Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4473
DAT Release Date 04/20/2005
Threats Detected 123634
New Detections 33
Enhanced Detections 179

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (2)
   (1)
    Black Wolf
  Malware Tool (1)
    VTool/unk5
Trojan (16)
   (1)
    HackerDefender!hosts
  Downloader (7)
    Downloader-ZN!chm
    Downloader-ZN
    Downloader-ZL
    Downloader-ZM
    Downloader-ZK
    Downloader-ZJ
    Downloader-ZI
  Exploit (1)
    Exploit-GM015-IE
  Generic (2)
    Exploit-MSJet.gen
    Exploit-MS05-016.gen
  Password Stealer (2)
    PWS-Fivsec
    PWS-Banker.t
  Remote Access (2)
    BackDoor-CRH
    BackDoor-CRG
  Win32 (1)
    Pusno
Virus (15)
   (1)
    Sibylle.853a
  Dropper (1)
    W32/Kino.dr
  Email (2)
    W32/Buchon.n@MM
    W32/Mytob.z@MM
  Macro (1)
    X97M/Delun
  Parasitic (1)
    HLLP.4096
  PowerPoint Macro (1)
    PP97M/Laroux.hp
  Win32 (3)
    W32/Brepibot
    W32/Mytob.ac
    W32/Kino
  Worm (5)
    W32/Kelvir.worm.ad
    W32/Kelvir.worm.ae
    W32/Kelvir.worm.af
    W32/Kelvir.worm.ac
    W32/Bropia.worm.af

Enhanced Detections:

