Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4410
DAT Release Date 11/24/2004
Threats Detected 108973
New Detections 98
Enhanced Detections 292

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
W32/Anzae.worm.a Low-Profiled Low-Profiled
W32/Anzae.worm.c Low-Profiled Low-Profiled
W32/Yanz.b@MM Low-Profiled Low-Profiled
W32/Anzae.worm.b Low-Profiled Low-Profiled

New Detections:

Program (21)
   (9)
    Picture-Shmeit
    Picture-Harmony
    VSource/crh99
    VSource/crh98
    Tool Source/crh3
    VSource/crh3
    VMag/crh3
    VMag68
    VMag51
  Adware (3)
    Adware-SearchAssist
    Adware-WinAd
    Adware-WhenU
  Dialer (3)
    Dialer-232
    Dialer-233
    Dialer-231
  Dropper (1)
    Adware-WhenU.dr
  Joke (2)
    Joke-Beeper
    JS/Joke-Alert
  Linux (1)
    Linux/PortScan-RS
  Proxy (1)
    Proxy-Void
  Win32 (1)
    Sniff-DaSniff
Trojan (50)
   (1)
    AdClicker-BN
  Application extension (2)
    PWS-Dearis.dll
    PWS-Banker.c.dll
  Downloader (8)
    BackDoor-CLK
    StartPage-FQ.dldr
    Downloader-SP
    Downloader-SO
    Downloader-SN
    Downloader-SK
    Downloader-SJ
    Downloader-SI
  Dropper (6)
    MultiDropper-LV
    PWS-Ilg.dr
    StartPage-EH.dr
    AdClicker-AS.dr
    PWS-Banker.c.dr
    BackDoor-CAY.dr
  Flooder (1)
    IRC/FDoS-DccFer
  Generic Worm (1)
    W32/Sdbot.worm.gen.aa
  Malware Tool (1)
    IRC/Nuke-Mmmbop
  Password Stealer (4)
    PWS-IMTheef
    PWS-Banker.c
    PWS-Nanatubi
    PWS-Dearis
  PDA Device (1)
    SymbOS/Skulls.a
  Peer To Peer (1)
    W32/Emslip!p2p
  Remote Access (3)
    BackDoor-CLL
    BackDoor-CLJ
    Linux/BackDoor-Login
  Script (7)
    Bat/lod
    Bat/dt136
    Bat/qz141
    Bat/knlk
    HackerDefender.bat
    Divvad
    PWS-Bancban.reg
  Source code (1)
    Exploit-MS04-011.src
  StartPage (3)
    StartPage-FQ
    StartPage-FP
    StartPage-FR
  Tool (3)
    Tool-mIRC
    Tool-HideWindow
    Tool-PSI
  Win32 (6)
    Uploader-U
    QFav-1
    Tombox
    AddUser-D
    AdClicker-BO
    AdClicker-BM
  Worm (1)
    Linux/Samhain.worm
Virus (27)
   (1)
    PP3
  Application extension (1)
    W32/Mydoom.an.dll
  Boot dropper (1)
    BtDr.Stealth
  Companion (1)
    W32/HLL.cmp.3072
  Dropper (2)
    VBS/LoveLetter.dr
    W32/Rous.a.dr
  E-mail (1)
    W32/Anzae.worm.a
  E-mail worm (3)
    W32/Anzae.worm.d
    W32/Yanz.b@MM
    W32/Anzae.worm.b
  Email (2)
    W32/Scrambler.r@MM
    W32/Mydoom.an@MM
  Email Generic (1)
    W32/Yanz.gen@MM
  Email Worm (1)
    W32/Anzae.worm.c
  Generic Worm (3)
    W32/Sdbot.worm.gen.ab
    W32/Anzae.worm.gen
    W32/Datom.worm.gen
  Parasitic (1)
    W32/HLLP.Philis.f
  Script (3)
    VBS/Yeno.b!htm
    VBS/Yeno.c!htm
    VBS/Yanz.b
  Source code (1)
    ABAP/Rivpas.a.src
  Win32 (4)
    W32/Polybot.cb
    W32/Darro.hlp
    W32/Josam
    W32/Darro
  Worm (1)
    W32/Myfip.worm.k

Enhanced Detections:

Internet Worm (3)
  E-mail (2)
    W32/Bagle.gen@MM
    W95/Troodon@M
  VbScript (1)
    VBS/Generic@MM
Malware (2)
  - (1)
    ByWeird
  Exploit (1)
    Exploit-CodeBase
Program (47)
   (7)
    Tool Source/crh1
    VMag/crh2a
    Tool Source/crh2b
    Tool Source/crh2d
    VSource/crh2d
    VMag/crh2d
    VSource/crh1
  - (2)
    PrcView
    Dialer-RAS.a.gen
  Adware (19)
    Adware-NetPals
    Adware-BrowserAid
    Adware-ISTbar.b
    Adware-180Solutions
    Adware-BDE
    Adware-Cydoor
    Adware-BetterInet
    Adware-CWS
    Adware-PornKings
    Adware-BuddyLinks
    Adware-Adsincontext
    Adware-IESearchBar
    Adware-CnsMin
    Adware-2020Search
    Adware-IEDriver
    Adware-Zipclix
    Adware-PerfectNav
    Uploader-R
    Adware-BkdSpace
  Application extension (1)
    Dialer-Generic.dll
  Demonstration (1)
    Demo-Fogazzi
  Dialer (2)
    Dialer-185
    Dialer-Generic.b
  Downloader (2)
    Adware-Xupiter.dldr
    Uploader-R.dldr
  Dropper (2)
    Adware-BetterInet.dr
    Adware-BkdSpace.dr
  Generic (1)
    Dialer-RAS.dd.gen
  HTTP/FTP Trans. (1)
    SlimFTP
  Password (1)
    PWDump
  PornDialer (1)
    Dialer-Generic
  ProcKill (1)
    ProcKill-KnlKillP
  Remote Access (1)
    ServU-Daemon
  Spyware (1)
    Spyware-SafeSurf
  Tool (1)
    Tool-Xscan
  Win32 (3)
    SrvAny
    RemAdm-ProcLaunch
    Generic HTool.a
Trojan (153)
   (9)
    Generic BackDoor.d
    AdClicker-AT
    AdClicker-AS
    AdClicker-AW
    AdClicker-AV
    Phish-BankFraud.eml
    AdClicker-BF
    AdClicker-BE
    Generic Downloader.e
  - (3)
    AdClicker-O
    IRC/Flood.bi
    StartPage-B
  Application extension (3)
    CoreFlood.dll
    Spy-Tofger.dll
    W32/Dumaru.dll
  Configuration settings (2)
    HackerDefender.ini
    ServU.ini
  Downloader (8)
    Downloader-GR
    Downloader-EA
    Downloader-NI
    Prutec
    Downloader-RK
    Downloader-LV
    Downloader-LF
    Downloader-PZ
  Dropper (6)
    CoreFlood.dr
    MultiDropper-IY
    ByWeird.dr
    MultiDropper-JD
    Downloader-SH.dr
    Adclicker-AF.dr
  Exploit (4)
    Exploit-Sfind
    VBS/Psyme
    Exploit-MhtRedir.gen
    Exploit-NotFound
  Flooder (1)
    IRC/FDoS-DarkShark
  Generic (3)
    IRC/Flood.gen.b
    PWS-Bancos.gen
    BackDoor-QY.gen
  Internet Relay Chat (3)
    IRC/Generic Flooder
    IRC/Flood.dv
    IRC/Flood.cv
  Joke (1)
    ByWeird!joke
  Keylogger (1)
    Keylog-Jingt
  Password (3)
    PWS-Narod
    PWS-LegMir
    PWS-LDPinch
  Password Stealer (2)
    PWS-Banker
    PWS-Mifeng
  Proxy (1)
    Proxy-Agent.c
  Remote Access (20)
    BackDoor-AMQ
    BackDoor-AKM
    Linux/BackDoor-Cym
    Linux/BackDoor-Note.b
    Linux/BackDoor-Note.a
    Linux/BackDoor-Small
    BackDoor-AKJ
    Linux/BackDoor-Promptte
    BackDoor-QY
    BackDoor-AOZ
    BackDoor-AWV
    Linux/BackDoor-Regile
    Linux/BackDoor-Rooted
    BackDoor-CJV
    BackDoor-CJQ
    Linux/BackDoor-Oboy
    BackDoor-CFO
    Linux/BackDoor-Pulamea
    Backdoor-CEX
    BackDoor-CJI
  Script (4)
    IIS/BackDoor-ACE
    W32/Sdbot.bat
    Bat/qd137
    Bat/sdwn3
  Settings Change (2)
    Startpage-N
    StartPage-G
  Source code (1)
    BackDoor-ADN.src
  Spyware (1)
    Keylog-Perfect.dr
  StartPage (38)
    StartPage-CM
    StartPage-AM
    StartPage-AK
    StartPage-AH
    StartPage-S
    StartPage-P
    StartPage-J
