Leap.A MacOS/Leap.A OSX/Leap.A Trojan.Leap.A Mac/Leap.A OSX/Leap!worm Leap.A MacOS/Leap.A OSX/OOMP-A OR LEAP.A OSX/Leap MacOS/Leap.A@mm!CME-4 OSX/Oomp.A.worm OSX/Leap-A OSX.Leap.A OSX_LEAP.A 2006-02-06T17:45:56Z This is a "Bagle" mass-mailer which demonstrates typical "Bagle" behavior: it has a .ZIP file attachment, it contains a simple message subject/body, and it spreads to others. Win32.Bagle.cl W32/Bagle.DW@mm Worm/Bagle.FI Win32/Bagle.DR Worm.Bagle.CP Win32/Bagle.FA W32/Bagle.DW-mm W32/Bagle.DW@mm I-Worm/Bagle generic Worm/Bagle.FI Email-Worm.Win32.Bagle.fj W32/Bagle.dp@MM Win32/Bagle.X@mm!CME-328 W32/Mitglied.PR W32/Bagle.GS.worm Troj/BagleDl-BZ W32.Beagle.DL@mm WORM_BAGLE.CL 2006-01-24T18:02:31Z This worm will destroy certain data files on an infected user's machine on Friday, February 3, 2006. Additional information can be found at: http://blogs.securiteam.com http://isc.sans.org/blackworm http://www.lurhq.com/blackworm.html Win32.Blackmal.e W32/Kapser.A@mm Worm/KillAV.GR Win32/Blackmal.F Win32/VB.NEI W32/Grew.A!wm Nyxem.E Worm/Generic.FX Worm/KillAV.GR Email-Worm.Win32.Nyxem.e W32/MyWife.d@MM Win32/Mywife.E@mm!CME-24 W32/Small.KI W32/Tearec.A.worm W32/Nyxem-D W32.Blackmal.E@mm WORM_GREW.A 2006-01-20T10:28:59Z Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer. W32/Downloader.MQT TR/Dldr.Delf.qx W32/Clagger Family W32/Ewojim!tr Downloader.Generic.POS TR/Dldr.Delf.qx Trojan-Downloader.Win32.Agent.ado Downloader-ATM TrojanDownloader:Win32/Clagger.A!CME-503 W32/DLoader.QSE Trj/Downloader.HGN!CME-503 Troj/Clagger-D PWSteal.Tarno.R TROJ_AGENT.APS 2005-11-22T13:26:38Z A new variant of the Sober mass-mailing worm. Win32.Sober.W Sober.Y Email-Worm.Win32.Sober.y W32/Sober@MM!M681 Win32/Sober.Z@mm!CME-681 W32/Sober.AA@mm W32/Sober.AH.worm W32/Sober-Z W32.Sober.X@mm WORM_SOBER.AG 2005-11-15T09:28:29Z A new variant of the Sober mass-mailing worm. Win32.Sober.Q Sober.U Email-Worm.Win32.Sober.u W32/Sober.t Win32/Sober.V@mm!CME-157 W32/Sober.T@mm W32/Sober.AD.worm W32/Sober-U W32.Sober.V@mm WORM_SOBER.AD 2005-11-10T16:44:13Z A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony BMG Digital Rights Management (DRM) software to hide its presence. Win32.OutsBot.U Breplibot.b Backdoor.Win32.Breplibot.b W32/Brepibot!CME-589 Backdoor:Win32/Ryknos.A!CME-589 W32/Ryknos.A Bck/Ryknos.A Troj/Stinx-E Backdoor.Ryknos BKDR_BREPLIBOT.C 2005-10-06T04:42:19Z This is a mass-mailing worm that uses its own SMTP engine to spread. It sends itself as an email attachment that mimics an image file. Win32.Sober.P Sober.S Email-Worm.Win.Sober.s W32/Sober.r@MM Win32/Sober.S@mm!CME-151 W32/Sober.R@mm Sober.Y W32/Sober-O W32.Sober.Q@mm WORM_SOBER.AC 2005-08-25T19:05:04Z A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Win32.Tpbot.B Bozori.B Net-Worm.Win32.Bozori.b W32/Bozori.worm.b Worm:Win32/Zotob.F!CME-15 W32/Bozori.B IRCbot.KD W32/Zotob-F W32.Zotob.F WORM_ZOTOB.F 2005-08-25T19:14:39Z A worm that spreads by exploiting Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in ). Win32.Zotob.B Zotob.B Net-Worm.Win32.Mytob.cf W32/Zotob.worm.b Worm:Win32/Zotob.B!CME-164 W32/Zotob.B Zotob.B W32/Zotob-B W32.Zotob.B WORM_ZOTOB.B 2005-08-25T15:13:50Z A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Win32.Zotob.A Zotob.A Net-Worm.Win32.Mytob.cd W32/Zotob.worm Worm:Win32/Zotob.A!CME-243 W32/Zotob.A