McAfee Threat Center

Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version	4328
DAT Release Date	02/25/2004
Threats Detected	86603
New Detections	292
Enhanced Detections	422

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name	Corporate Risk Assessment	Home Risk Assessment
W32/Netsky.c@MM	Medium	Medium
W32/Netsky.d@MM	Medium	Medium
W32/Bizex.worm	Low-Profiled	Low-Profiled

New Detections:

Internet Worm (1)

E-mail worm (1)

W32/Netsky.c@MM

Program (14)

(1)

YNotify

Adware (2)

Adware-PrecisionPop

Application extension (1)

RemoteAdmin.dll

Downloader (1)

Adware-Lop.dldr

Generic (1)

Dialer-RAS.cv.gen

Joke (1)

Malware Tool (3)

Proxy (1)

Remote Access (1)

Script (1)

Spyware (1)

Trojan (152)

Configuration settings (1)

Configurator (5)

MultiDropper-JI.cfg

MultiDropper-JH.cfg

MultiDropper-JG.cfg

MultiDropper-JE.cfg

Downloader (9)

BackDoor-CAY.dldr

Proxy-Agent.dldr

Dropper (15)

ServU.dr

Bat/tenej.b2.dr

Bat/tenej.b1.dr

MultiDropper-JI

MultiDropper-JH

MultiDropper-JG

MultiDropper-JF

MultiDropper-JE

MultiDropper-JK

Exploit (7)

Exploit-Winhlpadd

Exploit-MS04-007.b

Generic (2)

BackDoor-QY.gen

Downloader-HQ.gen

Keylogger (6)

Malware Tool (2)

Password Stealer (2)

PWS-Pcik

Proxy (1)

Remote Access (8)

BackDoor-CAY!mem

Script (86)

Bat/qz99

Bat/ybb

Bat/whs

Bat/vdx

Bat/qz98

Bat/qz96

Bat/qz92

Bat/qz89

Bat/qz86

Bat/qz85

Bat/qz82

Bat/qsd

Bat/ops

Bat/oki1

Bat/mydo

Bat/met3

Bat/maya

Bat/jura

Bat/inic

Bat/horn

Bat/fil

Bat/exco

Bat/dwe

Bat/dres

Bat/chsu

Bat/bact

VBS/Hodu

Settings Change (1)

StartPage (5)

Win32 (2)

Spy-Idwi

Virus (125)

(21)

OC/a

Stripper

HLLT.Weed.5664b

HLLT.Weed.5664a

HLLT.Weed.4080b

HLL.7712

Apuli-e

Application extension Worm (1)

W32/Bizex.worm.dll

Companion (5)

Dropper (10)

CLME.dr

Linux/Winter.dr

Dropper Generic (1)

W32/VCL32.dr.gen

Dropper Worm (3)

W32/Restud.worm.dr.c

W32/Restud.worm.dr.b

W32/Restud.worm.dr.a

E-mail (3)

W32/Netsky.g@MM

W32/Netsky.l@MM

W32/NetSky.h@MM

E-mail worm (5)

W32/Netsky.e@MM

W32/Netsky.f@MM

W32/Netsky.d@MM

W32/Netsky.m@MM

Email (3)

W32/Netsky.c@MM!zip

Email Generic (1)

VBS/Braco.gen@MM

Generic (1)

Generic Worm (11)

W32/Spybot.worm.gen.b

W32/Spybot.worm.gen.e

W32/Spybot.worm.gen.k

W32/Spybot.worm.gen.i

W32/Spybot.worm.gen.f

W32/Spybot.worm.gen.a

W32/Spybot.worm.gen.h

W32/Spybot.worm.gen.g

W32/Spybot.worm.gen.d

W32/Spybot.worm.gen.c

W32/Tumbi.worm.gen.b

Intended (2)

W97M/Delchi.intd

Internet Worm (1)

Macro (1)

Malware Tool (1)

Overwriting (2)

Parasitic (4)

Script (36)

Bat/dt98

Bat/rev

Bat/wfn

Bat/ttt

Bat/toro

Bat/tin3

Bat/tern

Bat/orgy

Bat/nado

Bat/mand

Bat/kazi

Bat/jul

Bat/inv2

Bat/inkb

Bat/ibbm

Bat/hok

Bat/harl

Bat/ff23

Bat/eris

Bat/dt93

Bat/dit

Bat/btnl

Bat/afa

Bat/blya

Bat/ban

VBS/Vong

Win31 (1)

Win32 (4)

W32/Netsky.c.eml!exe

W32/Netsky.c.eml!zip

Win9x (1)

W95/Fiasko.2628

Worm (7)

HLLW.Milbug.12431

W32/Restud.worm.b

W32/Randon.worm.am

W32/Nachi.worm.d

W32/Doomjuice.worm.c

W32/Bizex.worm!dldr

Enhanced Detections:

Virus (253)

(6)

Trout

HLL.3888

Apuli

Application extension (1)

Boot dropper (149)

