Content

DAT Readme

Download the latest anti virus definitions for McAfee® VirusScan®. Ensure your McAfee® product contains the most up-to-date detection and prevention.
http://www.mcafee.com/apps/downloads/security_updates/dat.asp

DAT Version 4655
DAT Release Date 12/21/2005
Threats Detected 167009
New Detections 68
Enhanced Detections 316

Enhanced detections are those that have been modified for this release. Detections are enhanced to cover new variants, optimize performance, and correct incorrect identifications.

Noteworthy threats are those that had an Avert risk assessment of Low-Profiled, Medium, Medium-On-Watch, High, or High-Outbreak at the time of DAT release.

Noteworthy Threats:

Name Corporate Risk Assessment Home Risk Assessment
There are no noteworthy threats in this release

New Detections:

Program (16)
   (2)
    Tool/mqp
    Portscan-Saint
  Demonstration (9)
    JV/Demo-GetOpenP
    JV/Demo-ReadFile
    JV/Demo-ReplaceP
    JV/Demo-ExitTest
    JV/Demo-FileInfo
    JV/Demo-SendTest
    JV/Demo-GetHidde
    JV/Demo-AuditMyP
    JV/Demo-MyWindow
  Dialer (1)
    Dialer-RAS.dy
  Script (1)
    Picture-Badcom
  Tool (3)
    Tool-TerminalPort
    Tool-Ipconfig
    Tool-SystemStore
Trojan (33)
   (9)
    SymbOS/Multidropper.ah!sis
    SymbOS/Multidropper.af!sis
    SymbOS/Multidropper.ad!sis
    SymbOS/Multidropper.x!sis
    Danmec
    SymbOS/Multidropper.ag!sis
    SymbOS/Multidropper.ae!sis
    SymbOS/Multidropper.ac!sis
    SymbOS/Multidropper.u!sis
  Downloader (3)
    Downloader-ASM
    Downloader-ASK
    Downloader-ASL
  Dropper (1)
    Multidropper-PN
  Exploit (8)
    Perl/Exploit-Xmlrpc
    Perl/Exploit-ViRobot
    Perl/Exploit-Drupal
    Perl/Exploit-ASPNuke
    Perl/Exploit-WordPre
    Perl/Exploit-PaFaq
    Perl/Exploit-Cacti
    Perl/Exploit-Arpus
  Heuristic (1)
    New Malware.w
  Malware Tool (1)
    NTRootKit-T
  Remote Access (2)
    BackDoor-CWQ
    BackDoor-CTI
  Script (4)
    Bat/dag
    Bat/Cabir
    Bat/kix
    Bat/avk76
  Win32 (4)
    Reboot-AQ
    Generic Dropper.v
    Generic Dropper.r
    Generic Downloader.at
Virus (19)
   (9)
    Junk
    Junk.4906
    SymbOS/Mabtal.b!sis
    SymbOS/Cabir!ezboot.ad
    SymbOS/Cabir.ad!mbm
    Junk.3619
    SymbOS/Cabir.ad
    SymbOS/Cabir.ad!sis
    SymbOS/Appdisabler.d!sis
  Dropper (5)
    Ninja.dr
    Willow.dr
    Neban.dr
    Eumel.dr
    ARCV.1100.dr
  Email (1)
    W32/Ider@MM
  Overwriting (1)
    HLL.ow.5488h
  Script (1)
    JS/Spacehero
  Win32 (2)
    W32/Swen
    W32/Honk

Enhanced Detections:

