# New Targets in Detection (February 2008)



## JohnthePilot

*Adware.Easybar* 
Adware.Easybar installs without displaying a EULA or Privacy Policy. Adware.Easybar may cause pop-ups. 

*Adware.Shopcenter* 
Adware.Shopcenter installs without displaying a EULA or PP. It then operates in stealth and may display advertisement based on search terms. Adware.Shopcenter performs automatic updates without notifying the user. 

*AntiSpyCheck* 
AntiSpyCheck is rogue anti-spyware that tricks the user into buying the commercial version. AntiSpyCheck's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes. 

*AntiSpyKit* 
AntiSpyKit is a rogue anti-spyware and clone of AntiVirusGolden; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats. 

*AntiSpywareBoss* 
AntiSpywareBoss is rogue anti-spyware that tricks the user into buying the commercial version. AntiSpywareBoss's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes.

*AntiVirusPro2008* 
AntiVirusPro2008 is a rogue anti-spyware and clone of MalwarePro; it may give exaggerated threat reports on the compromised computer and thenthe user to purchase a registered version to remove those reported threats. 

*MalwareCore* 
MalwareCore is a rogue anti-spyware and clone of MalwareWipe; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats. 

*SaliarAR* 
SaliarAR is rogue anti-spyware that tricks the user into buying the commercial version. SaliarAR's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes.

*SecureCleaner* 
SecureCleaner is a rogue anti-spyware and clone of SpyGuard; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats. 

*SpyKillerPro* 
SpyKillerPro is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

*SpyRemover* 
SpyRemover is a rogue anti-spyware application. It may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats. 

*SpywareIsolator * 
SpywareIsolator is rogue anti-spyware that tricks the user into buying the commercial version. SpywareIsolator's distribution methods are stealthy and/or misleading. The user is presented with misleading advertisements, often popped-up from files and processes installed by Trojans, that scare / trick the user into clicking yes.

*SpywarePro* 
SpywarePro is a rogue anti-spyware and clone of MalwarePro; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats.

*Toolbar.iWon* 
Tolbar.iWon is a search toolbar which is installed directly into the Internet Explorer browser without any EULA or Privacy Policy. The toolbar is designed to make the user access iWon sites from anywhere on the Internet. iWon is installed on all user accounts and may open up unwanted iWon pop-up windows when closing down the current browser. 

*Win32.Backdoor.ADMDNews* 
Win32.Backdoor.ADMDNews will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.Akbot* 
Win32.Backdoor.Akbot opens a backdoor that may allow a remote user to take control of the infected system. 

*Win32.Backdoor.AntiPC* 
Win32.Backdoor.AntiPC is a program that can give an remote attacker unauthorized access to an infected machine, thus compromising system security.

*Win32.Backdoor.Assasin* 
Win32.Backdoor.Assasin is a malware application that can open up backdoors on a compromised computer.

*Win32.Backdoor.Bionet* 
Win32.Backdoor.Bionet will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.Bionix* 
Win32.Backdoor.Bionix will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.Brabot* 
Win32.Backdoor.Brabot opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.CmjSpy *
Win32.Backdoor.CmjSpy will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.DarkMoon* 
Win32.Backdoor.DarkMoon will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.Death * 
Win32.Backdoor.Death opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.DsBot* 
Win32.Backdoor.DsBot opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.Emogen * 
Win32.Backdoor.Emogen opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.F_Door* 
Win32.Backdoor.F_Door is a program that can give a remote attacker unauthorized access to an infected machine, thus compromising system security. 

*Win32.Backdoor.FreeWeb* 
Win32.Backdoor.FreeWeb opens a backdoor that may allow a remote user to take control of the infected system. 

*Win32.Backdoor.Fripod *
Win32.Backdoor.Fripod opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.Ishbot * 
Win32.Backdoor.Ishbot opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.Jaan *
Win32.Backdoor.Jaan opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.Kbot *
Win32.Backdoor.Kbot opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.Nether * 
Win32.Backdoor.Nether opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.NetMetro * 
Win32.Backdoor.NetMetro will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.NetSphere * 
Win32.Backdoor.NetSphere will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.Notpa* 
Win32.Backdoor.Notpa will open up a backdoor on the infected machine allowing remote access. 

*Win32.Backdoor.Rustock* 
Win32.Backdoor.Rustock opens a backdoor that may allow a remote user to take control of the infected system. 

