ThreatExpert's Statistics for Mal/TibsPak [Sophos]:

Mal/TibsPak [Sophos] is also known as:

Threat Alias	Number of Incidents
Trojan:Win32/Tibs.gen!lds [Microsoft]	3,306
Trojan-Downloader.Win32.Agent.bozt [Kaspersky Lab]	1,960
Trojan-Dropper.Agent [Ikarus]	1,960
Trojan.Fakeavalert [Symantec]	1,402
Trojan.Win32.Tibs [Ikarus]	441
Trojan-Downloader.Agent!sd6 [PC Tools]	441
Generic Downloader.x [McAfee]	328
Trojan:Win32/Insebro.C [Microsoft]	208
Trojan Horse [Symantec]	182
Trojan-Downloader.Win32.FraudLoad.vnay [Kaspersky Lab]	120
Trojan-Downloader.Win32.FraudLoad.dxa [Kaspersky Lab]	84
Trojan:Win32/Tibs.gen!H [Microsoft]	82
Mal/FakeVirPk-A, Mal/TibsPak [Sophos]	81
FakeAlert-CC [McAfee]	79
Trojan.Packed.13 [Symantec]	63
Adware.Bravia.Gen!Pac [PC Tools]	62
Bravia [McAfee]	62
not-virus:Hoax.Win32.Bravia.l [Kaspersky Lab]	62
TROJ_RENOS.RE [Trend Micro]	62
Win-Trojan/Fraudload.27136.B [AhnLab]	60
Win-Trojan/Agent.27136.HY [AhnLab]	49
Trojan:Win32/Tibs.J [Microsoft]	44
Tibs-Packed [McAfee]	43
Generic.dx [McAfee]	31
Trojan-Downloader.FraudLoad!sd6 [PC Tools]	31
Trojan.Tibs.Gen!Pac.146 [PC Tools]	29
Downloader [Symantec]	25
Downloader-ASH.gen.b [McAfee]	22
Trojan:Win32/Tibs.FZ [Microsoft]	18
TrojanDownloader:Win32/Pakernat.A [Microsoft]	18
TROJ_AGENT.APDC [Trend Micro]	17
Trojan.Win32.Agent.gmo [Kaspersky Lab]	17
Trojan:Win32/Zbot.BD [Microsoft]	16
Trojan.Renos.Gen!Pac.10 [PC Tools]	15
Infostealer.Banker.C [Symantec]	14
Trojan-Downloader.Win32.FraudLoad [Ikarus]	13
Backdoor:Win32/Nuwar.A [Microsoft]	9
Trojan-Downloader.Win32.Tibs.yn [Ikarus]	9
Trojan-Downloader.Win32.Tibs.yn [Kaspersky Lab]	9
Trojan-Downloader.Win32.Tibs.zz [Kaspersky Lab]	9
TrojanDownloader:Win32/Fakeinit [Microsoft]	9
WORM_ZHELATI.AW [Trend Micro]	9
Trojan.Win32.Agent [Ikarus]	8
Trojan:Win32/Fakeinit [Microsoft]	8
TrojanSpy.ZBot.Gen!Pac.4 [PC Tools]	8
Suspicious.MH690 [Symantec]	7
Trojan.Peacomm.D [Symantec]	7
Downloader.gen.a [McAfee]	6
Infostealer.Notos!gen [Symantec]	6
Trojan:Win32/Meredrop [Microsoft]	6
Trojan-Downloader.MisleadApp!sd6 [PC Tools]	6
Trojan-Downloader.Win32.Tibs.zs [Kaspersky Lab]	6
W32.Virut.W [Symantec]	6
W32/Nuwar@MM [McAfee]	6
Win-Trojan/Xema.variant [AhnLab]	6
Worm.DR.Zhelatin.Gen!Pac.9 [PC Tools]	6
Backdoor.Trojan [Symantec]	5
Bloodhound.Morphine [Symantec]	5
Cryp_Pai-5 [Trend Micro]	5
Generic PWS.y [McAfee]	5
Trojan.Fakeavalert!sd6 [PC Tools]	5
Trojan-Downloader.Win32.FraudLoad.dwm [Kaspersky Lab]	5
Virus.Win32.Sality [Ikarus]	5
Win-Trojan/Tibs.29136.AK [AhnLab]	5
Worm.DR.Zhelatin.Gen!Pac.8 [PC Tools]	5
Downloader.MisleadApp [Symantec]	4
Email-Worm.Win32.Zhelatin.xz [Kaspersky Lab]	4
Generic BackDoor [McAfee]	4
Generic Downloader.ab [McAfee]	4
New Malware.ag [McAfee]	4
Possible_Nucrp-6 [Trend Micro]	4
PWS:Win32/Zbot.gen!F [Microsoft]	4
PWS-Zbot.gen.c [McAfee]	4
TROJ_DLOADER.XUT [Trend Micro]	4
Trojan-Downloader.Tibs!ct [PC Tools]	4
Trojan-Downloader.Win32.Tibs [Ikarus]	4
Trojan-Downloader.Win32.Tibs.yz [Ikarus]	4
TrojanDownloader:Win32/Cbeplay.I [Microsoft]	4
Email-Worm.Win32.Zhelatin.xd [Kaspersky Lab]	3
Email-Worm.Win32.Zhelatin.yd [Kaspersky Lab]	3
Email-Worm.Win32.Zhelatin.yy [Kaspersky Lab]	3
Infostealer [Symantec]	3
TROJ_TIBS.AVP [Trend Micro]	3
Trojan.Win32.KillAV [Ikarus]	3
Trojan-Downloader.Win32.Agent.ogp [Kaspersky Lab]	3
Trojan-Downloader.Win32.Cntr.v [Kaspersky Lab]	3
Trojan-Downloader.Win32.Tibs.zz [Ikarus]	3
TrojanDownloader:Win32/Cbeplay.E [Microsoft]	3
TrojanDropper:Win32/Nuwar.gen!lds [Microsoft]	3
Win-Trojan/Downloader.17408.FA [AhnLab]	3
WORM_NUWAR.AHT [Trend Micro]	3
WORM_NUWAR.EC [Trend Micro]	3
Backdoor.Rustock.B [Symantec]	2
Backdoor:Win32/Nuwar.gen!D [Microsoft]	2
Backdoor:Win32/Rustock.gen!B [Microsoft]	2
Backdoor:WinNT/Rustock.C [Microsoft]	2
Email-Worm.Bagle [PC Tools]	2
Email-Worm.Win32.Zhelatin [Ikarus]	2
Email-Worm.Win32.Zhelatin.yb [Ikarus]	2
Email-Worm.Win32.Zhelatin.yb [Kaspersky Lab]	2