BtDr.y

BtDr.z

BtDr.Wyx

BtDr.Vas

BtDr.Telefonica

BtDr.RP

BtDr.Pow

BtDr.VCS

BtDr.Unk

BtDr.Sly

BtDr.PrS

BtDr.NYB

BtDr.Michelangelo

BtDr.Light-General

BtDr.Kot

BtDr.Hob

BtDr.HMA

BtDr.LTS

BtDr.FSM

BtDr.FL

BtDr.FEC

BtDr.Chinese-Fish

BtDr.b

BtDr.AP

BtDr.a

BtDr.HAL

BtDr.Ghostballs

BtDr.Frankenstein

BtDr.Brr

BtDr.BE

BtDr.Andropinis

BtDr.Necrophilia

Companion (3)

Companion Unpacked (1)

HLL.cmp.4894.unp

Configuration settings (1)

Dropper (10)

VCL.dr

Dropper Overwriting (1)

E-mail (1)

Exploit-MIME.gen

File Infector (1)

Generic (5)

Exploit-MIME.gen.exe

Generic multipartite (1)

Nutcracker.mp.gen

Generic Overwriting (1)

W32/Swog.ow.gen

Heuristic (1)

Intended (2)

W32/Lamchi.intd

Internet Relay Chat (1)

Internet Worm (1)

W32/Doomjuice.worm.a

Linux (3)

Linux/Winter.343

Linux/Winter.343dr

Linux/Winter.341

Macro (1)

Malware Tool (1)

Parasitic (4)

Script (43)

Bat/red

Bat/inv

Bat/sz

Bat/ta

Bat/gho3

Bat/tus

Bat/hxv

Bat/qwer

Bat/do

Bat/gom

Bat/in

Bat/hl

Bat/hk

Bat/nx

Bat/butt

Bat/zq

Bat/ze

Bat/uv

Bat/hj

Bat/sg

Bat/rz

Bat/nw

Bat/nq

Bat/nc

Bat/mo

Bat/lq

Bat/ln

Bat/lg

Bat/ko

Unpacked (2)

VBScript worm (1)

Win9x (2)

W95/Fiasko.2496

W95/Hooy

Worm (10)

HLLW.Freemem.11052

HLLW.Freemem.17892

HLLW.Freemem.7490

Internet Worm (1)

Internet Worm (1)

W32/Doomjuice.worm.b

Trojan (167)

(1)

Suspicious JPEG

- (2)

IRC-Bun

Application extension (3)

StartPage-AT.dll

Client (2)

Configurator (4)

BackDoor-AWT.cfg

MultiDropper-IK.cfg

Downloader (2)

Proxy-FBSR.dldr

Dropper (10)

MultiDropper-HW

IRC/Flood.bg.dr

BackDoor-BAO.dr

MultiDropper-IK

Exploit (1)

Exploit-MS04-007

Generic (6)

BackDoor-EE.gen

VBS/Satanik.gen

BackDoor-DX.gen

VBS/RunScript.gen3

IRC/Flood.gen.c

HTML document (1)

BackDoor-ZI.htm

Internet Relay Chat (3)

Password (3)

PWS-IM

PWS-WebMoney.gen

Remote Access (25)

Script (98)

IIS/BackDoor-ACE

Bat/ud

Bat/rc

Bat/yo

Bat/rb1

Bat/hbu

Bat/tb

Bat/se

Bat/oki

Bat/inr

Bat/pa

Bat/yx

Bat/yv

Bat/yu

Bat/ou

Bat/qw

Bat/pf

Bat/oz

Bat/ph

Bat/pb

IRC/Flood.bat.i

Bat/rt

Bat/is

Bat/im

Bat/zo

Bat/zg

Bat/yl

Bat/wz

Bat/ww

Bat/wt

Bat/wg

Bat/wa

Bat/vx

Bat/vr

Bat/vj

Bat/uw

Bat/ut

Bat/zp

Bat/yk

Bat/yc

Bat/wy

Bat/wu

Bat/wf

Bat/vy

Bat/vw

Bat/vp

Bat/vm

Bat/vk

Bat/vb

Bat/uz

Bat/uy

Bat/us

Bat/ur

Bat/up

Bat/ul

Bat/uk

Bat/uj

Bat/uc

Bat/ub

Bat/ua

Bat/ty

Bat/te

Bat/td

Bat/sx

Bat/su

Bat/sr

Bat/sq

Bat/zh

Bat/yd

Bat/vn

Bat/vl

Bat/va

Bat/so

Bat/sn

Bat/sl

Bat/sj

Bat/sd

Bat/sb

Bat/ry

Bat/rw

Bat/rv

Bat/nv

Bat/nu

Bat/nr

Bat/no

Bat/nk

Bat/lp

Bat/lm

Bat/lk

Bat/ky

Bat/kw

Bat/kv

Server (2)

BackDoor-AWT.svr

StartPage (2)

VbScript (1)

VBS/Lar

Win32 (1)

Netbus

Program (1)

Boot (1)

Devsup