Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4401
DAT Release Date 10/27/2004
Threats Detected 105331
New Detections 327
Enhanced Detections 339

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
Unix/Opener.worm Low-Profiled Low-Profiled
W32/Myfip.worm.g Low-Profiled Low-Profiled
W32/Zafi.c@MM Low-Profiled Low-Profiled
W32/Buchon.gen@MM Low-Profiled Low-Profiled

New Detections:

- (1)
  - (1)
    W32/Chilly.a@MM
Program (12)
   (1)
    VSource/crh
  Dialer (2)
    Dialer-228
    Dialer-227
  Dropper (1)
    WinSpy.dr
  Malware Tool (2)
    HTool/Exp-MS04-032!gdi
    Htool/9xRX
  ProcKill (1)
    ProcKill-HK32
  Tool (1)
    Tool-Sbd
  Win32 (4)
    RunService
    Netbox
    MPass
    Keygen-NetBus
Trojan (47)
   (2)
    RemoteAdmin!reg
    Sniff-Sneeze
  Application extension (2)
    Downloader-RJ.dll
    BackDoor-CKJ.dll
  Configurator (3)
    Downloader-CY.cfg
    BackDoor-CKL.cfg
    BackDoor-OR.cfg
  Downloader (12)
    Downloader-RO
    Downloader-RL
    Downloader-RK
    Downloader-RI
    Downloader-RG
    Downloader-RE
    BackDoor-AXJ.dldr
    Downloader-RM
    Downloader-RJ
    Downloader-RH
    Downloader-RF
    Downloader-RD
  Dropper (2)
    MultiDropper-LT
    BackDoor-ARR.dr
  Exploit (5)
    Exploit-MS04-032!gdi
    Linux/Exploit-Teso
    Linux/Exploit-Ghost
    Linux/Exploit-Odm
    Linux/Exploit-Ftpd
  Internet Relay Chat (1)
    IRC-Propag
  Linux (1)
    Linux/Fakepatch-A
  Password Stealer (2)
    PWS-KitStealer
    PWS-Banker.b
  Remote Access (7)
    BackDoor-CKN
    BackDoor-CKK
    BackDoor-CKI
    BackDoor-CKH
    BackDoor-CKM
    BackDoor-CKL
    BackDoor-CKJ
  Script (7)
    Bat/sex2
    Bat/qz139
    Bat/qd268
    Bat/patch
    Bat/dt134
    Exploit-MS04-028.bat
    Bat/qd269
  StartPage (1)
    StartPage-FI
  Win32 (2)
    Del-460
    Diabolick
Virus (267)
   (227)
    Dark Apoc.1016c
    Xany.343
    VCL.Replico.510
    VCL.Replico.357
    Trident.647
    Teacher.2000
    Suriv.986
    Stardot.979
    Skater.977
    Shark.1661
    Rubbit.3839
    Moonlight.319
    Monika.686
    Megabug.546
    Magda
    Horror.1136
    Honey.1027
    Grog.1372
    Fraud.610
    Flack.1330
    Fisher.1100
    Dillinger.547
    Curse.400
    Boxes.1089
    Backfont.1172
    VXH
    Ush.641
    Uniq.309.a
    Trooper.2259
    TravJack.980.b
    Tamsui.1694
    Puke.393
    Prot.2535
    Paramon.917
    Panek.1939
    Nina.1560
    Nina.1614
    Neko.1964
    Mr Duck.1536a
    MDS.331
    Maxi.1198
    Skater.714
    Skater.673
    Sentinel.5402
    Sentinel.5115
    Rubbit.3839b
    Rubbit.3811
    Python.1142
    Prague.Pizza
    Piaf.1859
    Nov17.584
    MPC.719
    MPC.425
    Monika.1314
    ManOWar.592
    Magda.512
    Loren.1387a
    JSBach.498
    Horror.1182
    Horror.1112
    Honey.666