Zotob.A W32/Zotob-A W32.Zotob.A WORM_ZOTOB.A 2005-08-25T15:12:53Z A worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx). Win32.Esbot.C IRCBot.ex Backdoor.Win32.IRCBot.ex W32/Sdbot.worm.gen.by Worm:Win32/Esbot.B!CME-284 W32/Esbot.B IRCbot.KG W32/Hwbot-B W32.Esbot.B WORM_ESBOT.C 2005-08-25T19:11:44Z A worm that spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx). Win32.Esbot.A Backdoor.Win32.IRCBot.es W32/IRCbot.gen Worm:Win32/Esbot.A!CME-354 Win32/IRCbot.BR IRCbot.KI W32/Sdbot-ACG W32.Esbot.A WORM_ESBOT.A 2005-08-25T19:02:14Z A mass-mailing worm that opens a back door, downloads remote files, and lowers security settings on the compromised computer. The worm spreads by exploiting the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) and by sending a copy of itself to email addresses gathered. Win32.Qweasy.A Backdoor.Win32.Surila.x W32/Mydoom.bv@MM Win32/Bobax.O@mm!CME-419 W32/Bobax.Q Antiemule.A W32/MyDoom-Gen W32.Bobax.AF@mm WORM_BOBAX.AD 2005-08-25T19:15:37Z A mass-mailing worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (as described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Win32.Zotob.C Net-Worm.Win32.Mytob.ch W32/Zotob.worm.c Worm:Win32/Zotob.C!CME-581 W32/Zotob.C Zotob.C W32/Zotob-C W32.Zotob.C@mm WORM_ZOTOB.C 2005-08-25T19:10:34Z A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described Microsoft Security Bulletin MS05-039 at in http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Win32.Drugtob.B Backdoor.Win32.IRCBot.et W32/Sdbot.worm!MS05-039 Worm:Win32/Zotob.Q!CME-637 W32/Zotob.D IRCbot.KE W32/Dogbot-B W32.Zotob.D WORM_ZOTOB.D 2005-08-25T19:08:19Z A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Win32.Drugtob.A Backdoor.Win32.IRCBot.et W32/Sdbot.worm.gen Worm:Win32/Zotob.D!CME-702 SDBot.RTC IRCbot.JZ W32/Sdbot-ACI W32.Zotob.G WORM_DRUDGEBOT.A 2005-08-17T05:29:17Z A worm that opens a back door and exploits the Microsoft Windows Plug and Play Buffer Overflow Vulnerability (described in Microsoft Security Bulletin MS05-039 at http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx) on TCP port 445. Win32.Tpbot.A Net-Worm.Win32.Bozori.a W32/Bozori.worm.a!CME-540 Worm:Win32/Zotob.E!CME-540 W32/Bozori.A IRCBot.KC W32/Tpbot-A W32.Zotob.E WORM_ZOTOB.E 2005-08-04T15:01:16Z A mass-mailing worm that uses its own SMTP engine to email copies of itself to addresses gathered from the compromised computer. The worm also opens a back door on TCP Port 9030 on the compromised computer. Win32.Bagle.BP Email-Worm.Win32.Bagle.bw W32/Bagle.cb@MM Win32/Bagle.BA@mm!CME-477 W32/Bagle.BO@mm Bagle.DO W32/Bagle-BW W32.Beagle.BY@mm WORM_BAGLE.BM 2005-07-15T14:14:55Z A mass-mailing worm that opens a back door and attempts to propagate by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (as described in Microsoft Security Bulletin MS04-011) on TCP port 445. Win32.Reatle.A Net-Worm.Win32.Lebreat.c W32/Reatle.gen@MM Win32/Reatle.A@mm!CME-875 W32/Breatel.A Lebreat.C W32/Lebreat-C W32.Reatle@mm WORM_REATLE.B 2005-07-14T09:05:08Z A trojan downloader. Trojan-Downloader.Win32.Delf.ri Downloader-ACY Trojan:Win32/Delf.M!CME-96 W32/DLoader.HIE Downloader.DNN Troj/Dloader-QK TROJ_DLOADER.UX 2005-07-08T08:28:11Z A password stealing trojan that downloads a dll, which is used to intercept user keystrokes. The collected data is posted to another web