- (1)
  - (1)
    Exploit-PhpBb
Internet Worm (1)
  E-mail worm (1)
    W32/Netsky.c@MM
Malware (1)
  Denial Of Svc (1)
    DDoS-SQLhuc
Program (24)
  - (1)
    XCP
  Adware (6)
    Adware-TopMoxie
    Adware-HotBar
    Adware-Gohip
    Adware-Click
    Adware-NaviPromo
    Adware-DCToolbar
  Dropper (1)
    Adware-HotBar.dr
  Keylogger (1)
    Keylog-SC.inst
  Malware Tool (1)
    NTRootKit-Cheat
  Registry (2)
    WorldAntiSpy
    Qoolaid
  Tool (3)
    AnalogX-Proxy
    Tool-Nmap
    Tool-Teardrop
  Win32 (9)
    NukeDetector
    PCGhost
    NetShare
    NT-RemoteCon
    Nosys
    SrvAny
    Winfixer
    NoZoneMutex
    Piorio
Trojan (127)
   (18)
    Deshack
    Generic component
    SymbOS/Multidropper.a!sis
    SymbOS/Multidropper.e!sis
    SymbOS/Multidropper.c!sis
    SymbOS/Multidropper.g!sis
    SymbOS/Multidropper.b!sis
    SymbOS/Multidropper.f!sis
    SymbOS/Multidropper.d!sis
    SymbOS/Multidropper.k!sis
    SymbOS/Multidropper.j!sis
    SymbOS/Multidropper.i!sis
    SymbOS/Multidropper.h!sis
    SymbOS/Multidropper.l!sis
    Generic.dc
    Generic.cb
    SymbOS/Multidropper.q!sis
    SymbOS/Multidropper.r!sis
  - (1)
    AdClicker-AJ
  Adware (1)
    AdClicker-DI
  Application extension (5)
    BackDoor-WB.dll
    Spy-Antaz.dll
    BackDoor-CST.dll
    PWS-Goldun.dll
    Spy-Agent.ab.dll
  Configurator (2)
    MultiDropper.cfg
    BackDoor-CEP.cfg
  Denial Of Svc (2)
    DDoS-Storm
    DDoS-Stinkbot
  Downloader (5)
    Downloader-ADV
    Downloader-AAT
    Downloader-VX
    Downloader-PE
    Downloader-TE
  Dropper (11)
    PWS-Progent.dr
    BackDoor-FR.dr
    DDoS-Stinkbot.dr
    BackDoor-CKB.dr
    BackDoor-CEP.dr
    MultiDropper-OR
    MultiDropper-MK
    PWS-BP.dr
    Spy-Agent.ab.dr
    PWS-Goldun.dr
    W32/Sdbot.dr
  Dropper Worm (1)
    W32/Sdbot.worm.dr
  Exploit (3)
    Exploit-MS04-011
    Exploit-MS03-037
    Exploit-ANIfile
  Generic (10)
    BackDoor-WB.gen
    Generic Downloader.gen.be
    BackDoor-BAC.gen
    PWS-Banker.gen.ba
    PWS-Banker.gen.bb
    PWS-Banker.gen.i
    PWS-Banker.gen.g
    PWS-Banker.gen.t
    Downloader-ZQ.gen
    PWS-BR.gen
  Heuristic (3)
    New Malware.n
    New Malware.u
    New Malware.h
  Internet Relay Chat (1)
    IRC/Flood.c
  Password (3)
    PWS-LegMir
    PWS-QQPass
    PWS-BP
  Password Stealer (11)
    Generic PWS.e
    PWS-Progent
    PWS-CC
    PWS-Banker.ad
    PWS-JA
    PWS-Lineage!chm
    PWS-CA
    PWS-Raven
    PWS-Reox
