Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4311
DAT Release Date 12/24/2003
Threats Detected 83913
New Detections 165
Enhanced Detections 240

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
W32/Gluber.b@MM Low-Profiled Low-Profiled

New Detections:

Program (14)
  Adware (5)
    Downloader-GoldCas
    Adware-IESearchBar
    Adware-Sml
    Adware-Edise
    Adware-IPU
  Application extension (1)
    Spyware-SafeSurf.dll
  Downloader (1)
    Adware-Sml.dldr
  Keylogger (1)
    Keylog-MSNMspy
  Malware Tool (1)
    Linux/Rootkit-O
  Proxy (1)
    Proxy-Bouncer
  Spyware (1)
    Spyware-SafeSurf
  Tool (2)
    THCscan
    Linux/Vtool-Infelf
  Win32 (1)
    KillApp
Trojan (74)
   (2)
    Del-422
    Cafeda
  Application extension (1)
    Keylog-Keylf.dll
  Configurator (1)
    Downloader-FZ.cfg
  Downloader (3)
    Downloader-FX
    Downloader-FZ
    Downloader-FY
  Dropper (7)
    MultiDropper-GP.c
    PWS-LegMir.dr
    MultiDropper-IT
    MultiDropper-IU
    PWS-Datei.dr
    IRC/Flood.do.dr
    IRC/Flood.dz.dr
  Exploit (10)
    Exploit-DarkKnight
    Exploit-URLSpoof
    Exploit-Shadwin
    Linux/Exploit-Cgiexp
    Linux/Exploit-Freeze
    Linux/Exploit-Sqlexp
    Linux/Exploit-Adminer
    Exploit-SqlExp
    Perl/Exploit-SwEz
    Exploit-Orcler
  Flooder (9)
    FDoS-Bombit
    FDoS-Caraf
    FDoS-Kabub
    FDoS-Freekaz
    Perl/FDoS-Mailbomb
    FDoS-Xexe
    FDoS-Daniel
    FDoS-Shaox
    FDoS-Botmail
  Generic (6)
    StartPage-AO.gen
    BackDoor-AHM.gen
    BackDoor-AZS.gen
    PWS-Bancban.gen
    ByWeird.gen
    PWS-Legmir.gen.c
  Internet Relay Chat (2)
    IRC/Flood.dx
    IRC/Flood.dy
  Malware Tool (2)
    Spam-NeoMail
    Linux/Rootkit-N
  Password Stealer (1)
    PWS-RemSteal
  ProcKill (3)
    ProcKill-BI
    ProcKill-BG
    ProcKill-BH
  Remote Access (5)
    BackDoor-AZS
    BackDoor-CAW
    BackDoor-CAY
    BackDoor-CBA
    BackDoor-CAZ
  StartPage (5)
    StartPage-AM
    StartPage-AK
    StartPage-AL
    StartPage-AJ
    StartPage-AN
  Tool (1)
    Linux/Hacktool-Bscan
  Win32 (16)
    IRC/Flood.dz
    AddShare-D
    Generic FDoS
    Del-429
    Del-425
    Del-423
    Del-427
    Del-424
    QHosts-3
    Del-428
    Del-426
    Kility
    AddUser-C
    DiskFill-L
    ICQPager-R
    ICQPager-Q
Virus (77)
  E-mail (2)
    W32/Gluber.b@MM
    W32/Gluber@MM
  Email (1)
    W32/Gluber.a@MM
  Parasitic (2)
    W32/HLLP.Gogo.b
    W32/HLLP.Gogo.a
  Peer To Peer (1)
    W32/Kiribot!p2p
  VbScript (1)
    VBS/Sling
  Win32 (3)
    W32/Spybot.uy
    W32/MGF.a
    W32/Antine
  Worm (67)
    W32/Spybot.worm.vr
    W32/Spybot.worm.vn
    W32/Spybot.worm.vg
    W32/Spybot.worm.vf
    W32/Spybot.worm.vd
    W32/Spybot.worm.vk
    W32/Spybot.worm.uz
    W32/Spybot.worm.vv
    W32/Spybot.uy.worm
    W32/Spybot.worm.vl
    W32/Spybot.worm.vp
    W32/Spybot.worm.uy
    W32/Gaobot.worm.fw
    W32/Gaobot.worm.fo
    W32/Gaobot.worm.fn
    W32/Gaobot.worm.fl
    W32/Gaobot.worm.fj
    W32/Gaobot.worm.fh
    W32/Gaobot.worm.fe
    W32/Gaobot.worm.fd
    W32/Gaobot.worm.ew
    W32/Gaobot.worm.eq
    W32/Gaobot.worm.eo
    W32/Gaobot.worm.en
    W32/Gaobot.worm.eh
    W32/Spybot.worm.vt
    W32/Spybot.worm.vj
    W32/Gaobot.worm.ft
    W32/Gaobot.worm.fq
    W32/Gaobot.worm.fm
    W32/Gaobot.worm.fv
    W32/Gaobot.worm.fs
    W32/Gaobot.worm.fp
    W32/Spybot.worm.vi
    W32/Opaserv.worm.ah
    W32/Randon.worm.ag
    W32/Spybot.worm.vw
    W32/Spybot.worm.vu
    W32/Spybot.worm.vs
    W32/Spybot.worm.vq
    W32/Spybot.worm.vo
    W32/Spybot.worm.vm
    W32/Spybot.worm.ve
    W32/Gaobot.worm.fi
    W32/Spybot.worm.vc
    W32/Spybot.worm.vy
    W32/Spybot.worm.vx
    W32/Spybot.worm.vb
    W32/Spybot.worm.va
    W32/Gaobot.worm.fg
    W32/Gaobot.worm.fc
    W32/Gaobot.worm.et
    W32/Gaobot.worm.er
    W32/Gaobot.worm.em
    W32/Gaobot.worm.ei
    W32/Gaobot.worm.ef
    W32/Gaobot.worm.ed
    W32/Gaobot.worm.ff
    W32/Gaobot.worm.eu
    W32/Gaobot.worm.es
    W32/Gaobot.worm.ep
    W32/Gaobot.worm.el
    W32/Gaobot.worm.eg
    W32/Gaobot.worm.ee
    W32/Warya.worm
    W32/Passma.worm.d
    W32/Heher.worm

