Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4416
DAT Release Date 12/22/2004
Threats Detected 111283
New Detections 110
Enhanced Detections 283

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
Exploit-phpBB!hilight Low-Profiled Low-Profiled

New Detections:

Program (20)
   (7)
    Tool/W311
    Redirected HOSTS
    FastSearchWeb
    CRH9
    CRH8
    CRH7
    CRH6
  Application extension (2)
    Adware-Ezula.dll
    Adware-CommonName.dll
  Dialer (2)
    Dialer-236
    Dialer-235
  Downloader (2)
    Downloader-TF
    Downloader-KL!mem
  Dropper (4)
    Adware-Ezula.dr
    Adware-CommonName.dr
    Adware-BHO.dr
    Cometsystems.dr
  Internet Relay Chat (1)
    Tool-IRC.XDCC
  Unix (1)
    Linux/Portscan
  Win32 (1)
    Generic PWCrack
Trojan (35)
   (1)
    SWF/Stob
  Application extension (5)
    Ruscrem.dll
    AdClicker-BV.dll
    AdClicker-BU.dll
    PWS-Lineage.dll
    BackDoor-CMF.dll
  Downloader (6)
    Downloader-TI
    Downloader-TH
    Downloader-TG
    Downloader-TE
    Downloader-TD
    Downloader-TB.eml
  Dropper (5)
    MultiDropper-MA
    MultiDropper-LZ
    MultiDropper-LY
    Exploit-MS04-028.dr
    BackDoor-CMF.dr
  Exploit (3)
    Exploit-IEPageSpoof
    JS/Exploit-ClassName
    Exploit-MS04-043
  Generic (1)
    PWS-Bancban.gen.f
  Password Stealer (3)
    PWS-Melp
    PWS-Lineage
    PWS-Kronos
  Remote Access (4)
    BackDoor-CMF
    BackDoor-CME
    BackDoor-CMD
    ASP/Backdoor-CMD
  StartPage (3)
    StartPage-FX
    StartPage-FW!chm
    StartPage-FW
  Win32 (4)
    QLowZones-9
    Del-463
    Generic MultiDropper.b
    AdClicker-BV
Virus (55)
   (4)
    SymbOS/Skulls.c
    SymbOS/Cabir.g
    SymbOS/Cabir.f
    HLLT.6176.b
  Application extension (1)
    W32/HLLP.Philis.dll
  Application extension Worm (1)
    W32/Banwor.worm.dll
  Companion (1)
    W32/Lingak.cmp
  Dropper (6)
    Linux/Binom.dr
    W32/Seppuku.l.dr
    W32/Mansi.b.dr
    W32/Mansi.a.dr
    W32/Dref.b.dr
    W32/Dref.a.dr
  E-mail (1)
    W32/Atak.j@MM
  E-mail worm (1)
    W32/Mugly.c@MM
  Email (5)
    W32/Tex.a@MM
    W32/Kipis.a@MM
    W32/Dref.b@MM
    W32/Dref.a@MM
    W32/Breacuk.a@MM
  Email Generic (4)
    W32/Tex.gen@MM
    W32/Mugly.gen@MM
    W32/Delanab.gen@MM
    W32/Breacuk.gen@MM
  Generic (3)
    Ruby/Pydox.gen
    W32/Recur.gen
    W32/Bizac.gen
  Generic Worm (2)
    W32/Leox.worm.gen.gen
    W32/Anav.worm.gen
  Internet Worm (1)
    Exploit-phpBB!hilight
  Linux (1)
    Linux/Binom
  Parasitic (4)
    W32/HLLP.Hantaner
    W32/HLLP.Philis.j
    W32/HLLP.Iams
    W32/HLLP.17920
  Peer To Peer (2)
    W32/Tibick!p2p
    W32/Bible!p2p
  Script (2)
    VBS/Yksk
    VBS/Sorpe!reg
  Win32 (9)
    W32/Polybot.cc
    W32/Tute
    W32/Seppuku.l
    W32/Recur!vbs
    W32/Novelce.b
    W32/Novelce.a
    W32/Mugly!hosts
    W32/Mansi.b
    W32/Mansi.a
  Win9x (3)
    W95/Gremo.c
    W95/Gremo.b
    W95/Gremo.a
  Worm (4)
    W32/Oddbob.worm
    W32/Magna.worm
    W32/HLLP.Hantaner.e.worm
    W32/Anav.worm.c

Enhanced Detections:

