********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response April 08, 2004 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for March 2004, worldwide: 1 W32.Netsky.D@mm 2 W32.HLLW.Gaobot.gen 3 Trojan Horse 4 W32.Beagle.M@mm 5 W32.Beagle.E@mm 6 W32.Bugbear.B@mm 7 W32.Netsky.B@mm 8 W32.Netsky.C@mm 9 Trojan.ByteVerify 10 W32.Netsky.P@mm ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Adware.Chinet File infector 04/06/04 Adware.DelFin File infector 03/30/04 Adware.DreamAd File infector 04/01/04 Adware.FavoriteMan File infector 03/27/04 Adware.HungryHands File infector 04/04/04 Adware.Incredifind File infector 03/28/04 Adware.MessStopper File infector 03/30/04 Adware.MyWebSearch File infector 03/31/04 Adware.SysAI File infector 03/28/04 Backdoor.IRC.Aimwin File infector 04/01/04 Backdoor.IRC.Aladinz.O File infector 03/29/04 Backdoor.IRC.Mutebot File infector 04/04/04 Backdoor.IRC.Ratsou.D File infector 04/01/04 Backdoor.Lithium.D File infector 04/01/04 Backdoor.Medias File infector 03/28/04 Backdoor.Mutny File infector 04/01/04 Backdoor.Padok File infector 04/07/04 Backdoor.Powerspider.B File infector 04/01/04 Backdoor.Ranky.F File infector 04/01/04 Backdoor.Revacc File infector 03/30/04 Bloodhound.Exploit.8 File infector 04/07/04 Dialer.TeenSearch File infector 03/30/04 Dialer.WorldContent File infector 04/01/04 Download.Dialer File infector 04/07/04 Download.Tagdoor File infector 04/02/04 Downloader.Psyme File infector 04/01/04 Hacktool.Brutex File infector 04/07/04 Hacktool.Mailbomb File infector 04/01/04 Joke.Aprool File infector 04/01/04 Joke.Norantiv File infector 04/02/04 PWSteal.Bancos.H File infector 04/06/04 PWSteal.Bancos.gen File infector 03/31/04 PWSteal.Goldpay File infector 04/01/04 PWSteal.Lemir.G File infector 03/30/04 PWSteal.Netsnake.B File infector 04/01/04 PWSteal.Souljet File infector 04/04/04 PWSteal.Tarno.D File infector 04/04/04 PWSteal.Winhoo File infector 04/04/04 Spyware.Keylogger File infector 03/31/04 Trojan.AphexLace.Kit File infector 04/05/04 Trojan.Brutecode File infector 03/31/04 Trojan.Cookrar File infector 04/01/04 Trojan.LyndKrew File infector 04/01/04 Trojan.Mitglieder.G File infector 04/06/04 Trojan.Mitglieder.H File infector 04/07/04 Trojan.Natspammer File infector 04/02/04 Trojan.Trunlow File infector 04/01/04 VBS.Gaggle.D File infector 04/06/04 VBS.Tunk.A File infector 04/06/04 W32.Antifold File infector 04/07/04 W32.Antinny.K File infector 03/30/04 W32.Beagle.U@mm File infector 03/26/04 W32.Beagle.V@mm File infector 03/29/04 W32.Beagle.W@mm File infector 04/05/04 W32.Blackmal.B@mm File infector 04/01/04 W32.Bugbear.D@mm File infector 04/06/04 W32.Bugbear.E@mm File infector 04/05/04 W32.Dumaru.AI@mm File infector 04/06/04 W32.Faisal.B@mm File infector 04/07/04 W32.Faisal@mm File infector 04/06/04 W32.Fedot File infector 04/02/04 W32.Gaobot.SY File infector 04/01/04 W32.Gaobot.UJ File