    Grog.903
    Fraud.512
    Distrust.1588
    Czech.1687
    Cascade.691
    Beethoven.1718
    AusIH.423
    Yola.689
    VXH.462
    Vert
    Vacsina.634
    Uniq.309.c
    Uniq.309.b
    Uniq.308
    Unhandled.424
    Unclear.291
    Tu.482
    TravJack.1008
    TravJack.980.a
    Three-Y.853.b
    Taurus.1852
    Taurus.358
    Super.1175
    Rael.3211b
    Quarrel.390
    Prot
    Peep.756
    Nina.1559
    Nina.1600
    Neko.1990
    Mr Duck.1536b
    Moroccan.1970
    Mixtura.1000
    Miras.640
    Minimax.31125
    Metal.400
    Mazur.2541
    Malmsey.1742
    Malmsey.806
    Maiden.891
    M5VP2.1678
    Line.908
    Krapodnik.589
    Klepavka.881
    Kirti.2000
    King.2175
    King.1424
    Khrusha.1505
    Khai.1835
    Kela.823
    Joshua.985b
    Joshua.965
    Joshua.964
    Immo
    Helloween.2470b
    Grob.2000
    FF.Tower
    FF.MecoJon.1536.i
    FF.MecoJon.1536.g
    FF.MecoJon.1536.e
    FF.MecoJon.1536.c
    FF.MecoJon.1536.b
    FF.MecoJon.1536.a
    FF.Darkover.1536.a
    FF.Abstract.1024
    FF.1024.c
    FF.1024.b
    FF.1024.a
    Expe.416
    Exit.376
    Este.303
    Espacio.8498
    Espacio.8491
    Espacio.8486
    Espacio.8458
    Espacio.8444
    Enterprise.625
    EMorph.1696
    Drug.985
    DNR.397
    DNR.331
    DiS.Heaven.1536
    Darv.1024
    Dark Ray.1525.b
    Dark Ray.1525.a
    DAD.503
    Cruc
    Creator.692
    Crazy Priest.1416
    Cor.787
    Continua.502
    Congra.926
    CIS.800
    Capicua.511
    Bobas
    Arianna.2864
    Arg.1206
    Amt
    AlEXE.1287
    Alex.2104
    Alex.1843
    YD.2561
    YD.2433
    Xany.168
    Wordswap.1503
    Wordswap.1485
    Wordswap.1391
    Wordswap.1387
    Wildfire
    Wharps.584
    Wharps.572e
    Wharps.572d
    Wharps.572c
    Wharps.572b
    Wharps.572a
    Warez
    Voice.1463
    VCL.Replico.495
    VCL.Replico.422
    VCL.Replico.392
    VCL.Replico.350
    Tver.776
    Tver.532
    Tomato.2156
    Sylwia.734
    Stardot.1100
    Stardot.682
    Skynet.1448
    Skater.1021
    Skater.664
    Sentinel.5173
    Sayha.4000
    Psyco.804
    Prague.604
    Oops.1087
    Often
    Ninth Circle.1380
    MPC.570
    Loren.1387b
    Loren.1374
    Horror.1173
    Fraud.509
    Valentine.2332
    Unimag.732
    Undesirable.1320
    Three-Y.853.a
    Taurus.1153
    Serena.792
    Quatrain.2000
    Morgot
    Milik.1020
    Komsom
    Joshua.985
    IMI.2304
    Hi.460
    HBT.394
    Greedy.1106
    FF.MecoJon.1536.j
    FF.MecoJon.1536.h
    FF.MecoJon.1536.f
    FF.MecoJon.1536.d
    FF.Darkover.1536.b
    Davis.1793
    Dagger.882
    Anti-Pascal.890
    Aman.10716
  Damaged (3)
    Uniq.309.a.dam
    Panek.1939.dam
    Wordswap.1391.dam
  Dropper (11)
    Skater.977.dr
    Uniq.308.dr
    DNR.dr
    Arg.dr
    Alex.dr
    W32/EggRoll.dr
