ThreatExpert's Statistics for Mal/Behav-328 [Sophos]:

Mal/Behav-328 [Sophos] is also known as:

Threat Alias	Number of Incidents
Generic PWS.di [McAfee]	19
Trojan.Win32.Llac.bdm [Kaspersky Lab]	16
Backdoor:Win32/Poisonivy.H [Microsoft]	15
Worm:Win32/Rebhip.A [Microsoft]	14
Malware.Spyrat [PC Tools]	12
Suspicious.MH690 [Symantec]	12
W32.Spyrat [Symantec]	12
Backdoor.Win32.PoisonIvy [Ikarus]	4
Trojan Horse [Symantec]	3
Trojan-GameThief.Win32.WOW [Ikarus]	3
IRC Trojan [Symantec]	2
New Win32 [McAfee]	2
Packed.Win32.CPEX-based [Ikarus]	2
PWS-LDPinch.a!hv [McAfee]	2
Trojan.Generic [PC Tools]	2
Trojan.Win32.Buzus [Ikarus]	2
Trojan-Dropper.Win32.Malf [Ikarus]	2
VirTool:Win32/DelfInject.gen!AC [Microsoft]	2
Win-Trojan/Exchanger.374338 [AhnLab]	2
Backdoor:Win32/Turkojan.AI [Microsoft]	1
BackDoor-DOQ.gen.w [McAfee]	1
Generic BackDoor.ao [McAfee]	1
Generic Downloader.x!bk [McAfee]	1
Generic.dx [McAfee]	1
Generic.dx!eus [McAfee]	1
Infostealer.Lemir.Gen [Symantec]	1
Packed.Win32.CPEX-based.eq [Kaspersky Lab]	1
Packed.Win32.CPEX-based.fm [Kaspersky Lab]	1
PE_VIRUX.E-2 [Trend Micro]	1
PWS:Win32/Prast!rts [Microsoft]	1
PWS:Win32/Steam.B [Microsoft]	1
Trojan.Agent [Ikarus]	1
Trojan.ATRAPS [Ikarus]	1
Trojan.Crypt [Ikarus]	1
Trojan.Dropper [Symantec]	1
Trojan.IRCBot [PC Tools]	1
Trojan.Small.ALDY [PC Tools]	1
Trojan.Win32.Buzus.czve [Kaspersky Lab]	1
Trojan.Win32.Buzus.uib [Kaspersky Lab]	1
Trojan.Win32.Buzus.xeu [Kaspersky Lab]	1
Trojan.Win32.Llac.ada [Kaspersky Lab]	1
Trojan.Win32.Llac.hh [Kaspersky Lab]	1
Trojan.Win32.Scar.vuy [Kaspersky Lab]	1
Trojan.Win32.Small.abz [Kaspersky Lab]	1
Trojan-Downloader.Win32.Agent.brjz [Kaspersky Lab]	1
Trojan-Dropper.Win32.Agent.blsd [Kaspersky Lab]	1
Trojan-Dropper.Win32.VB.sj [Ikarus]	1
Trojan-PWS.Lmir!ct [PC Tools]	1
VirTool:Win32/DelfInject.gen!AS [Microsoft]	1
VirTool:Win32/DelfInject.gen!X [Microsoft]	1
VirTool:Win32/DelfInject.gen!Y [Microsoft]	1
W32.Spybot.Worm [Symantec]	1
Win-Trojan/Agent.346112.AC [AhnLab]	1
Win-Trojan/Buzus.122880.E [AhnLab]	1
Win-Trojan/Buzus.219648.J [AhnLab]	1
Win-Trojan/Buzus.257600 [AhnLab]	1
Win-Trojan/Downloader.257536 [AhnLab]	1
Win-Trojan/LmirHack.45056.AK [AhnLab]	1

Mal/Behav-328 [Sophos] has the following possible countries of origin:

Origin		Number of Incidents
	Canada	4
	Brazil	2
	China	1

Mal/Behav-328 [Sophos] is known to be created as:

%System%\conimes\conimeime.exe

%System%\install\wimupdat.exe

%System%\spynet\server.exe

%System%\svchost\svchost.exe

%System%\svchostsvr\svchostsvr.exe

%System%\winupdate\winupdate.exe

%Temp%\727882.exe

%Temp%\asadfg43rwaef.exe

%Temp%\explorer.exe

%Temp%\filetmp.exe

%Temp%\server2.exe

%Temp%\svchost.exe

%Windir%\mstwain32.exe

%Windir%\server.exe

%Windir%\system\ctfmon.exe

%Windir%\winmedia.exe

c:\dir\install\install\server.exe

c:\spynet\server.exe

Notes:

%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.