Internet Worm (9)
  E-mail (2)
    W32/Mydoom.u@MM
    W32/Mydoom.v@MM
  E-mail worm (6)
    W32/Netsky.i@MM
    W32/Netsky.b@MM
    W32/Netsky.t@MM
    W32/Netsky.s@MM
    W32/Netsky.c@MM
    W32/Netsky.a@MM
  P2P Worm (1)
    W32/Generic.worm!p2p
Malware (1)
  Exploit (1)
    Exploit-CodeBase
Program (21)
   (2)
    CRH3c
    CRH5
  - (1)
    Proxy-OSS
  Adware (4)
    Adware-CommonName
    Adware-BB
    Adware-FriendXMS
    Uploader-R
  Dialer (1)
    Dialer-185
  Downloader (3)
    Proxy-OSS.dldr
    Downloader-TC
    Uploader-R.dldr
  Dropper (3)
    Uploader-R.dr
    Vundo.dr
    Keylog-Ardamax.dr
  PornDialer (1)
    Dialer-Generic
  Spam (1)
    Adware-Ezula
  Spyware (1)
    Spyware-WebHancer
  Tool (1)
    Crack-DTNetscan
  Win32 (3)
    HideExec
    HiddenRun
    RemAdm-RemoteAdmin
Trojan (70)
   (2)
    Generic BackDoor.d
    Phish-BankFraud.eml
  - (1)
    IRC/Flood.mirc
  Application extension (5)
    BackDoor-BAE.dll
    AdClicker-AU.dll
    W32/Dumaru.dll
    BackDoor-CCL.dll
    AdClicker-AF.dll
  Application extension Generi (1)
    Keylog-Jingt.dll.gen
  Downloader (7)
    VBS/Zerolin
    Downloader-NI
    Downloader-RU
    Downloader-TA.dll
    PWS-LDPinch.ldr
    Downloader-TB
    Downloader-QT
  Downloader Generic (1)
    W32/Bagle.dldr
  Dropper (5)
    PWS-Bancos.dr
    IRC/Flood.gen.dr
    PWS-Bancban.dr
    BackDoor-CJV.dr
    AdClicker-AF.dr
  Dropper Generic (1)
    IRC-Sdbot.dr.gen
  Exploit (4)
    Exploit-DcomRpc
    VBS/Psyme
    Exploit-MS04-022
    Exploit-1Table
  Generic (2)
    Exploit-URLSpoof.gen
    PWS-Bancban.gen.c
  Generic Worm (1)
    W32/Sdbot.worm.gen.aa
  Internet Relay Chat (1)
    IRC/Generic Flooder
  JavaScript (1)
    JS/CardStealer
  Malware Tool (1)
    Kit-Kagra
  Password (5)
    PWS-Bancos
    PWS-LegMir
    PWS-QQPass
    PWS-Watsn
    PWS-LDPinch
  Password Stealer (2)
    PWS-LDPinch!chm
    PWS-Vipgsm
  PDA Device (2)
    SymbOS/Skulls.a
    SymbOS/Skulls.b
  Proxy (5)
    Proxy-FBSR
    Proxy-Corpse
    Proxy-Agent.c
    Proxy-Malxa
    Proxy-Piky
  Remote Access (7)
    BackDoor-AZV
    Backdoor-AQK
    BackDoor-CCL
    BackDoor-AWQ.b
    BackDoor-AOZ
    BackDoor-CLL
    BackDoor-CJV
  Script (2)
    Univ.script/99a
    W32/Sdbot.bat
  Spyware (1)
    Keylog-Perfect.dr
  Tool (1)
    Tool-Xscan
  Trojan (1)
    HotWorld
  Win32 (11)
    Generic Downloader.c
    Generic BackDoor.e
    Ruscrem
    Nanif
    AdClicker-BM
    QLowZones-2
    QLowZones-3
    AdClicker-AU
    DDoS-Boxed
    Generic Downloader.h
    Generic BackDoor.n
Virus (182)
   (2)
    Avalanche
    HLLT.6176
  - (1)
    W32/Bagle.bc@MM
  Damaged (7)
    W32/Sober.dam
    W32/Netsky.q.dam
    W32/Lovgate.dam
    W32/Netsky.c.dam
    X97M/Hopper.dam
    W32/Netsky.p.dam
    W32/Netsky.d.dam
  Damaged Worm (3)
    W32/Spybot.worm.dam
    W32/Gaobot.worm.dam
    W32/Sdbot.worm.dam
  Dropper (7)
    W32/Vorcan.dr
    W32/Sankey.dr
    SymbOS/Cabir.d.dr
    SymbOS/Cabir.c.dr
    SymbOS/Cabir.dr
    SymbOS/Cabir.b.dr
    SymbOS/Cabir.a.dr
  E-mail (19)
    W32/Netsky.w@MM
    W32/Netsky.q@MM
    W32/Netsky.u@MM
    W32/Netsky.g@MM
    W32/Netsky.l@MM
    W32/Netsky.k@MM
    W32/NetSky.h@MM
    W32/Netsky.v@MM
    W32/Mydoom.o@MM
    W32/Netsky.y@MM
    W32/Netsky.z@MM
    W32/Netsky.ab@MM
