Threat Search: 

ThreatExpert's Statistics for W32.Mabezat.B!inf [Symantec]:

W32.Mabezat.B!inf [Symantec] is also known as:
Threat AliasNumber of Incidents
Virus:Win32/Mabezat.B [Microsoft]133
W32/Mabezat-B [Sophos]133
W32/Mabezat.a [McAfee]131
Worm.Win32.Mabezat.b [Kaspersky Lab]122
Win32/Mabezat [AhnLab]104
Worm.Win32.Mabezat.b [Ikarus]85
PE_MABEZAT.B-1 [Trend Micro]80
Worm.Mabezat.C [PC Tools]76
PE_MABEZAT.B-2 [Trend Micro]50
Virus.Win32.Bifrose [Ikarus]6
Backdoor.Win32.Bifrose [Ikarus]4
VirTool.Win32.DelfInject [Ikarus]4
WORM_DELF.AG [Trend Micro]3
Backdoor.Win32.Bifrose.bwt [Kaspersky Lab]2
Backdoor.Win32.Turkojan.amr [Ikarus]2
Trojan.DL.Agent.XGB [PC Tools]2
Trojan.Win32.Midgare.soq [Kaspersky Lab]2
Trojan.Win32.StartPage [Ikarus]2
Trojan-Dropper.Win32.Agent.ahju [Kaspersky Lab]2
Trojan-Dropper.Win32.OnLineGames [Ikarus]2
Worm.Win32.Delf.dw [Kaspersky Lab]2
Backdoor.Win32.mIRC-based.k [Ikarus]1
Backdoor.Win32.Turkojan [Ikarus]1
Backdoor.Win32.Turkojan.amr [Kaspersky Lab]1
BackDoor-ARL [McAfee]1
Constructor/Bifrose.1916928 [AhnLab]1
PE_SALITY.AE [Trend Micro]1
Troj/Turkoj-A [Sophos]1
Trojan.Midgare.EYZ [PC Tools]1
Trojan.Win32.ProcessHijack [Ikarus]1
Trojan-Downloader.Win32.Banload [Ikarus]1
Trojan-Dropper.Agent [Ikarus]1
VirTool.Win32.Joiner [Ikarus]1
VirTool.Win32.Joiner.m [Kaspersky Lab]1
Virus.Win32.Alman [Ikarus]1
Virus.Win32.Hidrag.A [Ikarus]1
W32/Delf.gen [McAfee]1
W32/Mabezat.c [McAfee]1
Win32.Mabezat.b [Kaspersky Lab]1
Win32/Sachiel.worm.29187 [AhnLab]1
Win32/Xema.worm.492544 [AhnLab]1
Win-Trojan/Agent.42365 [AhnLab]1
Win-Trojan/Bifrose.2161664 [AhnLab]1
Win-Trojan/Turkojan.2805760 [AhnLab]1
Win-Trojan/Xema.variant [AhnLab]1
Worm.Autoit [Ikarus]1
Worm.Mabezat!ct [PC Tools]1
Worm.Sachiel.D [PC Tools]1
Worm.Win32.AutoRun.cis [Kaspersky Lab]1

W32.Mabezat.B!inf [Symantec] has the following possible countries of origin:
OriginNumber of Incidents
Saudi Arabia115
Sweden10
Russian Federation7
Belgium3
France3
Germany2
Netherlands2
United Kingdom2
Brazil1
Denmark1
Romania1
Spain1
Taiwan1

W32.Mabezat.B!inf [Symantec] is known to be created as:
%AppData%\bifrost\server.exe
%AppData%\lsass.exe
%AppData%\smss.exe
%AppData%\svchost.exe
%LocalSettings%\tempconjug.exe
%Profiles%\bifrost-private-special.exe
%ProgramFiles%\dyndns updater\dyndns.exe
%ProgramFiles%\dyndns updater\unins000.exe
%ProgramFiles%\microsoft office\winword.exe
%ProgramFiles%\mirc\irc bot\services.exe
%ProgramFiles%\utorrent\utorrent.exe
%System%\340510867285l.exe
%System%\773043211538l.exe
%System%\bifrost.exe
%System%\msnphoto.scr
%System%\winfiles.exe
%Temp%\ducsetup.exe
%Temp%\glb1a2b.exe
%Templates%\o20303z\service.exe
%Templates%\o20303z\tuxo20303z.exe
%Templates%\o20303z\winlogon.exe
%Templates%\o86068z\service.exe
%Templates%\o86068z\tuxo86068z.exe
%Templates%\o86068z\winlogon.exe
%Windir%\inf\smss.exe
%Windir%\m02485\ja523486blay.com
%Windir%\m02485\smss.exe
%Windir%\m02485\systray.exe
%Windir%\m57151\emangeloh.exe
%Windir%\m57151\ja278153blay.com
%Windir%\m57151\smss.exe
%Windir%\sa-187411.exe
%Windir%\sa-421844.exe
%Windir%\ti211538ta.exe
%Windir%\ti867285ta.exe
%Windir%\winfiles.exe
Notes:
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
  • %Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
  • %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
  • %Templates% is a variable that refers to the file system directory that serves as a common repository for document templates. A typical path is C:\Documents and Settings\[UserName]\Templates.
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.