Enhanced Detections:

Internet Worm (1)
  E-mail worm (1)
    W32/Yodo.a@MM
Malware (2)
  - (1)
    ByWeird
  Exploit (1)
    Exploit-IIS.Crack
Program (1)
   (1)
    NetBusPro
Trojan (34)
  - (2)
    Proxy-Guzu
    JV/Goplanet
  Dropper (4)
    ByWeird.dr
    PWS-Watsn.dr
    MultiDropper-GH
    PWS-AceMast.dr
  Exploit (1)
    Exploit-Overnasm
  Flooder (9)
    FDoS-MassMsg
    FDoS-Filter
    FDoS-Tyapo
    FDoS-Maiman
    FDoS-Psycho
    FDoS-Shab
    FDoS-Lanmen
    FDoS-Cybwar
    FDoS-Chat
  Generic (2)
    PWS-Hearty.gen
    DDoS-Kaiten.gen
  Macintosh (2)
    MacOS/NVP
    MacOS/ChinaTalk
  Malware Tool (1)
    THC.kit
  MS-DOS Batch (1)
    IRC/Flood.bat
  Password (1)
    PWS-Watsn
  Password Stealer (1)
    PWS-AceMast
  Plugin component (1)
    Orifice2k.plugin.silk
  Remote Access (2)
    BackDoor-ADS
    BackDoor-QY
  Script (1)
    JV/GoPlanet.reg
  Server (1)
    BackDoor-AQF.svr
  Settings Change (1)
    Startpage-AI
  Win32 (4)
    Systentry
    Gric
    AddUser-B
    AddUser-A
Virus (202)
   (52)
    Timid.382a
    Timid.306b
    Timid.513a
    Timid.310
    Timid.431
    Timid.497c
    Timid.497a
    Timid.309
    Timid.513b
    Timid.557
    Timid.526
    Timid.497b
    Timid.382b
    Timid.371b
    Timid.371a
    Timid.320
    Timid.313
    Timid.306d
    Timid.306c
    Timid.306a
    Timid.305b
    Timid.305a
    Timid.303b
    Timid.302b
    Timid.301c
    Timid.301a
    Timid.300a
    Timid.299
    Timid.298c
    Timid.298a
    Timid.297e
    Timid.297c
    Timid.297a
    Timid.290e
    Timid.290c
    Timid.290a
    Timid.288
    Timid.245
    Timid.305c
    Timid.303a
    Timid.302a
    Timid.301b
    Timid.300b
    Timid.298b
    Timid.297f
    Timid.297d
    Timid.297b
    Timid.295
    Timid.290d
    Timid.290b
    Timid.289
    Timid.263
  Companion (1)
    W32/Hide.cmp
  Damaged (3)
    MacOS/nVIR.dam
    MacOS/nVIR.c.dam
    MacOS/nVIR.a.dam
  Dropper (4)
    W95/Kuang.dr
    W32/HLLP.dr
    MacOS/SevenDust.dr
    W32/Yodo.b.dr
  E-mail (1)
    W32/Parex.Worm
  E-mail worm (3)
    W32/Fourseman.g@MM
    W32/Lehs@MM
    W32/Fregit.a@MM
  Email (19)
    W32/Fregit.b@MM
    W32/Revocer.b@MM
    W32/Revocer.a@MM
    W32/Vote.d@MM
    W32/Spinac@MM
    W32/Sint@MM
    W32/Fourseman.f@MM
    W32/Fourseman.e@MM
    W32/Fourseman.d@MM
    W32/Fourseman.c@MM
    W32/Fourseman.b@MM
    W32/Fourseman.a@MM
    W32/Fourseman.o@MM
    W32/Fourseman.l@MM
    W32/Kown@MM
    W32/Yodo.c@MM
    W32/Yodo.b@MM
    W32/Yodo.d@MM
    W32/Fregit.c@MM
  Email Generic (1)
    W32/Hermes.gen@MM
  Floppy Worm (2)