site. Win32.Conferox Trojan-Downloader.Win32.Small.arf Downloader-YZ TrojanDownloader:Win32/Zayaho.A!CME-323 W32/DLoader.GKR Downloader.DKC Troj/Dloader-PZ Download.Trojan TROJ_SMALL.ALT 2005-07-08T08:26:49Z A trojan downloader that downloads an executable from a malware Web site. Win32.SillyDl.RW Trojan-Downloader.Win32.Small.bcf Downloader-ABC TrojanDownloader:Win32/Small.BCF!CME-746 W32/DLoader.GKV Downloader.DKD Troj/Dloader-OQ Download.Trojan TROJ_SMALL.AME 2005-07-04T10:34:56Z A trojan that downloads adware and spyware programs on the infected system. Win32.DlWreck Trojan-Downloader.Win32.Vidlo.p Downloader-ACS TrojanDownloader:Win32/Vildo.P!CME-402 W32/Vidlo.P Agent.AAW Troj/Vidlo-P Download.Trojan TROJ_DLOADER.RY 2005-07-04T10:34:14Z A trojan downloader that downloads malware from several different Internet addresses. Trojan-Downloader.Win32.Small.aon Downloader-ACQ TrojanDownloader:Win32/Small.AON!CME-978 Mitglieder.DV Troj/Cifond-A TROJ_SMALL.ALP 2005-06-01T11:52:49Z A Trojan horse that interferes with the operation of security software by ending processes, stopping services, removing registry entries, and deleting files. Win32.Glieder.AG Email-Worm.Win32.Bagle.bo W32/Bagle.dldr.gen TrojanDropper:Win32/Bagle.BK!CME-766 TrojanDropper:Win32/Bagle.BL!CME-766 TrojanDropper:Win32/Bagle.BM!CME-766 TrojanDropper:Win32/Bagle.BN!CME-766 TrojanDropper:Win32/Bagle.BO!CME-766 TrojanDropper:Win32/Bagle.BP!CME-766 TrojanDropper:Win32/Bagle.BQ!CME-766 TrojanDropper:Win32/Bagle.BR!CME-766 W32/Mitglied.HZ Mitglieder.DC Troj/BagleDl-Q Trojan.Tooso.L TROJ_BAGLE.AR 2005-05-02T19:15:44Z A mass-mailing worm that sends itself as an email attachment to addresses gathered from the compromised computer. It uses its own SMTP engine to spread. The email may be in either English or German. Win32.Sober.N Email-Worm.Win32.Sober.p W32/Sober.p@MM Win32/Sober.Q@mm!CME-456 Sober.O@mm Sober.V W32/Sober-N W32.Sober.O@mm WORM_SOBER.S 2005-04-21T05:09:46Z A mass-mailing worm arrives in an email messages that is designed to trick users into thinking that someone else is receiving their email. Win32.Sober.M Email-Worm.Win32.Sober.n W32/Sober.o@MM!M414 Win32/Sober.M@mm!CME-414 Sober.N@mm Sober.U W32/Sober-M W32.Sober.N@mm WORM_SOBER.N 2005-02-28T21:42:00Z A variant of the Mydoom worm. It spreads via email through SMTP, gathering target recipients from the Windows Address Book, the Temporary Internet Files folder, and certain fixed drives. Notably, it skips email addresses that contain certain strings. Win32.Mydoom.AZ Email-Worm.Win32.Mydoom.am W32/Mydoom.be@MM!zip Win32/Mydoom.AR@mm!CME-901 MyDoom.AT@mm Mydoom.AR W32/MyDoom-BC W32.Mydoom.BA@mm WORM_MYDOOM.BA 2004-11-22T14:00:04Z A worm that spreads as an attachment to an infected email. The worm harvests addresses from the local address book and installs a proxy server. This Bagle variant spreads either as Windows PE EXE file or a Windows Control Panel Applet (CPL) file, both about 20 KB in size. Win32.Bagle.AR Email-Worm.Win32.Bagle.au W32/Bagle.bd@MM Win32/Bagle.BD@mm!CME-245 Bagle.AR@mm Bagle.BE W32/Bagle-AU W32.Beagle.AW@mm WORM_BAGLE.AU 2004-11-22T14:00:04Z A variant of the Bagle worm. Win32.Bagle.AQ Email-Worm.Win32.Bagle.at W32/Bagle.bb@MM Win32/Bagle.AS@mm!CME-473 Win32/Bagle.AX@mm!CME-473 Bagle.AQ@mm Bagle.BC W32/Bagle-AU W32.Beagle.AV@mm WORM_BAGLE.AT