infector 04/01/04 W32.Gaobot.UK File infector 04/01/04 W32.Gaobot.UL File infector 04/01/04 W32.Gaobot.UM File infector 04/02/04 W32.Gaobot.WN File infector 04/04/04 W32.Gaobot.WO File infector 04/06/04 W32.Gaobot.WX File infector 04/06/04 W32.Gaobot.XA File infector 04/06/04 W32.Gaobot.XE File infector 04/06/04 W32.Gaobot.YA File infector 04/07/04 W32.Gaobot.YB File infector 04/07/04 W32.Gaobot.YC File infector 04/07/04 W32.HLLP.Philis File infector 03/27/04 W32.HLLP.Philis.B File infector 04/02/04 W32.Hitasin.Worm File infector 04/07/04 W32.Hobot.Worm File infector 04/07/04 W32.Lacrow@mm File infector 04/07/04 W32.Lovgate.R@mm File infector 04/05/04 W32.Lunarstorm@mm File infector 04/07/04 W32.Netsky.Q@mm File infector 03/28/04 W32.Netsky.Q@mm.enc File infector 03/30/04 W32.Netsky.R@mm File infector 03/31/04 W32.Netsky.S@mm File infector 04/05/04 W32.Netsky.T@mm File infector 04/06/04 W32.Netsky.U@mm File infector 04/07/04 W32.Randex.PI File infector 04/06/04 W32.Randex.PR File infector 03/30/04 W32.Randex.QG File infector 04/01/04 W32.Randex.RD File infector 04/02/04 W32.Randex.RU File infector 04/04/04 W32.Randex.SY File infector 04/07/04 W32.Randex.TY File infector 04/07/04 W32.Randex.TZ File infector 04/07/04 W32.Saydon File infector 04/07/04 W32.Sober.E@mm File infector 03/28/04 W32.Sober.F@mm File infector 04/04/04 W32.Solame.A File infector 04/05/04 W32.Tunk.A File infector 04/06/04 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Padok File infector 04/07/04 Bloodhound.Exploit.8 File infector 04/07/04 Download.Dialer File infector 04/07/04 Hacktool.Brutex File infector 04/07/04 Trojan.Mitglieder.H File infector 04/07/04 W32.Antifold File infector 04/07/04 W32.Faisal.B@mm File infector 04/07/04 W32.Gaobot.YA File infector 04/07/04 W32.Gaobot.YB File infector 04/07/04 W32.Gaobot.YC File infector 04/07/04 W32.Hitasin.Worm File infector 04/07/04 W32.Hobot.Worm File infector 04/07/04 W32.Lacrow@mm File infector 04/07/04 W32.Lunarstorm@mm File infector 04/07/04 W32.Netsky.U@mm File infector 04/07/04 W32.Randex.SY File infector 04/07/04 W32.Randex.TY File infector 04/07/04 W32.Randex.TZ File infector 04/07/04 W32.Saydon File infector 04/07/04 Adware.Chinet File infector 04/06/04 PWSteal.Bancos.H File infector 04/06/04 Trojan.Mitglieder.G File infector 04/06/04 VBS.Gaggle.D File infector 04/06/04 VBS.Tunk.A File infector 04/06/04 W32.Bugbear.D@mm File infector 04/06/04 W32.Dumaru.AI@mm File infector 04/06/04 W32.Faisal@mm File infector 04/06/04 W32.Gaobot.WO File infector 04/06/04 W32.Gaobot.WX File infector 04/06/04 W32.Gaobot.XA File infector 04/06/04 W32.Gaobot.XE File infector 04/06/04 W32.Netsky.T@mm File infector 04/06/04 W32.Randex.PI File infector 04/06/04 W32.Tunk.A File infector 04/06/04 Trojan.AphexLace.Kit File infector 04/05/04 W32.Beagle.W@mm File infector 04/05/04 W32.Bugbear.E@mm File infector 04/05/04 W32.Lovgate.R@mm