McAfee Threat Center

Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version	4407
DAT Release Date	11/17/2004
Threats Detected	107936
New Detections	119
Enhanced Detections	439

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name	Corporate Risk Assessment	Home Risk Assessment
W32/Golten.worm	Low-Profiled	Low-Profiled

New Detections:

Internet Worm (1)

Exploit (1)

W32/Cran.worm.a

Program (23)

(12)

Tool Source/crh2d

Tool Source/crh2c

Generic Downloader.l

Demonstration (1)

Dialer (1)

Generic (2)

Dialer-RAS.do.gen

Dialer-RAS.dq.gen

Joke (1)

Keylogger (1)

Keylog-Examinator

ProcKill (1)

ProcKill-KnlKillP

Tool (4)

HTool-CrackSearch

Trojan (49)

(1)

SID

- (1)

Application extension (1)

BackDoor-ASB.b.dll

Disk erasing (1)

QZap368

Downloader (11)

Prutec

Downloader-DA.js

Downloader-BW.i

Dropper (3)

Downloader-SH.dr

StartPage-FO.dr

Downloader-SB.dr

Generic (1)

QLowZones-7.gen

Internet Relay Chat (1)

Macro (1)

Malware Tool (1)

Password Stealer (1)

PWS-RemotePassSteal

Proxy (1)

Remote Access (9)

Script (4)

Spam (1)

Spam-SMS.Vlasof

StartPage (5)

StartPage-DU!reg

Win32 (6)

Sevenma

Hitnrun

Beagooz

Del-461

AmStub

Virus (46)

(1)

Dine.240

Application extension (1)

W32/Mydoom.ae.dll

Application extension Worm (1)

W32/Goalweb.worm.dll

Companion (2)

HLL.cmp.Dope.txt

Damaged (1)

W32/Crosser.dam

Dropper (1)

Email (3)

W32/Mydoom.aa@MM

W32/Scrambler.q@MM

Email Generic (1)

W32/Dilbert.gen@MM

Exploit (1)

Exploit-MS04-11

Generic (1)

W32/Neklace.gen

Generic Worm (1)

W32/Eyeveg.worm.gen

Intended (1)

Internet Worm (1)

W32/Golten.worm

Overwriting (2)

Parasitic (2)

Peer To Peer (3)

W32/Nocturnal!p2p

Peer To Peer Worm (1)

W32/Xoxo.worm!p2p

Script (3)

Win32 (10)

W32/NGVCK.a.3989

W32/NGVCK.a.3818

W32/NGVCK.a.3888

W32/NGVCK.a.3746

W32/IntTest.txt

Worm (9)

W16/Splitter.worm

W32/Korgo.worm.ag

W32/Hitasin.worm

W32/Cran.worm.a!ftp

W32/Cran.worm.a!bat

W32/Eyeveg.worm.e

Enhanced Detections:

Internet Worm (5)

- (1)

W32/Mydoom.p@MM

E-mail (2)

W32/Mydoom.u@MM

W32/Mydoom.v@MM

P2P Worm (1)

W32/Generic.worm!p2p

VbScript (1)

Malware (1)

Exploit (1)

Exploit-CodeBase

Program (154)

(4)

Tool Source/crh2b

- (5)

Free-Scratch-Cards

MotherboardMonitor

Adware (14)

Adware-PortalScan

Adware-RBlast.dldr

ClearSearch.dldr

Downloader-GoldCas

Adware-Searchcentrix

Application extension (9)

Adware-Apropos.dll

Adware-RBlast.dll

Clearsearch.dll

Keylog-Syshsti.dll

Keylog-Kana.dll

Keylog-GSmon.dll

Dialer-Generic.dll

Configurator (1)

HTool/Exp-MS04-028

Dialer (12)

Downloader (10)

PosX

Adware-POP.dldr

Downloader-EAccel

Adware-Lop.dldr

Dropper (1)

HTool/HBTool.dr

Generic (18)

Dialer-RAS.bw.gen

Dialer-RAS.bb.gen

Dialer-RAS.bd.gen

Dialer-RAS.v.gen

Dialer-RAS.cl.gen

Dialer-RAS.d.gen

Dialer-RAS.at.gen

Dialer-RAS.ax.gen

Dialer-RAS.bo.gen

Dialer-RAS.cc.gen

Dialer-RAS.ck.gen

Keylog-Perfect.gen

Dialer-RAS.cx.gen

Dialer-RAS.cz.gen

Dialer-RAS.dk.gen

Dialer-RAS.dl.gen

Dialer-RAS.dm.gen

Dialer-RAS.dd.gen

Internet Relay Chat (1)

