F-Secure Malware Descriptions

Rootkit:W32/ZAccess

Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.

Backdoor:OSX/DevilRobber.A

Backdoor:OSX/DevilRobber.A silently installs applications related to Bitcoin-mining; it may also harvest data from the infected machine and listen for additional commands from a remote user.

Backdoor:OSX/Tsunami.A

Backdoor:OSX/Tsunami.A is a distributed denial-of-service (DDoS) flooder that is also capable of downloading files and executing shell commands in an infected system.

Trojan-Downloader:OSX/Flashback.C

Trojan-Downloader:OSX/Flashback.C poses as a Flash Player installer and connects to a remote host to obtain further installation files and configuration.

Trojan-Downloader:OSX/Flashback.B

Trojan-Downloader:OSX/Flashback.B poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files.

Trojan-Dropper:OSX/Revir.B

Trojan-Dropper:OSX/Revir.B drops and executes a backdoor program onto the system, while camouflaging its activity by opening a JPG file to distract the user.

Monitoring-Tool:Android/SimChecker.A

Monitoring-Tool:Android/SimChecker.A collects geolocation and other device information, and sends out this information via SMS messages and e-mails.

Trojan-Downloader:OSX/Flashback.A

Trojan-Downloader:OSX/Flashback.A poses as a Flash Player installer, and connects to a remote host to obtain further installation configuration and files.

Backdoor:OSX/Imuler.A

Backdoor:OSX/Imuler.A contacts a remote server for instructions; it may then steal files or capture a screenshot of the infected computer system, which is then forwarded to the remote server.

Trojan-Dropper:OSX/Revir.A

Trojan-Dropper:OSX/Revir.A drops a downloader component that downloads a backdoor program onto the system, while camouflaging its activity by opening a PDF file to distract the user.

Worm:W32/Morto.A

Worm:W32/Morto.A propagates through Remote Desktop Services on Windows servers by brute-forcing the login credentials of the server.

Trojan:Android/GinMaster.A

Trojan:Android/GinMaster.A steals confidential information from the device and sends it to a remote website.

Trojan:W32/Yakes

Trojan:W32/Yakes variants attempt to connect to and download files from remote servers.

Trojan:Android/DroidKungFu.C

Trojan:Android/DroidKungFu.C forwards confidential details to a remote server.

Trojan:Android/AutoSPSubscribe.A

Trojan:Android/AutoSPSubscribe.A is a malicious app that targets Android users in China, and is distributed through unofficial markets.

Trojan:BASH/QHost.WB

Trojan:BASH/QHost.WB hijacks web traffic by modifying the hosts.

Trojan:Android/YZHCSMS.A

Trojan:Android/YZHCSMS.A sends SMS/MMS messages to premium rate numbers, potentially incurring unexpected/unwanted usage charges.

Monitoring-Tool:Android/SpyBubble.A

Monitoring-Tool:Android/SpyBubble.A is a commercially available tracking tool.

Trojan:Android/BaseBridge.A

Trojan:Android/BaseBridge.A forwards confidential details to a remote server.

Spyware:Android/Flexispy.K

Spyware:Android/Flexispy.K is a commercially available monitoring program.

Rogue:OSX/FakeMacDef.A

Dishonest antivirus software which tricks users into buying or installing it, usually by infecting a user's computer, or by pretending the computer is infected.

Trojan:W32/Murofet.A

This trojan attempts to download a file (presumably malicious) from a randomly generated domain.

Virus:W32/Ramnit.N

A program that secretly and maliciously integrates itself into program or data files. It spreads by integrating itself into more files each time the host program is run.

Backdoor:W32/Knockex.A

A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.

Trojan-Downloader:W32/Kazy-17907

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.

Trojan-Downloader:W32/KDV-176347

This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.

Exploit:W32/MSWord6.Gen

The Generic Detection Exploit.msword.gen.6 identifies a Microsoft Word document that has been modified to perform an unauthorized, malicious action.

Exploit:W32/D-Encrypted.Gen

A program or technique that takes advantage of a vulnerability to remotely access or attack a program, computer or server.

Trojan:W32/AntiAV

Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.

Worm:ACAD/Kenilfe.A

The worm is a malicious AutoCAD program that propagates via removable drives. It also attempts to download Visual Basic Scripts from remote servers, if certain conditions are met.