    W32/Bagle.aq@MM
    W32/Anzae.worm.a
    W32/Mugly.a@MM
    W32/Mugly.b@MM
    W32/Mydoom.ae@MM
    W32/Netsky.ag@MM
    W32/Bagle.ai@MM
  E-mail worm (20)
    W32/Netsky.n@MM
    W32/Netsky.j@MM
    W32/Netsky.o@MM
    W32/Netsky.x@MM
    W32/Netsky.e@MM
    W32/Netsky.f@MM
    W32/Netsky.d@MM
    W32/Netsky.ac@MM
    W32/Anzae.worm.d
    W32/Yanz.b@MM
    W32/Anzae.worm.b
    W32/Bagle.bg@MM
    W32/Atak.i@MM
    W32/Bagle.bb@mm
    W32/Bagle.bd@MM
    W32/Atak.b@MM
    W32/Bagle.ag@MM
    W32/Mydoom.n@MM
    W32/Mydoom.ab@MM
    W32/Bagle.ae@MM
  Email (16)
    W32/Atak.c@MM
    W32/Atak.a@MM
    W32/Mydoom.d@MM
    W32/Netsky.ad@MM
    W32/Yanz.a@MM
    W32/Atak.f@MM
    W32/Atak.h@MM
    W32/Atak.g@MM
    VBS/Sorpe@MM
    W32/Mydoom.af@MM
    W32/Netsky.ai@MM
    W32/Mydoom.ad@MM
    W32/Mydoom.y@MM
    W32/Bagle.az@MM
    W32/Netsky.af@MM
    W32/Mydoom.ac@MM
  Email Generic (3)
    W32/Atak.gen@MM
    W32/Mydoom.gen@MM
    W32/Yanz.gen@MM
  Email Worm (3)
    W32/Netsky.aa@MM
    W32/Mydoom.r@MM
    W32/Anzae.worm.c
  Generic (4)
    W32/Sankey.gen
    W97M/Jerk.gen
    X97M/Divi.gen
    SymbOS/Cabir.gen
  Generic Worm (25)
    W32/Sdbot.worm.gen.a
    W32/Sdbot.worm.gen
    W32/Spybot.worm.gen.e
    W32/Gaobot.worm.gen.g
    W32/Gaobot.worm.gen.e
    W32/Sdbot.worm.gen.w
    W32/Nilit.worm.gen
    W32/Spybot.worm.gen.f
    W32/Gaobot.worm.gen.l
    W32/Spybot.worm.gen.g
    W32/Tumbi.worm.gen.b
    W32/Gaobot.worm.gen.j
    W32/Sdbot.worm.gen.n
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.k
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.x
    W32/Anzae.worm.gen
    W32/Gaobot.worm.gen.t
    W32/Sdbot.worm.gen.y
    W32/Cissi.worm.gen
    W32/Sdbot.worm.gen.t
    W32/Gaobot.worm.gen.s
  Heuristic (1)
    New Malware.b
  Intended Worm (1)
    W32/Atak.e@MM
  Internet Worm (4)
    W32/Sdbot.worm
    W32/Duni.worm.c
    W32/Atak.d@MM
    W32/Gaobot.worm.gen.q
  Macro (27)
    W97M/Class.src
    X97M/Hopper.r
    W97M/Hopper.ab
    X97M/Hopper.ab
    X97M/Hopper.p
    X97M/Hopper.o
    X97M/Hopper.n
    X97M/Hopper.m
    X97M/Hopper.l
    X97M/Hopper.k
    X97M/Hopper.j
    X97M/Hopper.h
    W97M/Hopper.g
    W97M/Hopper.e
    W97M/Hopper.d
    W97M/Hopper.c
    W97M/Hopper.b
    W97M/Hopper.a
    W97M/Hopper.r
    W97M/Hopper.p
    W97M/Hopper.o
    W97M/Hopper.n
    W97M/Hopper.m
    W97M/Hopper.l
    W97M/Hopper.k
    W97M/Hopper.j
    W97M/Hopper.i
  Overwriting (1)
    W32/Borler.ow
  VbScript (1)
    New Script
  Win32 (7)
    New Win32.g1
    W32/Generic.d
    W32/Darro
    W32/Bagle.ba
    W32/Bagle.aw
    W32/Bagle.av
    W32/Generic.Delphi
  Win9x (1)
    W95/Gremo
  Worm (29)
    W32/Gaobot.worm.gen
    W32/Anav.worm.b
    W32/Anav.worm.a
    W32/Duni.worm.b
    W32/Duni.worm.a
    W32/Kitro@MM
    W32/Nilit.a.worm
    W32/Nilit.b.worm
    W32/Nilit.c.worm
    W32/Nilit.d.worm
    W32/Nilit.f.worm
    W32/Nilit.e.worm
    W32/Nilit.g.worm
    W32/Nilit.j.worm
    W32/Nilit.i.worm
    W32/Nilit.h.worm
    W32/Nilit.k.worm
    W32/Nilit.l.worm
    W32/Nilit.n.worm
    W32/Nilit.m.worm
    W32/Nilit.o.worm
    W32/HLLP.Hantaner.d.worm
    W32/HLLP.Hantaner.b.worm
    W32/HLLP.Hantaner.c.worm
    W32/HLLP.Hantaner.a.worm
    W32/Dedler.worm
    W32/Banwor.worm
    W32/Bagle.at@MM
    W32/Mydoom.t@MM