    Skater.1021.dr
    Shark.dr
    Uniq.309.a.dr
    Uniq.309.b.dr
    Dark Ray.dr
  E-mail worm (2)
    W32/Zafi.c@MM
    W32/Buchon.gen@MM
  Email (6)
    W32/Netsky.ai@MM!zip
    W32/Netsky.ah@MM
    W32/Mydoom.af@MM
    W32/Libr@MM
    W32/Bagz.f@MM
    W32/Netsky.ai@MM
  Email Generic (1)
    W32/Famus.gen@MM
  Parasitic (1)
    W32/HLLP.20606c
  Win32 (7)
    W32/Zelly
    W32/Zelly.a
    W32/EggRoll
    W32/Dumaru.bc
    W32/Bugbear.40988
    W32/Soach
    W32/Bagz!dload
  Worm (9)
    W32/Generic.worm.f
    W32/Generic.worm.e
    W32/Swamp.worm
    W32/Inya.worm!zip
    W32/Inya.worm
    W32/Bilb.worm
    W32/Liberbbit.worm
    Unix/Opener.worm
    W32/Myfip.worm.g

Enhanced Detections:

Internet Worm (8)
  E-mail worm (6)
    W32/Netsky.i@MM
    W32/Netsky.b@MM
    W32/Netsky.t@MM
    W32/Netsky.s@MM
    W32/Netsky.c@MM
    W32/Netsky.a@MM
  mIRC Worm (1)
    New IRC
  P2P Worm (1)
    W32/Generic.worm!p2p
Malware (1)
  Exploit (1)
    Exploit-CodeBase
Program (16)
  - (2)
    Iroffer
    IMIServer.download
  Adware (3)
    Adware-DFC
    Adware-NavHelper
    Adware-MemWatcher
  Application extension (1)
    Dialer-Generic.dll
  Configurator (1)
    HTool/Exp-MS04-028
  Downloader (2)
    Downloader-EAccel
    Downloader-KL
  Dropper (2)
    NetBusPro.dr
    IMIServ.dr
  Generic (1)
    Dialer-RAS.ck.gen
  Password (1)
    Winspy
  Remote Access (1)
    ServU-Daemon
  Win32 (2)
    RemAdm-RemoteAdmin
    EggDrop
Trojan (144)
   (1)
    Generic PWS.b
  - (1)
    StartPage-B
  Application extension (1)
    AFXrootkit.dll
  Application extension Generi (1)
    BackDoor-AXJ.dll.gen
  Client (2)
    BackDoor-Sub7.cli
    BackDoor-CJE.cli
  Configurator (3)
    BackDoor-Sub7.cfg
    Downloader.cfg
    Downloader-CL.cfg
  Denial Of Svc (1)
    IRC/Flood
  Downloader (10)
    Downloader-DC
    Downloader-CL
    Downloader-CY.b
    Downloader-QT
    Downloader-QG
    Downloader-MP
    Downloader-PH
    Downloader-MC
    Downloader-LE
    Downloader-PZ
  Downloader Generic (1)
    Downloader-PG
  Dropper (5)
    AFXrootkit.dr
    BackDoor-Sub7.dr
    MultiDropper-IY
    BackDoor-CGR.dr
    PWS-Trigi.dr
  Exploit (32)
    Exploit-ObjectData
    Linux/Exploit-SendMail
    Linux/Exploit-Bind
    Linux/Exploit-Cgiexp
    Linux/Exploit-Kerio
    Linux/Exploit-Shellcode
    Linux/Exploit-Freeze
    Linux/Exploit-Sqlexp
    Linux/Exploit-Adminer
    Linux/Exploit-Ciscer
    Linux/Exploit-Mulexp
    Linux/Exploit-BOrifice
    Linux/Exploit-Httpd
    Linux/Exploit-Gdslock
    Linux/Exploit-TearDrop
    Linux/Exploit-OpenSSH
    Linux/Exploit-Nhttpd
    Linux/Exploit-Modgz
    Linux/Exploit-SSPing
    Linux/Exploit-Openssl
    Linux/Exploit-Imspd
    Linux/Exploit-Rsync
    Exploit-ContentType
    Linux/Exploit-Apache