*Win32.Backdoor.Skrat* 
Win32.Backdoor.Skrat will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.SpecTroj* 
Win32.Backdoor.SpecTroj opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.Surila* 
Win32.Backdoor.Surila is a backdoor which opens up a several ports that makes it possible for a malicious attacker to gain remote unauthorized access to the infected computer. It is also known to drop rootkit elements on the user's machine.

*Win32.Backdoor.TDS * 
Win32.Backdoor.TDS will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.UrlBot *
Win32.Backdoor.UrlBot opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.Backdoor.Vipdataend *
Win32.Backdoor.Vipdataend will open up a backdoor on the infected machine allowing remote access.

*Win32.Backdoor.Zemac * 
Win32.Backdoor.Zemac opens a backdoor that may allow a remote user to take control of the infected system.

*Win32.DoS.Fedup* 
Win32.DoS.Fedup is a program that launches denial of service attacks on the IP address of a particular port specified by the attacker.

*Win32.DoS.Nemesy* 
Win32.DoS.Nemesy is a program that launches denial of service attacks on an IP address specified by the attacker. The attacker can configure the number, size and delay between packets being sent. 

*Win32.DoS.Tudon *
Win32.DoS.Tudon is a program that launches denial of service attacks on a URL of a particular port specified by the attacker.

*Win32.DoS.VB *
Win32.DoS.VB is a program that launches denial of service attacks on IP addresses or URLs specified by the attacker.

*Win32.Downloader.Searchpia * 
Win32.Downloader.Searchpia downloads malicious software from a remote server without the consent of the user.

*Win32.PWS.Fakelogin* 
Win32.PWS.Fakelogin is a program that is designed to steal log-in information. It presents fake log-in windows, then transmits the user's ID and password back to the malware author.

*Win32.Trojan.Buzus* 
Win32.Trojan.Buzus is malware that frequently tries to open up TCP port 6667 on the infected system. It may also install a new file in the %system folder which is running in stealth as a process, giving no clue of its functionality.

*Win32.Trojan.Favadd * 
Win32.Trojan.Favadd is a Trojan which may open up a backdoor on the infected computer. It may also try to download additional files.

*Win32.Trojan.Midgare* 
Win32.Trojan.Midgare installs itself as a Trojan. It may also download additional files to the infected system.

*Win32.Trojan.Tumac* 
Win32.Trojan.Tumac installs itself as a Trojan. It may also download additional files to the infected system.

*Win32.Trojan.Wublu *
Win32.Trojan.Wublu installs itself as a Trojan. It may also download additional files to the infected system.

*Win32.Trojan.Vxijpg * 
Win32.Trojan.Vxijpg installs itself as a Trojan. It may also download additional files to the infected system. 

*Win32.TrojanDownloader.Axload *
Win32.TrojanDownloader.Axload downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Botol * 
Win32.TrojanDownloader.Botol downloads malicious software from a remote server without the consent of the user. 

*Win32.TrojanDownloader.Briss* 
Win32.TrojanDownloader.Briss downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Dia* 
Win32.TrojanDownloader.Dia downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Esepor* 
Win32.TrojanDownloader.Esepor downloads malicious software from a remote server without the consent of the user. 

*Win32.TrojanDownloader.Hilldoor * 
Win32.TrojanDownloader.Hilldoor downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Hmir* 
Win32.TrojanDownloader.Hmir downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Kotan* 
Win32.TrojanDownloader.Kotan downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Livup *
Win32.TrojanDownloader.Livup downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Losabel * 
Win32.TrojanDownloader.Losabel downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.NanoDesu* 
Win32.TrojanDownloader.NanoDesu downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.QDown* 
Win32.TrojanDownloader.QDown downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Tiner *
Win32.TrojanDownloader.Tiner downloads malicious software from a remote server without the consent of the user.

*Win32.TrojanDownloader.Wimad* 
Win32.TrojanDownloader.Wimad downloads malicious software from a remote server without the consent of the user.

*Win32.Trojan-Dropper.Cabi* 
Win32.Trojan-Dropper.Cabi will drop and try to install additional malicious files on the system.

*Win32.TrojanDropper.EESbinder* 
Win32.TrojanDropper.EESbinder will drop additional files on the infected system. These files are often other Trojans or downloaders.

*Win32.TrojanDropper.Smorph* 
Win32.TrojanDropper.Smorph will drop additional files on the infected system. These files are often other Trojans or downloaders. 

*Win32.TrojanDropper.Yabinder* 
Win32.TrojanDropper.Yabinder will drop additional files on the infected system. These files are often other Trojans or downloaders.