File infector 04/05/04 W32.Netsky.S@mm File infector 04/05/04 W32.Solame.A File infector 04/05/04 Adware.HungryHands File infector 04/04/04 Backdoor.IRC.Mutebot File infector 04/04/04 PWSteal.Souljet File infector 04/04/04 PWSteal.Tarno.D File infector 04/04/04 PWSteal.Winhoo File infector 04/04/04 W32.Gaobot.WN File infector 04/04/04 W32.Randex.RU File infector 04/04/04 W32.Sober.F@mm File infector 04/04/04 Download.Tagdoor File infector 04/02/04 Joke.Norantiv File infector 04/02/04 Trojan.Natspammer File infector 04/02/04 W32.Fedot File infector 04/02/04 W32.Gaobot.UM File infector 04/02/04 W32.HLLP.Philis.B File infector 04/02/04 W32.Randex.RD File infector 04/02/04 Adware.DreamAd File infector 04/01/04 Backdoor.IRC.Aimwin File infector 04/01/04 Backdoor.IRC.Ratsou.D File infector 04/01/04 Backdoor.Lithium.D File infector 04/01/04 Backdoor.Mutny File infector 04/01/04 Backdoor.Powerspider.B File infector 04/01/04 Backdoor.Ranky.F File infector 04/01/04 Dialer.WorldContent File infector 04/01/04 Downloader.Psyme File infector 04/01/04 Hacktool.Mailbomb File infector 04/01/04 Joke.Aprool File infector 04/01/04 PWSteal.Goldpay File infector 04/01/04 PWSteal.Netsnake.B File infector 04/01/04 Trojan.Cookrar File infector 04/01/04 Trojan.LyndKrew File infector 04/01/04 Trojan.Trunlow File infector 04/01/04 W32.Blackmal.B@mm File infector 04/01/04 W32.Gaobot.SY File infector 04/01/04 W32.Gaobot.UJ File infector 04/01/04 W32.Gaobot.UK File infector 04/01/04 W32.Gaobot.UL File infector 04/01/04 W32.Randex.QG File infector 04/01/04 Adware.MyWebSearch File infector 03/31/04 PWSteal.Bancos.gen File infector 03/31/04 Spyware.Keylogger File infector 03/31/04 Trojan.Brutecode File infector 03/31/04 W32.Netsky.R@mm File infector 03/31/04 Adware.DelFin File infector 03/30/04 Adware.MessStopper File infector 03/30/04 Backdoor.Revacc File infector 03/30/04 Dialer.TeenSearch File infector 03/30/04 PWSteal.Lemir.G File infector 03/30/04 W32.Antinny.K File infector 03/30/04 W32.Netsky.Q@mm.enc File infector 03/30/04 W32.Randex.PR File infector 03/30/04 Backdoor.IRC.Aladinz.O File infector 03/29/04 W32.Beagle.V@mm File infector 03/29/04 Adware.Incredifind File infector 03/28/04 Adware.SysAI File infector 03/28/04 Backdoor.Medias File infector 03/28/04 W32.Netsky.Q@mm File infector 03/28/04 W32.Sober.E@mm File infector 03/28/04 Adware.FavoriteMan File infector 03/27/04 W32.HLLP.Philis File infector 03/27/04 W32.Beagle.U@mm File infector 03/26/04 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.Fxdoor to Tcl.Sendrak 01/18/04 Backdoor.Lolok.B to W97M.Tebit 01/22/04 Downloader.Qbot to Trojan.Etsur 03/12/04 HTML.Bother.3180 to VBS.Bother.3180 02/13/04 HTML.Bother.3180.dr to VBS.Bother.3180.dr 02/13/04 HTML.Davinia.B.dam to VBS.Davinia.B.dam 02/13/04 HTML.Davinia.dam to VBS.Davinia.dam 02/13/04 HTML.Enel.3787 to VBS.Enel.3787 02/13/04 HTML.Enel.3787 (2) to