    W32/Mantibe.worm
    W32/Flor.worm
  Generic (6)
    W32/Hobbit.gen
    MacOS/SevenDust.gen
    MacOS/MDEF.gen
    MacOS/T4.gen
    W32/HLLP.14336.gen
    MacOS/nVIR.b.gen
  Generic Peer To Peer Worm (3)
    W32/Opex.worm.gen!p2p
    W32/Shower.worm.gen!p2p
    W32/Zaka.worm.gen!p2p
  Generic Script (1)
    JS/Kak.bat.gen
  Generic Worm (3)
    W32/Cloner.worm.gen
    W32/Eslac.worm.gen
    W32/Sunelo.worm.gen
  Intended Worm (1)
    W32/Zaka.worm.intd
  Macintosh (35)
    MacOS/ANTI
    MacOS/CODE9811
    MacOS/Peace
    MacOS/CODE252
    MacOS/INIT9403
    MacOS/INIT-M
    MacOS/Flag
    MacOS/Frankie
    MacOS/CODE32767
    MacOS/Scores
    MacOS/CODE1
    MacOS/INIT17
    MacOS/INIT1984
    MacOS/ZUC.b
    MacOS/WDEF.b
    MacOS/WDEF.a
    MacOS/SevenDust.d
    MacOS/SevenDust.c
    MacOS/SevenDust.b
    MacOS/SevenDust.a
    MacOS/nVIR.c
    MacOS/nVIR.a
    MacOS/MDEF.d
    MacOS/MBDF.b
    MacOS/ZUC.c
    MacOS/ZUC.a
    MacOS/INIT29.b
    MacOS/MBDF.a
    MacOS/INIT29.a
    MacOS/ANTI.b
    MacOS/SevenDust.e
    MacOS/ANTI.a
    MacOS/T4.d
    MacOS/SevenDust.j
    MacOS/MDEF99
  Overwriting (1)
    W32/Metrion.ow
  Parasitic (3)
    W32/HLLP.Yellor.b
    W32/HLLP.Yellor.a
    W32/HLLP.14001
  Peer To Peer Worm (2)
    W32/Nimrod.worm!p2p
    W32/Generic.worm.b!p2p
  Script (3)
    JS/Kak.bat.b
    JS/Kak.bat.a
    Bat/flm
  VbScript (1)
    VBS/Calma
  Win32 (10)
    New Win32.g2
    W32/HLL.ow.Elitiamo
    W32/Anel
    W32/Metrion.37204b
    W32/Metrion.37204a
    W32/Felix
    W32/Cvih
    W32/Jits
    W32/Aidonz
    W32/MGF
  Worm (47)
    W32/Erdine.worm
    W32/Spybot.worm.vh
    W32/Kraimer.worm
    W32/Kotef.worm
    W32/Depress.worm
    W32/Wunom.worm
    W32/Stup.worm
    W32/Heffer.worm.c
    W32/Heffer.worm.a
    W32/Heffer.worm.b
    W32/FunkyPic.worm
    W32/Heovin.worm
    W32/Bonny.worm
    W32/Odra.worm
    W32/Mortag.worm
    W32/Acone.worm
    W32/Mellon.worm
    W32/Manfool.worm
    W32/Heffer.worm.d
    W32/Heffer.worm.e
    W32/Dexec.worm
    W32/Felic.worm
    W32/Evom.worm
    W32/HideDoc.worm
    W32/Darend.worm
    W32/Stihi.worm
    W32/Shydood.worm
    W32/Passma.worm.c
    W32/Passma.worm.b
    W32/Passma.worm.a
    W32/Figmak.worm
    W32/MouseLoco.worm
    W32/Ismod.worm.a
    W32/Ismod.worm.b
    W32/Celebit.worm
    W32/Editorex.worm
    W32/Well.worm
    W32/Bildan.worm
    W32/Girls.worm
    W32/HLLP.Vampore.worm.b
    W32/HLLP.Vampore.worm.a
    W32/Carpet.worm.b
    W32/Carpet.worm.a
    W32/Mumu.worm
    W32/Bebars.worm.c
    W32/Bebars.worm.b
    W32/Bebars.worm.a