*Win32.TrojanProxy.DiskMaster* 
Win32.TrojanProxy.DiskMaster opens up the infected machine to be used as a proxy server.

*Win32.TrojanProxy.Saturn* 
Win32.TrojanProxy.Saturn allows remote access to the computer. It may also try to contact its author using mail.

*Win32.TrojanProxy.WinGater *
Win32.TrojanProxy.WinGater opens up the infected machine to be used as a proxy server. 

*Win32.Trojan-PSW.Nilage* 
Win32.Trojan-PSW.Nilage is a Trojan Horse program that installs to run in stealth on system startup. It can steal user passwords on the infected system, thus compromising system security. 

*Win32.Trojan-PSW.Vipgsm* 
Win32.Trojan-PSW.Vipgsm is a Trojan program that installs to run in stealth. It can steal user passwords and other info on a infected system, thus compromising system security and user privacy.

*Win32.TrojanPWS.HotmailHacker* 
Win32.TrojanPWS.HotmailHacker is a Trojan which may trick the user by displaying an error message: " MSN messenger has detected a bug within it's software (JL-32.CCS). Microsoft has repaired the error (JL-32.CSS). You may now sign on." This statement is fake and pushes the user to log-in to MSN Messenger. The moment the victim signs in, their e-mail address and password are sent to a third party.

*Win32.TrojanPWS.Jammer* 
Win32.TrojanPWS.Jammer records your keystrokes and/or passwords, transmitting them to a remote server.

*Win32.TrojanPWS.Lomaster* 
Win32.TrojanPWS.Lomaster records your keystrokes and/or passwords, transmitting them to a remote server. 

*Win32.TrojanPWS.Minild* 
Win32.TrojanPWS.Minild records your keystrokes and/or passwords, transmitting them to a remote server.

*Win32.TrojanPWS.Minirat *
Win32.TrojanPWS.Minirat records your keystrokes and/or passwords, transmitting them to a remote server. 

*Win32.TrojanPWS.Mtmpas *
Win32.TrojanPWS.Mtmpas records your keystrokes and/or passwords, transmitting them to a remote server. 

*Win32.Trojan-PWS.PdPinch *
Win32.Trojan-PWS.PdPinch is a Trojan Horse application that can steal log-in information on an infected machine, thus compromising system security and user privacy.

*Win32.TrojanPWS.Smym *
Win32.TrojanPWS.Smym records your keystrokes and/or passwords, transmitting them to a remote server. Win32.TrojanPWS.Smym mainly focuses on Yahoo passwords.

*Win32.TrojanSpy.Qeds * 
Win32.TrojanSpy.Qeds is a type of malicious program that can steal information such as passwords, surfing habits, credit card details and e-mail addresses. Win32.TrojanSpy.Qeds has also been seen installing adware.

*Win32.Virus.Adson* 
Win32.Virus.Adson is a virus that infects selected executable files. If infected by Win32.Virus.Adson you will need to run an anti-virus program to clear it.

*Win32.Virus.Arrow * 
Win32.Virus.Arrow is a virus that infects selected executable files. If infected by Win32.Virus.Arrow you will need to run an anti-virus program to clear it.

*Win32.Virus.Aspade * 
Win32.Virus.Aspade is a virus that infects selected executable files. If infected by Win32.Virus.Aspade you will need to run an anti-virus program to clear it. 

*Win32.Virus.Bakaver *
Win32.Virus.Bakaver is a virus that infects selected executable files. If infected by Win32.Virus.Bakaver you will need to run an anti-virus program to clear it.
* 
Win32.Virus.Basket *
Win32.Virus.Basket is a virus that infects selected executable files. If infected by Win32.Virus.Basket you will need to run an anti-virus program to clear it.

*Win32.Virus.Bayan* 
Win32.Virus.Bayan is a virus that infects selected executable files. If infected by Win32.Virus.Bayan you will need to run an anti-virus program to clear it.

*Win32.Virus.Belial * 
Win32.Virus.Belial is a virus that infects selected executable files. If infected by Win32.Virus.Belial you will need to run an anti-virus program to clear it.

*Win32.Virus.Cream *
Win32.Virus.Cream is a virus that infects selected executable files. If infected by Win32.Virus.Cream you will need to run an anti-virus program to clear it. 

*Win32.Virus.Dream * 
Win32.Virus.Dream is a virus that infects selected executable files. If infected by Win32.Virus.Dream you will need to run an anti-virus program to clear it.