Joke (12)

Joke-ScreenMates

Joke-MouseShoot

Joke-MessageMate

Joke-StressRelief

Joke-IconScroll

Keylogger (3)

Malware Tool (30)

HTool/AFXSynScan

HTool/AOSFlooder

Htool/Yallstarts

HTool/GetInjectProc

HTool/Exp-MS04-032!gdi

HTool/Exp-MS04-028.b

HTool/Scan-MS04-011

PornDialer (1)

Process (1)

ProcKill (2)

Proxy (1)

Spyware (3)

Keylog-Kiirogaa

Keylog-KeyLoggerJ

Tool (9)

Linux/Vtool-Infelf

Tool-AngelsRevenge

Linux/Tool-Elfwrsec

Win32 (17)

Renamed mIRC Client

HideExec

Packed mIRC Client

PtWebdav

Antipol

Medload

Xwxload

RemAdm-RemoteAdmin

RemAdm-ProcLaunch

Remote Shutdown

EggDrop

Trojan (140)

(4)

Phish-BankFraud.eml

Generic Downloader.e

AOL Password (1)

Application extension (8)

BackDoor-BAC.dll

StartPage-DU.dll

Client (1)

BackDoor-SA.cli

Configurator (1)

Demonstration (1)

Exploit-IframeBO.demo

Denial Of Svc (4)

Linux/DDoS-Kaiten

Downloader (9)

JS/Cisp

PWS-Bancban.dldr

Dropper (11)

IRC/Flood.gen.dr

IRC/Flood.ba.dr

IRC-Smallfeg.dr

BackDoor-CKR.dr

BackDoor-CJV.dr

Dropper Generic (1)

IRC-Sdbot.dr.gen

Exploit (16)

Exploit-DcomRpc

Exploit-MS03-043

Exploit-ByteVerify

Linux/Exploit-SendMail

Exploit-MhtRedir.gen

Linux/Rpcmountd

Linux/Exploit-Statdx

Linux/Exploit-Su

Linux/Exploit-Woot

Exploit-MS03-043.DoS

Exploit-MS04-011

Exploit-IframeBO!shellcode

Exploit-MhtRedir

File deleting (3)

QDel369

QDel167

QDel174

Generic (6)

APStrojan.gen18

Exploit-CodeBase.gen

IRC/Flood.gen.c

StartPage-AI.gen

BackDoor-BAC.gen

QLowZones-2.gen

Generic Plugin component (1)

Orifice2K.plugin.gen

Internet Relay Chat (9)

IRC-FK

IRC/Flood.o.hidewin

Linux (14)

Linux/Flooder.pong

Linux/IISattack

Linux/Cyberpaul

Linux/Backoor-Excedoor

Linux/Godog.lnk

Malware Tool (2)

Linux/Rootkit-B

mIRC client (1)

IRC/Flood.o.mirc

Password (3)

Password Stealer (2)

Plugin component (4)

Orifice2K.plugin.butt

Orifice2K.plugin.des

Orifice2K.plugin.peep

Remote Access (12)

Linux/BackDoor-ssl

Script (4)

Univ.script/99a

Bat/TTDK

Downloader-QB.bat

StartPage (1)

StartPage-CQ.gen

Win31 (5)

Win32 (16)

Generic Downloader.a

Generic BackDoor.b

Generic Downloader.c

Perniw

Vundo

Virus (139)

Application extension (8)

W32/Mydoom.a.dll

W32/Mydoom.b.dll

W32/Mydoom.e.dll

W32/Mydoom.f.dll

W32/Mydoom.h.dll

W32/Mydoom.g.dll

W32/Mydoom.k.dll

Application extension Worm (2)

W32/Spybot.worm.dll

W32/Korgo.worm.ae.dll

Boot dropper (1)

BtDr.Wyx

Damaged Worm (2)

W32/Spybot.worm.dam

W32/Sdbot.worm.dam

Dropper (3)

Dropper Worm (1)