Adware:W32/ClickPotato.A

This program delivers advertising content to the user. It is usually annoying but harmless, unless it is combined with spyware or trackware.

Backdoor:W32/Spyrat.D

A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.

Rogue:W32/SystemTool

This detection identifies a malicious roguewareprogram, typically used to deceive users into purchasing a fake application.

Backdoor:W32/Bohu.A

This program installs various files onto the system. Among the components installed are: a backdoor which connects to an external site to optain updates and other settings; and a component that monitors web traffic to various search engines in China and the domains of certain antivirus (AV) vendors.

Packed:W32/PeCan.A

This program is packed using a packer program associated with numerous other malware.

Rootkit:W32/Zxshell.B

Rootkit:W32/Zxshell.B is dropped by Backdoor:W32/Zxshell.A and basically functions as a protection mechanism for its main payload file.

Backdoor:W32/Zxshell.A

Backdoor:W32/Zxshell.A is a DLL file with an exported function ("Install"), which is called to install the backdoor.

Other:W32/False Positive

Latest False Positive Notices:Adware.smartad.dThis detection was unintentionally triggered on a JavaScript file associated with Google Analytics. A Hydra exclusion for this detection (2010-12-10_01) was released at 0052 UTC on 10th December, followed by an Aquarius database update (2010-12-10_03) released at 0215 UTC which removes the detection entirely. Please ensure your database is updated to resolve this issue.

Worm:W32/Todon.I

Worm:W32/Todon.I is a worm that spreads to new victim machines via infected removable and network drives. The worm also has trojan-downloader capabilities, as it attempts to download additional files from remote servers.

Trojan:JS/Obfuscated.Gen

Trojan:JS/Obfuscated.Gen is a Generic Detection that identifies malicious HTML, Javascripts, PDF, or any scripting files that contain obfuscated code, which may be used by malware authors to evade antivirus signature detection, as well as making malicious scripts harder discover and analyze

Backdoor:WinCE/PhoneCreeper.A

Backdoor:WinCE/PhoneCreeper.A provides unauthorized remote access to a mobile device.

Other:W32/Generic

Other:W32/Generic is a Generic Detection for a wide range of malicious programs, such as trojans, worms and keyloggers.

Application:W32/Keygen

Application:W32/Keygen identifies non-malicious files used to emulate a Microsoft Key Management Server in order to use cracked license keys for Windows 7.

Trojan:SymbOS/ZeusMitmo.A

When installed on a mobile phone, this trojan monitors all incoming SMS messages and acts as a backdoor for receiving commands sent by an attacker via SMS messages.

Worm:W32/Downadup.AL

Worm:W32/Conficker.AL is a variant of Worm:W32/Downadup that can spread using three different methods and is capable of hiding its actions on the infected machine, as well as downloading files from remote sites.

Worm:W32/Downadup.A

Worm:W32/Downadup exploits a vulnerability in the Windows Server service to spread copies of itself across a network. The worm also attempts to download files from a remote server.

Worm:W32/Downaduprun.A

Worm:W32/Downaduprun.A is Generic Detection of the malicious autorun files created by Worm:W32/Downadup, which exploit the Windows Autorun functionality to spread the worm.

Worm:W32/Downadup.gen

Worm:W32/Downadup.gen is a Generic Detection of Worm:W32/Downadup.

Exploit:W32/PDF-Payload.Gen

Exploit:W32/PDF-Payload.Gen is a Generic Detection for Portable Document Format (PDF) files that attempt to exploit vulnerabilities in the popular Adobe Acrobat Reader program.

Trojan:W32/Trojan

This program performs a malicious action, either due to deliberate intent or to bugs in its programming. Malicious actions may vary from data tampering to disabling a computer system.

Toolbar:W32/MyGlobalSearch

A browser plug-in which provides additional functionality not included in the standard browser. May introduce security risks not present in the standard browser.

Other:W32/Vulnerability

A programming flaw or security loophole that may allow other users, applications or attackers to affect a program or system without the user's authorization or knowledge.

Trojan-Spy:W32/Zbot.PUA

This type of trojan secretly installs spy programs and/or keylogger programs.