    PWS-Goldun
    PWS-BU
  Proxy (1)
    Proxy-Piky
  Remote Access (14)
    BackDoor-AQF
    BackDoor-AMQ
    BackDoor-CCL
    BackDoor-AWQ.b
    BackDoor-BAC
    BackDoor-AQ
    BackDoor-AXN
    BackDoor-CKB.sys
    BackDoor-CST
    BackDoor-CEP!chm
    BackDoor-CWP
    BackDoor-CKB
    BackDoor-CEP
    BackDoor-CTK
  Script (2)
    ServU.bat
    Perl/Shellbot
  Spyware (2)
    Keylog-Perfect.dr
    Spy-Hiddukel
  Trojan (1)
    Multidropper
  Win32 (30)
    Generic Delphi
    Generic Downloader.c
    BackDoor-FR
    DDoS-WarezX
    Spy-GScreen
    Renamer.b
    Spy-BBrother
    Spy-Antaz
    DDoS-Soldier
    RedKitty
    Delwin
    DesktopHijack
    Generic Downloader.p
    Puper
    Generic Downloader.s
    Spy-Agent.m
    Generic BackDoor.r
    Generic Downloader.y
    Generic PWS.o
    Generic Downloader.ab
    Generic.k
    Recker
    Deskpen
    Defun
    Generic Downloader.g
    DDoS-Boxed
    Reboot-L
    Deser
    Generic Downloader.e
    Reboot-K
Virus (162)
   (55)
    MPC
    SymbOS/Cabir.x
    SymbOS/Cabir.ab
    SymbOS/Cabir!ezboot.ab
    SymbOS/Cabir!lasco
    XRCV.335
    XRCV.330a
    SymbOS/Cabir.v
    SymbOS/Cabir!ezboot.v
    SymbOS/Cabir.v!sis
    SymbOS/Cabir.y
    SymbOS/Cabir!ezboot.y
    SymbOS/Cabir.z
    SymbOS/Cabir!ezboot.w
    SymbOS/Cabir.w
    SymbOS/Cabir.ac
    SymbOS/Cabir!ezboot.ac
    SymbOS/Cabir!ezboot.e
    SymbOS/Cabir!ezboot.d
    SymbOS/Cabir!ezboot.c
    SymbOS/Cabir!ezboot
    SymbOS/Cabir!ezboot.x
    SymbOS/Cabir!ezboot.s
    SymbOS/Cabir!ezboot.o
    SymbOS/Cabir!ezboot.k
    SymbOS/Cabir!ezboot.f
    SymbOS/Cabir.s!sis
    SymbOS/Cabir.f!sis
    SymbOS/Cabir.d!sis
    SymbOS/Cabir.b!sis
    SymbOS/Cabir.u!sis
    SymbOS/Cabir.g
    SymbOS/Cabir.f
    SymbOS/Cabir.b
    SymbOS/Cabir.a
    SymbOS/Cabir!ezboot.t
    SymbOS/Cabir!ezboot.r
    SymbOS/Cabir.q!sis
    SymbOS/Cabir.p!sis
    SymbOS/Cabir.o!sis
    SymbOS/Cabir.e!sis
    SymbOS/Cabir.a!sis
    SymbOS/Cabir.m
    SymbOS/Cabir.k
    SymbOS/Cabir!ezboot.q
    SymbOS/Cabir!ezboot.p
    SymbOS/Cabir!ezboot.n
    SymbOS/Cabir.j!sis
    SymbOS/Cabir.t!sis
    SymbOS/Cabir.r!sis
    SymbOS/Cabir.n!sis
    SymbOS/Cabir.c!sis
    SymbOS/Cabir.u
    SymbOS/Cabir.aa
    SymbOS/Cabir!ezboot.aa
  Damaged (1)
    W32/Swen.dam
  Damaged Worm (1)
    W32/Sdbot.worm.dam
  Dropper (5)
    Univ/j.dr
    Hare.dr
    Ultimate.dr
    Acid.dr
    SymbOS/Cabir.dr
  Dropper Worm (1)
    W32/Kelvir.worm.dr