*Win32.Virus.Ingax* 
Win32.Virus.Ingax is a virus that infects selected executable files. If infected by Win32.Virus.Ingaxyou will need to run an anti-virus program to clear it.

*Win32.Virus.Siller * 
Win32.Virus.Siller is a virus that infects selected executable files. If infected by Win32.Virus.Siller you will need to run an anti-virus program to clear it.

*Win32.Virus.Simer *
Win32.Virus.Simer is a virus that infects selected executable files. If infected by Win32.Virus.Simer you will need to run an anti-virus program to clear it.

*Win32.Virus.Vulcano * 
Win32.Virus.Vulcano is a virus that infects selected executable files. If infected by Win32.Virus.Vulcano you will need to run an anti-virus program to clear it.

*Win32.Virus.Xorer * 
Win32.Virus.Xorer is a virus that infects selected executable files. If infected by Win32.Virus.Xorer you will need to run an anti-virus program to clear it.

*Win32.Worm.AimVen *
Win32.Worm.AimVen is a worm that can use AOL Instant Messenger to spread over the network.

*Win32.Worm.Alcaul *
Win32.Worm.Alcaul is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Antinny *
Win32.Worm.Antinny is a mass mailing worm that spreads itself without any user intervention. 

*Win32.Worm.Apart* 
Win32.Worm.Apart is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Burnox* 
Win32.Worm.Burnox is a mass mailing worm that spreads itself without any user intervention. 

*Win32.Worm.Bymer* 
Win32.Worm.Bymer is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.ChainSaw* 
Win32.Worm.ChainSaw is a mass mailing worm that spreads itself without any user intervention. 

*Win32.Worm.Collo* 
Win32.Worm.Collo is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Datom* 
Win32.Worm.Datom is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Deborm* 
Win32.Worm.Deborm is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Deloder* 
Win32.Worm.Deloder is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Doomjuice* 
Win32.Worm.Doomjuice is a worm that spreads itself without any user intervention. 

*Win32.Worm.Downloader* 
Win32.Worm.Downloader is a mass mailing worm that spreads itself without any user intervention. It may also download malicious software from a remote server without the consent of the user.

*Win32.Worm.Duster* 
Win32.Worm.Duster is a worm that spreads itself without any user intervention. It joins an IRC channel to await commands from a C&C server

*Win32.Worm.Fasong * 
Win32.Worm.Fasong is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Heyya * 
Win32.Worm.Heyya is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Kolab* 
Win32.Worm.Kolab is a worm that spreads through shared folders on the network and as an e-mail attachment. It will also harvest the infected machine for new addresses.

*Win32.Worm.Lovesan * 
Win32.Worm.Lovesan may exploit software vulnerabilities on Microsoft Windows systems. 

*Win32.Worm.Maldal *
Win32.Worm.Maldal is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Mars *
Win32.Worm.Mars is a worm that spreads through shared folders on the network and as an e-mail attachment. It will also harvest the infected machine for new addresses.

*Win32.Worm.Notfam * 
Win32.Worm.Notfam spreads from computer to computer via compromised systems or exploits.

*Win32.Worm.Piggi *
Win32.Worm.Piggi is a mass mailing worm that spreads itself without any user intervention. 

*Win32.Worm.Prolin* 
Win32.Worm.Prolin is a worm that spreads through shared folders on the network and as an e-mail attachment. It will also harvest the infected machine for new addresses. 

*Win32.Worm.Randon * 
Win32.Worm.Randon spreads from computer to computer via compromised systems or exploits.

*Win32.Worm.Sonic* 
Win32.Worm.Sonic is a worm copies itself to the shared folders on the Network and uses the SMTP protocol to send outgoing messages. 
Win32.Worm.Ultimax Win32.Worm.Ultimax is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Witty* 
Win32.Worm.Witty spreads from computer to computer via compromised systems or exploits.

*Win32.Worm.Wogue* 
Win32.Worm.Wogue is a mass mailing worm that spreads itself without any user intervention.

*Win32.Worm.Yaneth *
Win32.Worm.Yaneth is a mass mailing worm that spreads itself without any user intervention.
*
Win32.Worm.ZwQQ* 
Win32.Worm.ZwQQ spreads from computer to computer via compromised systems or exploits.

*WinXDefend* 
WinXDefend is rogue anti-spyware and a clone of BraveSentry; it may give exaggerated threat reports on the compromised computer and then ask the user to purchase a registered version to remove those reported threats. 

(Courtesy of Lavasoft News.)


----------