Program (5)
   (2)
    Simulated Virus
    VMag72
  Application extension (1)
    Dialer-Generic.dll
  Keylogger (1)
    Keylog-Ardamax
  Malware Tool (1)
    VTool/Unk4
Trojan (37)
   (5)
    QScare
    Vixenish
    Generic component
    Phish-BankFraud.eml.a
    Phish-BankFraud.eml.b
  Application extension (3)
    BackDoor-BAE.dll
    Downloader-DA.dll
    PWS-Banker.j.dll
  Configurator (1)
    BackDoor-CEP.cfg
  Downloader (5)
    Downloader-HZ
    Downloader-JK
    Downloader-ZH
    Downloader-TB
    Downloader-TI
  Dropper (4)
    VBS/Inor
    BackDoor-CEP.dr
    Downloader-JD.dr
    PWS-Goldun.dr
  Exploit (3)
    Exploit-ByteVerify
    Exploit-MhtRedir.gen
    Exploit-ZIP
  Flooder (1)
    FDoS-Codalu
  Generic (5)
    PWS-Banker.gen.b
    PWS-Banker.gen.i
    PWS-Banker.gen.h
    PWS-Banker.gen.g
    PWS-Banker.gen.d
  Password (1)
    PWS-Watsn
  Password Stealer (1)
    PWS-Goldun
  Remote Access (2)
    BackDoor-AOZ
    BackDoor-CEP
  StartPage (1)
    StartPage-GS
  Win32 (5)
    HackerDefender.sys
    W32/Sdbot!cleanup
    AdClicker-CO
    Generic VB.c
    Generic PWS.m
Virus (137)
   (2)
    Uruguay.6
    Sibylle.853
  Companion (1)
    W32/Faffer.cmp
  Configuration settings (1)
    W32/Opaserv.ini
  Damaged (3)
    W32/Lovgate.dam
    W32/Mytob.dam
    W32/Lovgate.x.dam
  Damaged Worm (1)
    W32/Sdbot.worm.dam
  Downloader Worm (1)
    W32/Bropia.worm.dldr
  Dropper (3)
    W32/Sober.dr
    W32/Jeefo.dr
    W32/Sdbot.dr
  E-mail (2)
    W32/Sober.o@MM
    W32/Lovgate.ah@MM
  E-mail worm (8)
    W32/Lovgate.f@M
    W32/Lovgate.ac@MM
    W32/Buchon.c@MM
    W32/Lovgate.ad@MM
    W32/Lovgate.af@MM
    W32/Lovgate.aj@MM
    W32/Buchon.gen@MM
    W32/Lovgate.ab@MM
  Email (55)
    W32/Lovgate.r@MM
    W32/Lovgate.b@M
    W32/Lovgate.g@M
    W32/Sober.k@MM!zip
    W32/Buchon.j@MM
    W32/Lovgate.m@M
    W32/Lovgate.n@M
    W32/Sober.d@MM!zip
    W32/Lovgate.q@MM
    W32/Lovgate.p@MM
    W32/Sober.e@MM!zip
    W32/Lovgate.v@M
    W32/Lovgate.t@MM
    W32/Lovgate.u@MM
    W32/Lovgate.w@M
    W32/Lovgate.al@MM
    W32/Buchon.k@MM
    W32/Buchon.m@MM
    W32/Sober.j@MM!zip
    W32/Sober.l@MM!zip
    W32/Buchon.l@MM
    W32/Mytob.p@MM
    W32/Mytob.i@MM
    W32/Mytob.k@MM
    W32/Mytob.r@MM
    W32/Mytob.c@MM
    W32/Dushit@MM
    W32/Mytob.m@MM
    W32/Mytob.q@MM
    W32/Mytob.h@MM
    W32/Mytob.j@MM
    W32/Mytob.l@MM
    W32/Mytob.o@MM
    W32/Mytob.u@MM
    W32/Mytob.t@MM
    W32/Mytob.x@MM
    W32/Mytob.w@MM
    W32/Mytob.y@MM
    W32/Mytob.ab@MM
    W32/Mytob.aa@MM
    W32/Lovgate.aa@MM
    W32/Lovgate.ao@MM
    W32/Lovgate.an@MM
    W32/Sober.o@MM!zip
    W32/Lovgate.aq@MM
    W32/Buchon.g@MM
    W32/Buchon.e@MM
    W32/Buchon.a@MM
    W32/Buchon.h@MM
    W32/Buchon.f@MM
    W32/Buchon.d@MM
    W32/Buchon.b@MM
    W32/Lovgate.ak@MM
    W32/Lovgate.ae@MM
    W32/Sober.g@MM!zip
  Email Generic (2)
    W32/Sober.gen@MM
    W32/Mytob.gen@MM
  Email Worm (2)
    W32/Lovgate.ai@MM
    W32/Lovgate.ag@MM
  Generic (1)
    W32/Anzae.gen
  Generic Worm (11)
    W32/Sdbot.worm.gen.w
    W32/Gaobot.worm.gen.j
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.i
    W32/Kelvir.worm.gen
    W32/Spybot.worm.gen.j
    W32/Gaobot.worm.gen.t
    W32/Sdbot.worm.gen.y
    W32/Sdbot.worm.gen.t
  Internet Worm (6)
    W32/Sdbot.worm
    W32/Kelvir.worm.c
    W32/Kelvir.worm.b
    W32/Kelvir.worm.f
    W32/Bropia.worm.gen
    W32/Bropia.worm.d
  Source code (1)
    Linux/Adm.src
  VbScript (1)
    New Script
  Win32 (8)
    W32/Jeefo
    W32/Lovgate
    W32/Buchon.i!keylog
    W32/Buchon.i
    W32/Buchon.k!keylog
    W32/Buchon.l!keylog
    W32/Buchon!keylog
    W32/Buchon.c!keylog
  Worm (28)
    W32/Lovgate.l@M
    W32/Lovgate.a@M
    W32/Lovgate.c@M
    W32/Lovgate.s@MM
    W32/Lovgate.x@MM
    W32/Bropia.worm.e
    W32/Kelvir.worm.e
    W32/Kelvir.worm.d
    W32/Kelvir.worm.g
    W32/Kelvir.worm.i
    W32/Kelvir.worm.k
    W32/Kelvir.worm.j
    W32/Bropia.worm.m
    W32/Kelvir.worm.a
    W32/Kelvir.worm.o
    W32/Kelvir.worm.n
    W32/Kelvir.worm.p
    W32/Kelvir.worm.s
    W32/Kelvir.worm.l
    W32/Kelvir.worm.m
    W32/Kelvir.worm.t
    W32/Kelvir.worm.q
    W32/Bropia.worm.ac
    W32/Kelvir.worm.w
    W32/Kelvir.worm.ab
    W32/Bropia.worm.b
    W32/Bropia.worm.a
    W32/Bropia.worm.c