VBS.Enel.3787 (2) 02/13/04 HTML.NoWarn.1921 to VBS.NoWarn.1921 02/13/04 HTML.NoWarn.1921 (2) to VBS.NoWarn.1921 (2) 02/13/04 HTML.Offline.1152 to VBS.Offline.1152 02/13/04 HTML.Panamas to VBS.Panamas 02/13/04 HTML.Prepend to VBS.Prepend 02/13/04 HTML.Prepender to VBS.Prepender 02/13/04 HTML.Pswform.trojan to VBS.Pswform.trojan 02/13/04 HTML.Reality to VBS.Reality 02/13/04 HTML.Reality.B to VBS.Reality.B 02/13/04 HTML.Reality.D to VBS.Reality.D 02/13/04 HTML.Redir.1152 to VBS.Redir.1152 02/13/04 HTML.Redlof.A to VBS.Redlof.A 02/13/04 HTML.Rumbile to VBS.Rumbile 02/13/04 HTML.StartMe to JS.StartMe 02/13/04 HTML.Tipsy.1969 to JS.Tipsy.1969 02/13/04 Hacktool.X-Scan to Hacktool.XScan 01/19/04 PWSteal.Leox to W32.HLLW.Leox 01/19/04 Trojan.Conspy to Adware.Conspy 02/11/04 Trojan.Dalfer.C to W32.Spybot.WI 01/18/04 Trojan.Dalfer.C to W97M.Twopey.E 01/15/04 VBS.Nohat@mm@int to VBS.Nohat@mm.int 02/11/04 W32.Alua@mm to W32.Beagle.B@mm 02/17/04 W32.Beagle.F@mm tr to W32.Beagle.F@mm(zip) 03/03/04 W32.Beagle.F@mm(zip) to W32.Beagle@mm!zip 03/03/04 W32.Beagle.W@mm to Trojan.Mitglieder.F 04/05/04 W32.Bugbear.E@mm to W32.Bugbear.C@mm 04/06/04 W32.Dumaru.AI@mm to Backdoor.Nibu.D 04/06/04 W32.Gaobot.gen!poly to W32.HLLW.Polybot 03/25/04 W32.HLLW.Polybot to W32.Gaobot.gen!poly 03/23/04 W32.HLLW.Polybot.B to W32.Gaobot.SA 03/23/04 W32.HLLW.Rolog to W32.Letin 02/05/04 W32.Lovgate.N@mm to W32.HLLW.Lovgate.N@mm 03/18/04 W32.Mimail.R@mm to W32.Mimail.S@mm 01/29/04 W32.Netsky.Q@mm to W32.Netsky.P@mm 03/22/04 W32.Novarg.A@mm to W32.Mydoom.A@mm 02/04/04 W32.Randex.QG to W32.Gaobot.VV 04/02/04 W32.Rusty@mm to W32.Rusty@m 02/16/04 W32.Yenik.A.Worm to W32.Yenik.A@mm 02/10/04 W97M.Chameleon.B to W97M.Chameleon.I 02/12/04 W97M.Gedza to O97M.Gedza 01/22/04 X97M.Gedza to VBS.Vaper@mm 01/22/04 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ W32.Bugbear.E@mm to W32.Bugbear.C@mm 04/06/04 W32.Dumaru.AI@mm to Backdoor.Nibu.D 04/06/04 W32.Beagle.W@mm to Trojan.Mitglieder.F 04/05/04 W32.Randex.QG to W32.Gaobot.VV 04/02/04 W32.Gaobot.gen!poly to W32.HLLW.Polybot 03/25/04 W32.HLLW.Polybot to W32.Gaobot.gen!poly 03/23/04 W32.HLLW.Polybot.B to W32.Gaobot.SA 03/23/04 W32.Netsky.Q@mm to W32.Netsky.P@mm 03/22/04 W32.Lovgate.N@mm to W32.HLLW.Lovgate.N@mm 03/18/04 Downloader.Qbot to Trojan.Etsur 03/12/04 W32.Beagle.F@mm tr to W32.Beagle.F@mm(zip) 03/03/04 W32.Beagle.F@mm(zip) to W32.Beagle@mm!zip 03/03/04 W32.Alua@mm to W32.Beagle.B@mm 02/17/04 W32.Rusty@mm to W32.Rusty@m 02/16/04 HTML.Bother.3180 to VBS.Bother.3180 02/13/04 HTML.Bother.3180.dr to VBS.Bother.3180.dr 02/13/04 HTML.Davinia.B.dam to VBS.Davinia.B.dam 02/13/04 HTML.Davinia.dam to VBS.Davinia.dam 02/13/04 HTML.Enel.3787 to VBS.Enel.3787 02/13/04 HTML.Enel.3787 (2) to VBS.Enel.3787 (2) 02/13/04 HTML.NoWarn.1921 to VBS.NoWarn.1921 02/13/04 HTML.NoWarn.1921 (2) to VBS.NoWarn.1921 (2) 02/13/04 HTML.Offline.1152 to VBS.Offline.1152 