    Linux/Exploit-Gildo
    Exploit-ScriptNull
    Exploit-ExeHTML
    Linux/Exploit-Su
    Exploit-CTCalendar
    Linux/Exploit-Vertex
    Exploit-MS04-028
    W97M/Exploit-JPEG
  Generic (8)
    APStrojan.gen18
    BackDoor-AGS.gen
    PWS-Bancban.gen.b
    PWS-Bancos.gen.c
    AFXrootkit.gen.b
    BackDoor-QY.gen
    BackDoor-BAC.gen
    AFXrootkit.gen
  HTML document (1)
    BackDoor-AXJ.htm
  Password (3)
    PWS-Bancos
    PWS-LDPinch
    HTML/Ebscam
  Password Stealer (3)
    PWS-QQDrag
    PWS-IN
    PWS-Trigi
  Plugin component (1)
    BackDoor-Sub7.plugin
  Proxy (1)
    Proxy-FBSR
  Remote Access (15)
    BackDoor-AXJ
    BackDoor-AZV
    Backdoor-AFC
    BackDoor-BAC
    BackDoor-Sub7
    BackDoor-N
    BackDoor-QY
    BackDoor-AZV.gen
    BackDoor-CJY
    BackDoor-CGR
    BackDoor-OR
    BackDoor-CJG
    BackDoor-CFY
    BackDoor-CKF
    BackDoor-CJN
  Script (2)
    Univ.script/99a
    JS/Zerolin
  Server (1)
    BackDoor-CJE.svr
  Settings Change (2)
    Startpage-N
    StartPage-G
  Spyware (1)
    Keylog-Perfect.dr
  StartPage (36)
    StartPage-CM
    StartPage-AM
    StartPage-AK
    StartPage-AH
    StartPage-S
    StartPage-P
    StartPage-J
    StartPage-D
    StartPage-AL
    StartPage-AJ
    StartPage-AE
    StartPage-X
    StartPage-R
    StartPage-O
    StartPage-L
    StartPage-I
    StartPage-E
    StartPage-AZ
    StartPage-Z
    StartPage-BE
    StartPage-BD
    StartPage-BH
    StartPage-BM
    StartPage-BY
    StartPage-BV
    StartPage-BU
    StartPage-BZ
    StartPage-EK
    StartPage-EL
    StartPage-EO
    StartPage-EV
    StartPage-EZ
    StartPage-DY
    StartPage-DE
    StartPage-DC
    StartPage-FA
  Win32 (12)
    Generic VB
    Generic Downloader.a
    HackerDefender
    Generic Delphi
    Generic Downloader.c
    IRC-Sdbot
    Generic PWS.f
    Generic Downloader.f
    Generic StartPage.c
    DDoS-Boxed
    Generic Downloader.h
    Generic PWS.k
Virus (170)
   (29)
    Eternal-Blaze
    Helloween.2470a
    Doctor-John.2000
    Flip dr
    Beethoven.2752
    Dalian.1437
    Dalian.1367
    Dark-Apocalypse
    SunDevil.690
    Crazy-Imp.1402a
    Dark-Apoc.1016c
    Dark-Revenge.1024
    MPC.778
    Metal.500
    Katies
    Dark-Thoughts.6144
    Dark-Paranoid.a
    Dark-Matter.3032
    Dark-End.1188
    Dark-Angel.3250
    Crazy-Imp.1445b
    MrRat.1278
    Dark-Paranoid.b
    Dark-Matter.3252
    Dark-Matter
    Crazy-Punk.500
    Crazy-Imp.1445a
    Crazy-Imp.1402c
    Crazy-Imp.1402b
  Damaged (5)
    W32/Netsky.q.dam
    W32/Netsky.c.dam
    Neko.dam
    W32/Netsky.p.dam
    W32/Netsky.d.dam
  Damaged Worm (2)
    W32/Protoride.worm.dam
    W32/Sdbot.worm.dam
  Dropper (4)
    Univ/j.dr
    Phoenix.dr
    Dark-Paranoid.dr
    Bat/Mumu.dr
  E-mail (13)
    W32/Netsky.w@MM
    W32/Netsky.q@MM