  E-mail (1)
    W32/Netsky.z@MM
  E-mail worm (1)
    W32/Netsky.o@MM
  Email (1)
    JS/Kmax@MM
  Email Generic Worm (1)
    W32/Bobax.worm.gen@MM
  Email Worm (2)
    W32/Bobax.worm.ab@MM
    W32/Bobax.worm.ac@MM
  Generic (3)
    W32/IRCbot.gen.c
    W32/Poebot.gen
    SymbOS/Cabir.gen
  Generic Worm (26)
    W32/IRCbot.worm.gen
    W32/Sdbot.worm.gen.as
    W32/Sdbot.worm.gen.br
    W32/Sdbot.worm.gen.bg
    W32/Opanki.worm.gen
    W32/Sdbot.worm.gen.n
    W32/Sdbot.worm.gen.l
    W32/Sdbot.worm.gen.j
    W32/Sdbot.worm.gen.h
    W32/Sdbot.worm.gen.i
    W32/Sdbot.worm.gen.bl
    W32/Sdbot.worm.gen.bk
    W32/Kelvir.worm.gen
    W32/Sdbot.worm.gen.bs
    W32/Gaobot.worm.gen.bf
    W32/Sdbot.worm.gen.bz
    W32/Sdbot.worm.gen.bq
    W32/Sdbot.worm.gen.bd
    W32/Gaobot.worm.gen.bc
    W32/Sdbot.worm.gen.bh
    W32/Sdbot.worm.gen.bi
    W32/Sdbot.worm.gen.by
    W32/Sdbot.worm.gen.bj
    W32/Sdbot.worm.gen.y
    W32/Sdbot.worm.gen.z
    W32/Sdbot.worm.gen.ac
  Internet Worm (5)
    W32/Graps.worm
    W32/Sdbot.worm!MS05-039
    W32/Gbot.worm
    W32/Kelvir.worm.bh
    W32/Kelvir.worm.f
  Overwriting (2)
    Univ.ow/a
    HLL.ow.9504
  PDA Device (14)
    SymbOS/Cabir.e
    SymbOS/Cabir.c
    SymbOS/Cabir.h
    SymbOS/Cabir.d
    SymbOS/Cabir.t
    SymbOS/Cabir.r
    SymbOS/Cabir.p
    SymbOS/Cabir.n
    SymbOS/Cabir.l
    SymbOS/Cabir.s
    SymbOS/Cabir.q
    SymbOS/Cabir.o
    SymbOS/Cabir.i
    SymbOS/Cabir.j
  Script (1)
    Univ.script/99a
  Universal (1)
    Univ/a
  Win32 (3)
    W32/Netsky
    W32/Generic.e
    W32/Generic.j
  Worm (38)
    W32/Kelvir.worm.eo
    W32/Kelvir.worm.ex
    W32/Kelvir.worm.al
    W32/Kelvir.worm.ap
    W32/Kelvir.worm.an
    W32/Kelvir.worm.ao
    W32/Kelvir.worm.am
    W32/Kelvir.worm.ec
    W32/Kelvir.worm.ax
    W32/Kelvir.worm.az
    W32/Kelvir.worm.ba
    W32/Kelvir.worm.ay
    W32/Kelvir.worm.bg
    W32/Kelvir.worm.e
    W32/Kelvir.worm.ca
    W32/Kelvir.worm.ci
    W32/Kelvir.worm.i
    W32/Kelvir.worm.o
    W32/Kelvir.worm.p
    W32/Kelvir.worm.l
    W32/Kelvir.worm.ch
    W32/Kelvir.worm.q
    W32/Kelvir.worm.w
    W32/Kelvir.worm.cu
    W32/Kelvir.worm.da
    W32/Kelvir.worm.cz
    W32/Kelvir.worm.dd
    W32/Kelvir.worm.cq
    W32/Kelvir.worm.cv
    W32/Kelvir.worm.cx
    W32/Kelvir.worm.cy
    W32/Kelvir.worm.ac
    W32/Kelvir.worm.aj
    W32/Kelvir.worm.ai
    W32/Opanki.worm
    W32/Kelvir.worm.db
    W32/Kelvir.worm.gc
    W32/Kelvir.worm.dy