W32/Rbot-EW -- Another bot Trojan that exploits network shares
with weak passwords to spread between machines. It installs
itself as "UPDATE_W.EXE" in the Windows System directory and
allows backdoor access via IRC. (Sophos)

W32/Rbot-FC -- This Rbot variant is similar to EW above, except
it uses the infected file of "WINSYST32.EXE" and adds the twist
of a file logger and CD key stealer. (Sophos)

W32/Rbot-DE -- Another Rbot variant. It uses "WINSYS32.EXE" as
its infection point and tries to kill certain network share
connections. (Sophos)

W32/Sdbot-KU -- A bot that spreads by exploiting machines
infected with MyDoom or without the Windows DCOM patch. It
installs itself as "PEREMPTION.EXE" and allows backdoor access
via IRC. It can be used to launch SYN flood attacks against
remote sites and also attempts to steal CD keys for popular
games. (Sophos)

W32/Tompai-A -- A backdoor Trojan that spreads via network
shares and uses a variety of filename combinations to install
itself in the Windows System folder. The virus has the text
"phantompain" embedded in the code. (Sophos)

W32/Agobot-KM -- Yet another bot that uses weakly protected
network shares to spread between machines. This infects
"MSVSRV32.EXE" in the Windows System directory, allows backdoor
access via IRC, and modifies the Windows HOSTS file to block
access to anti-virus sites. (Sophos)

__________________
Forum Rules
"Cat washing IS a martial art."
"Remember Today IS Yesterdays Tomorrow"