    StartPage-D
    StartPage-AL
    StartPage-AJ
    StartPage-AE
    StartPage-X
    StartPage-R
    StartPage-O
    StartPage-L
    StartPage-I
    StartPage-E
    StartPage-AZ
    StartPage-Z
    StartPage-BE
    StartPage-BD
    StartPage-BH
    StartPage-BM
    StartPage-BY
    StartPage-BV
    StartPage-BU
    StartPage-BZ
    StartPage-DU!reg
    StartPage-EL
    StartPage-EO
    StartPage-EV
    StartPage-FI
    StartPage-EZ
    StartPage-DU!htm
    StartPage-DY
    StartPage-DE
    StartPage-DC
    StartPage-FA
  Win32 (37)
    Generic PWS.a
    AdClicker-AA
    AdClicker-V
    AdClicker-Q
    AdClicker-Y
    AdClicker-T
    AdClicker-N
    AdClicker-K
    Generic Downloader.a
    W32/Bagle.x!proxy
    Generic BackDoor.b
    HackerDefender
    AdClicker-AI
    Generic BackDoor.h
    AdClicker-J
    Generic Downloader.c
    AdClicker-L
    AdClicker-AE
    AddUser-C
    Generic Del
    Flystudio
    AddUser-B
    AddUser-A
    Generic PWS.f
    Generic BackDoor.g
    AdClicker-AK
    Generic Downloader.j
    Generic Downloader.k
    AdClicker-AL
    ZapChast
    QLowZones-2
    AdClicker-BA
    Generic Downloader.f
    QHosts-10
    DDoS-Boxed
    AdClicker-AN
    Generic QHosts.a
Virus (87)
  Damaged (3)
    W32/Sober.dam
    W32/Netsky.q.dam
    W32/Bagle.dam
  Damaged Worm (4)
    W32/Spybot.worm.dam
    W32/Gaobot.worm.dam
    W32/Protoride.worm.dam
    W32/Sdbot.worm.dam
  Dropper (2)
    HLLW.5680.drp
    W32/Pate.dr
  E-mail (5)
    W32/Bagle.b@MM
    W32/Bagle.j@MM
    W32/Bagle.k@MM
    W32/Bagle.af@MM
    W32/Bagle.ad@MM
  E-mail worm (10)
    W32/Bagle.n@MM
    W32/Bagle.p@MM
    W32/Bagle.q@MM
    W32/Bagle.t@MM
    W32/Bagle.u@MM
    W32/Bagle.c@MM
    W32/Bagle.r@MM
    W32/Bagle.s@MM
    W32/Bagle.aa@MM
    W32/Bagle.ah@MM
  Email (3)
    W32/Bagle.al@MM
    W32/Bagle.a@MM
    W32/Yanz.a@MM
  Email Generic (2)
    W32/Mydoom.gen@MM
    W32/Bagle.gen@MM!pwdzip
  Generic (3)
    VBS/Yeno.gen
    W32/Mydoom.gen!eml
    W32/Sdbot.gen.r
  Generic Worm (21)
    W32/Sdbot.worm.gen
    W32/Spybot.worm.gen.e
    W32/Gaobot.worm.gen.g
    W32/Gaobot.worm.gen.f
    W32/Gaobot.worm.gen.e
    W32/Sdbot.worm.gen.w
    W32/Spybot.worm.gen.f
    W32/Gaobot.worm.gen.l
    W32/Sdbot.worm.gen.n
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.k
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.x
    W32/Sdbot.worm.gen.y
    W32/Sdbot.worm.gen.u
    W32/Sdbot.worm.gen.t
    W32/Sdbot.worm.gen.p
    W32/Gaobot.worm.gen.h
    W32/Randon.worm.gen
  Intended (4)
    ABAP/Rivpas.d.intd
    ABAP/Rivpas.b.intd
    ABAP/Rivpas.c.intd
    ABAP/Rivpas.a.intd
  Internet Worm (4)
    W32/Sdbot.worm
    W32/Bagle.d@MM
    W32/Gaobot.worm.ali
    W32/Gaobot.worm.gen.q
  mIRC Worm (1)
    W32/Protoride.worm
  Parasitic (4)
    W32/HLLP.Philis.d
    W32/HLLP.Philis.c
    W32/HLLP.Philis.b
    W32/HLLP.Philis.a
  VbScript (1)
    New Script
  VBScript worm (1)
    VBS/Redlof@M
  Win32 (15)
    W32/Bagle.o!proxy
    W32/Bagle.aj!proxy
    W32/Flatei
    W32/Rous.b
    W32/Rous.c
    W32/Rous.a
    W32/Rous.d
    W32/Nichtse
    W32/Generic.d
    W32/Bagle.an
    W32/Bagle.z
    W32/Bagle.ao
    W32/Zelly
    W32/Rous.e
    W32/Generic.Delphi
  Worm (4)
    W32/Generic.worm.b
    W32/Dedler.worm
    W32/Myfip.worm.h
    W32/Myfip.worm.g