W32/Dedler.worm.dr

E-mail (7)

W32/Mydoom.b@MM

W32/Mydoom.h@MM

W32/Mydoom.e@MM

W32/Mydoom.o@MM

Exploit-MIME.gen

W32/Mydoom.ah@MM

W32/Mydoom.k@MM

E-mail worm (5)

W32/Generic.a@MM

W32/Mydoom.g@MM

W32/Mydoom.f@MM

W32/Mydoom.z@MM

W32/Mydoom.ab@MM

Email (10)

W32/Mydoom.i@MM

W32/Mydoom.j@MM

W32/Mydoom.ag@M

W32/Mydoom.x@MM

W32/Mydoom.w@MM

W32/Mydoom.a@MM

W32/Mydoom.m@MM

W32/Mydoom.l@MM

Email Generic (3)

W32/Lohack.gen@MM

JS/Fortnight.gen@M

W32/Mydoom.gen@MM

Email Worm (1)

W32/Mydoom.r@MM

File Infector (1)

Generic (4)

Exploit-MIME.gen.exe

Exploit-DcomRpc.g.gen

W32/Mydoom.gen!eml

Generic Overwriting (1)

W32/Swog.ow.gen

Generic Peer To Peer (1)

W32/Antinny.gen!p2p

Generic Worm (20)

W32/Sdbot.worm.gen

W32/Spybot.worm.gen.e

W32/Gaobot.worm.gen.g

W32/Gaobot.worm.gen.f

W32/Gaobot.worm.gen.e

W32/Sdbot.worm.gen.w

W32/Spybot.worm.gen.i

W32/Spybot.worm.gen.f

W32/Sdbot.worm.gen.n

W32/Sdbot.worm.gen.l

W32/Sdbot.worm.gen.j

W32/Sdbot.worm.gen.h

W32/Sdbot.worm.gen.k

W32/Sdbot.worm.gen.i

W32/Sdbot.worm.gen.x

W32/Sdbot.worm.gen.y

W32/Sdbot.worm.gen.z

W32/Sdbot.worm.gen.t

W32/Korgo.worm.gen

W32/Sdbot.worm.gen.p

Internet Worm (2)

W32/Mydoom.s@MM

W32/Gaobot.worm.gen.q

Open Share Worm (1)

W32/Eyeveg.worm.c

Peer To Peer (1)

Universal (1)

Univ/j

Win32 (54)

W32/NGVCK.a.7397

W32/NGVCK.a.8809

W32/NGVCK.a.4768

W32/NGVCK.a.2404

W32/NGVCK.a.2280

W32/NGVCK.a.1365

W32/NGVCK.a.2389

W32/NGVCK.a.4907

W32/NGVCK.a.3072a

W32/NGVCK.a.1934

W32/NGVCK.a.3560

W32/NGVCK.a.2522/2537

W32/NGVCK.a.2342

W32/NGVCK.a.2218

W32/NGVCK.a.2754

W32/NGVCK.a.9412

W32/NGVCK.a.1947

W32/NGVCK.a.1416

W32/NGVCK.a.3072b

W32/NGVCK.a.1988

W32/NGVCK.a.2092

W32/NGVCK.a.2651

W32/NGVCK.a.1056

W32/NGVCK.a.2751

W32/NGVCK.a.9632

W32/NGVCK.a.1107

W32/NGVCK.a.1700

W32/NGVCK.a.3146

W32/NGVCK.a.3250

W32/NGVCK.a.1455

W32/NGVCK.a.3427

W32/NGVCK.a.5216

W32/NGVCK.a.1364

W32/NGVCK.a.2522

W32/NGVCK.a.926

W32/NGVCK.a.1352

W32/NGVCK.a.2266

W32/NGVCK.a.919

W32/NGVCK.a.1840

W32/NGVCK.a.968

W32/NGVCK.a.5675

W32/NGVCK.a.1222

W32/NGVCK.a.2712

W32/NGVCK.a.2134

W32/Generic.Delphi

Worm (10)

W32/Eyeveg.worm.b

W32/Eyeveg.worm.a

W32/Goalweb.worm.a

W32/Goalweb.worm.b

W32/Dedler.worm

W32/Korgo.worm.ae

W32/Mydoom.t@MM

W32/Spybot.worm

W32/Eyeveg.worm.d