02/13/04 HTML.Panamas to VBS.Panamas 02/13/04 HTML.Prepend to VBS.Prepend 02/13/04 HTML.Prepender to VBS.Prepender 02/13/04 HTML.Pswform.trojan to VBS.Pswform.trojan 02/13/04 HTML.Reality to VBS.Reality 02/13/04 HTML.Reality.B to VBS.Reality.B 02/13/04 HTML.Reality.D to VBS.Reality.D 02/13/04 HTML.Redir.1152 to VBS.Redir.1152 02/13/04 HTML.Redlof.A to VBS.Redlof.A 02/13/04 HTML.Rumbile to VBS.Rumbile 02/13/04 HTML.StartMe to JS.StartMe 02/13/04 HTML.Tipsy.1969 to JS.Tipsy.1969 02/13/04 W97M.Chameleon.B to W97M.Chameleon.I 02/12/04 Trojan.Conspy to Adware.Conspy 02/11/04 VBS.Nohat@mm@int to VBS.Nohat@mm.int 02/11/04 W32.Yenik.A.Worm to W32.Yenik.A@mm 02/10/04 W32.HLLW.Rolog to W32.Letin 02/05/04 W32.Novarg.A@mm to W32.Mydoom.A@mm 02/04/04 W32.Mimail.R@mm to W32.Mimail.S@mm 01/29/04 Backdoor.Lolok.B to W97M.Tebit 01/22/04 W97M.Gedza to O97M.Gedza 01/22/04 X97M.Gedza to VBS.Vaper@mm 01/22/04 Hacktool.X-Scan to Hacktool.XScan 01/19/04 PWSteal.Leox to W32.HLLW.Leox 01/19/04 Backdoor.Fxdoor to Tcl.Sendrak 01/18/04 Trojan.Dalfer.C to W32.Spybot.WI 01/18/04 Trojan.Dalfer.C to W97M.Twopey.E 01/15/04 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Adware.BlazeFind File infector 03/25/04 Adware.ClickAlchemy File infector 03/25/04 Adware.Topotun File infector 03/25/04 Backdoor.Cazno File infector 03/25/04 Backdoor.Cazno.Kit File infector 03/25/04 Backdoor.Danton File infector 03/25/04 Backdoor.IRC.Aladinz.N File infector 03/25/04 Backdoor.IRC.MyPoo File infector 03/25/04 Backdoor.IRC.MyPoo.Kit File infector 03/25/04 Backdoor.IRC.Spybuzz File infector 03/25/04 Backdoor.R3C.B File infector 03/25/04 Backdoor.Ranky.E File infector 03/25/04 Backdoor.Tumag File infector 03/25/04 Dialer.Sikic File infector 03/25/04 Download.SmallWeb File infector 03/25/04 Download.SmallWeb.Kit File infector 03/25/04 Hacktool.Asni File infector 03/25/04 Hacktool.SQLck File infector 03/25/04 Trojan.FlagTest File infector 03/27/04 W32.Gaobot.SN File infector 03/26/04 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ Trojan.FlagTest File infector 03/27/04 W32.Gaobot.SN File infector 03/26/04 Adware.BlazeFind File infector 03/25/04 Adware.ClickAlchemy File infector 03/25/04 Adware.Topotun File infector 03/25/04 Backdoor.Cazno File infector 03/25/04 Backdoor.Cazno.Kit File infector 03/25/04 Backdoor.Danton File infector 03/25/04 Backdoor.IRC.Aladinz.N File infector 03/25/04 Backdoor.IRC.MyPoo File infector 03/25/04 Backdoor.IRC.MyPoo.Kit File infector 03/25/04 Backdoor.IRC.Spybuzz File infector 03/25/04 Backdoor.R3C.B File infector 03/25/04 Backdoor.Ranky.E File infector 03/25/04 Backdoor.Tumag File infector 03/25/04 Dialer.Sikic File infector 03/25/04 Download.SmallWeb File infector 03/25/04 Download.SmallWeb.Kit File infector 03/25/04 Hacktool.Asni File infector 03/25/04 Hacktool.SQLck File infector 03/25/04 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.