    W32/Netsky.u@MM
    W32/Netsky.g@MM
    W32/Netsky.l@MM
    W32/Dumaru.ad@MM
    W32/Netsky.k@MM
    W32/NetSky.h@MM
    W32/Netsky.v@MM
    W32/Netsky.y@MM
    W32/Netsky.z@MM
    W32/Netsky.ab@MM
    W32/Netsky.ag@MM
  E-mail worm (11)
    W32/Netsky.n@MM
    W32/Dumaru.y@MM
    W32/Netsky.j@MM
    W32/Netsky.o@MM
    W32/Netsky.x@MM
    W32/Netsky.e@MM
    W32/Netsky.f@MM
    W32/Netsky.d@MM
    W32/Netsky.ac@MM
    W32/Bagz.d@MM
    W32/Bagz.e@MM
  Email (27)
    W32/Dumaru.aa@MM
    W32/Dumaru.z@MM
    W32/Netsky.q@MM!zip
    W32/Netsky.n@MM!zip
    W32/Netsky.b@MM!zip
    W32/Dumaru.af@MM
    W32/Netsky.p@MM!zip
    W32/Netsky.c@MM!zip
    W32/Netsky.a@MM!zip
    W32/Dumaru.ab@MM
    W32/Dumaru.ag@MM
    W32/Dumaru.ae@MM
    W32/Netsky.z@MM!zip
    W32/Dumaru.ah@MM
    W32/Netsky.ad@MM
    W32/Netsky.ag@MM!zip
    W32/Bagz.a@MM
    W32/Dumaru.av@MM
    W32/Netsky.af@MM
    W32/Zafi.a@MM
    W32/Zafi.b@MM
    W32/Dumaru.al@MM
    W32/Dumaru.ak@MM
    W32/Dumaru.aj@MM
    W32/Bagz.c@MM
    W32/Bagz.b@MM
    W32/Dumaru.ai@MM
  Email Generic (2)
    W32/Netsky.gen@MM
    W32/Bagz.gen@MM
  Email Worm (1)
    W32/Netsky.aa@MM
  File Infector (13)
    ECW.570
    Ienez.1428
    Kato.1569
    Matura
    Mirage
    Oops.600
    Phoenix
    Shark
    Skater
    Xak.3132
    Zp.503
    Dashel.1804
    ACCEPT
  Generic (1)
    W32/Zafi.gen
  Generic Worm (17)
    W32/Sdbot.worm.gen
    W32/Gaobot.worm.gen.f
    W32/Gaobot.worm.gen.e
    W32/Sdbot.worm.gen.w
    W32/Spybot.worm.gen.f
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.m
    W32/Sdbot.worm.gen.k
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.x
    W32/Sdbot.worm.gen.y
    W32/Sdbot.worm.gen.u
    W32/Sdbot.worm.gen.t
    W32/Sdbot.worm.gen.p
    W32/Gaobot.worm.gen.h
  Heuristic (1)
    New Malware.b
  Internet Worm (4)
    W32/Netspree.worm
    W32/Sdbot.worm
    W32/Gaobot.worm.ali
    W32/Gaobot.worm.gen.q
  Malware Tool (1)
    Dark-Slick.kit
  mIRC Worm (1)
    W32/Protoride.worm
  multipartite (9)
    Flip.mp.2153c
    Flip.mp.2153a
    Flip.mp.2351
    Flip.mp.2153d
    Flip.mp.2153b
    Flip.mp.2365a
    Flip.mp.2343a
    Flip.mp.2365b
    Flip.mp.2343b
  Parasitic (3)
    W32/HLLP.20606b
    W32/HLLP.20606a
    W32/HLLP.8920
  Peer To Peer Worm (1)
    W32/Losiram.worm!p2p
  Universal (4)
    Univ/f
    Univ/a
    Univ/j
    Univ.prepend
  VbScript (1)
    New Script
  Win32 (16)
    New Win32
    W32/Generic.d
    W32/Dumaru.ax
    W32/Dumaru.ay
    W32/Dumaru.ba
    W32/Dumaru.aw
    W32/Dumaru.bb
    W32/Dumaru.au
    W32/Dumaru.as
    W32/Dumaru.ar
    W32/Dumaru.aq
    W32/Dumaru.ap
    W32/Dumaru.ao
    W32/Dumaru.an
    W32/Dumaru.am
    W32/Generic.Delphi
  Worm (4)
    BAT/Mumu.worm
    W32/Tinny.worm
    W32/Dedler.worm
    W32/Myfip.worm