ThreatExpert's Statistics for Mal/KoobHeur-A [Sophos]:

Mal/KoobHeur-A [Sophos] is also known as:

Threat Alias	Number of Incidents
W32.Koobface.A [Symantec]	168
Worm:Win32/Koobface.gen!D [Microsoft]	109
Trojan.Win32.Agent.cwjg [Kaspersky Lab]	81
Trojan-Proxy.Win32.Koobface [Ikarus]	71
W32.Koobface.D [Symantec]	71
Worm.Win32.Koobface [Ikarus]	65
Net-Worm.Koobface [PC Tools]	64
Net-Worm.Win32.Koobface [Ikarus]	53
W32/Koobface.worm.gen.j [McAfee]	46
Mal/KoobHeur-A, Mal/KoobHeur-A [Sophos]	40
Net-Worm.Win32.Koobface.cvn [Kaspersky Lab]	40
Win32/Koobface.worm.50688.D [AhnLab]	40
Net-Worm.Win32.Koobface.asz [Kaspersky Lab]	36
Trojan-Downloader.Win32.Renos [Ikarus]	36
W32/Koobface.worm [McAfee]	33
Net-Worm.Win32.Koobface.bkb [Kaspersky Lab]	25
Net-Worm.Win32.Koobface.bno [Kaspersky Lab]	25
Net-Worm.Win32.Koobface.bjz [Kaspersky Lab]	12
Win32/Koobface.worm.15360.FW [AhnLab]	12
Mal/Generic-A, Mal/KoobHeur-A [Sophos]	9
W32/Koobface.worm.gen.g [McAfee]	9
Suspicious.MH690 [Symantec]	7
Generic.dx!bew [McAfee]	6
Net-Worm.Win32.Koobface.brr [Kaspersky Lab]	6
W32/Koobface.worm.gen.ac [McAfee]	6
Trojan Horse [Symantec]	5
Win32/Koobface.worm.49152.H [AhnLab]	5
Net-Worm.Koobface.bgr [PC Tools]	4
Net-Worm.Win32.Koobface.awm [Kaspersky Lab]	4
Net-Worm.Win32.Koobface.bqk [Kaspersky Lab]	4
Net-Worm.Win32.Koobface.d [Kaspersky Lab]	4
Win32/Koobface.worm.49152.G [AhnLab]	4
Downloader [Symantec]	3
Net-Worm.Koobface.bjz [PC Tools]	3
Trojan-Downloader.Win32.Injecter.dit [Kaspersky Lab]	3
Win32/Koobface.worm.86016.I [AhnLab]	3
Adware.BrowseCtl [PC Tools]	2
Generic Proxy!f [McAfee]	2
Generic.dx!bsf [McAfee]	2
Net-Worm.Win32.Koobface.bgr [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.bhg [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.bku [Kaspersky Lab]	2
Net-Worm.Win32.Koobface.cma [Kaspersky Lab]	2
Trojan-Downloader.Win32.Injecter.dix [Kaspersky Lab]	2
Win32/Koobface.worm.16384.AX [AhnLab]	2
Win32/Koobface.worm.20748 [AhnLab]	2
Win32/Koobface.worm.38912.DD [AhnLab]	2
Win-Trojan/Backdoor.10752.B [AhnLab]	2
Backdoor [Ikarus]	1
Dropper/Xema.19456.V [AhnLab]	1
Generic.dx!bgb [McAfee]	1
Generic.dx!bpe [McAfee]	1
Generic.dx!ncz [McAfee]	1
Net-Worm.Win32.Koobface.aub [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.auz [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.ayn [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.ayp [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.ayy [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.ayz [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.azd [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.bhy [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.biy [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.bje [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.bjg [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.bkl [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.blh [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.bmw [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.bnn [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.bnu [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.bpq [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.ctb [Kaspersky Lab]	1
Net-Worm.Win32.Koobface.exu [Kaspersky Lab]	1
Trojan.Dropper [Symantec]	1
Trojan.Win32.Scar [Ikarus]	1
Trojan.Win32.Scar.eh [Kaspersky Lab]	1
Trojan.Win32.Small [Ikarus]	1
Trojan.Win32.Small.cbw [Kaspersky Lab]	1
Trojan-Downloader.Win32.Agent.ckwl [Kaspersky Lab]	1
Trojan-Downloader.Win32.Injecter [Ikarus]	1
Trojan-Dropper.Win32.Agent.ayth [Kaspersky Lab]	1
Trojan-Dropper.Win32.Agent.ayya [Kaspersky Lab]	1
W32.Koobface.C [Symantec]	1
W32/Koobface.worm.gen.c [McAfee]	1
Win32/Koobface.worm.16384.BD [AhnLab]	1
Win32/Koobface.worm.16384.DY [AhnLab]	1
Win32/Koobface.worm.32768.AE [AhnLab]	1
Win32/Koobface.worm.32768.AG [AhnLab]	1
Win32/Koobface.worm.36864.F [AhnLab]	1
Win32/Koobface.worm.36864.G [AhnLab]	1
Win32/Koobface.worm.49152.F [AhnLab]	1
Win32/Koobface.worm.86016.O [AhnLab]	1
Win-Trojan/Backdoor.11264.D [AhnLab]	1
Win-Trojan/Backdoor.19968 [AhnLab]	1
Win-Trojan/Swizzor.40960 [AhnLab]	1

Mal/KoobHeur-A [Sophos] has the following possible country of origin:

Origin		Number of Incidents
	Australia	8

Mal/KoobHeur-A [Sophos] is known to be created as:

%ProgramFiles%\browserctl\browserctl.dll

%ProgramFiles%\ddnsfilter\ddnsfilter.dll

%ProgramFiles%\sfx\sfx.dll

%System%\fio32.dll

%Temp%\ld12.exe

%Temp%\pp11.exe

%Windir%\freddy100.exe

%Windir%\freddy65.exe

%Windir%\freddy75.exe

%Windir%\higeorge12.exe

%Windir%\ld12.exe

%Windir%\ld14.exe

%Windir%\loadernew.exe

%Windir%\mstre19.exe

%Windir%\mstre21.exe

%Windir%\mstre22.exe

%Windir%\pp11.exe

%Windir%\pp12.exe

%Windir%\rdr_1253304947.exe

%Windir%\rdr_1254265248.exe

%Windir%\rdr_1265498029.exe

%Windir%\twitty08.exe

%Windir%\vkl_1253068509.exe

%Windir%\vkl_1253157410.exe

%Windir%\vkl_1253176598.exe

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.