Mal/TibsPak [Sophos] has the following possible country of origin:

Origin		Number of Incidents
	Russian Federation	6

Mal/TibsPak [Sophos] is known to be created as:

%FontsDir%\b4b147bc522828731f1a016bfa72c073\system\ctfmn.exe

%System%\ashevtsvc.exe

%System%\bif1c.exe

%System%\bkav2006.exe

%System%\braviax.exe

%System%\capnwwwh.exe

%System%\cbevtsvc.exe

%System%\cfgmgr16.exe

%System%\clbdll.dll

%System%\dllcache\userinit.exe

%System%\drivers\ctfmon.exe

%System%\frmwrk32.exe

%System%\magent.exe

%System%\maxpaynow1.exe

%System%\maxpaynowti1.exe

%System%\mmcserv.exe

%System%\ntos.exe

%System%\psyche.exe

%System%\secfxapp.exe

%System%\spo0lsv.exe

%System%\sysrest32.exe

%System%\update32.exe

%System%\wind32.exe

%System%\winds32.exe

%System%\winhelper.dll

%Temp%\iframestat.exe

%Temp%\istat.exe

%Temp%\istst.exe

%Temp%\load.exe

%Templates%\svchost.exe

%UserProfile%\bielixb.exe

%UserProfile%\lgokzd.exe

%UserProfile%\syaxqx.exe

%Windir%\herjek.exe

%Windir%\ieocx.dll

%Windir%\kavir.exe

%Windir%\libor.exe

%Windir%\svcho.exe

%Windir%\temp\stub.exe

%Windir%\totacon.exe

%Windir%\xpupdate.exe

c:\resycled\boot.com

Notes:

%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%Templates% is a variable that refers to the file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\[UserName]\Templates.
%UserProfile% is a variable that specifies the current user's profile folder. By default, this is C:\Documents and Settings\[UserName] (Windows NT/2000/XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.