********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response April 16, 2002 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W95.Hybris.worm 2 W95.MTX 3 Wscript.KakWorm 4 W32.HLLW.Bymer 5 W32.Magistr.24876@mm 6 W32.Badtrans.13312@mm 7 W32.Navidad.16896 8 Happy99.Worm 9 VBS.LoveLetter 10 W32.HLLW.Qaz ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/15/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). 08/19/99 * Added detection and repair for embedded documents inside PowerPoint 97. 11/22/99 * Added detection and repair for Trojans embedded in OLE files, such as Windows scrap files and MS Office documents. * Added detection for viruses which infect Microsoft Project documents (P98M.Corner.A, for example). 02/10/00 * Added support for scanning of UNIX executables. * Added detection for infected Visio documents. 12/18/00 * Added heuristics for for 32-bit Windows viruses. * Added a script scanner which increases our capabilities for detecting script based threats. 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- ABAP.Rivpas.A File infector 04/16/02 Arfav.28781 File infector 04/15/02 BAT.DelwinIni.Trojan File infector 04/12/02 Bin.466.B File infector 04/15/02 Bin.Auto.BVH File infector 04/12/02 Bin.Auto.BVI File infector 04/12/02 Bin.Auto.BVJ File infector 04/12/02 Bin.Auto.BVK File infector 04/12/02 Bin.Auto.BVL File infector 04/12/02 Bin.Auto.BVM File infector 04/12/02 Bin.Auto.BVN File infector 04/12/02 Bin.Auto.BVO File infector 04/12/02 Bin.Auto.BVP File infector 04/12/02 Bin.Auto.BVQ File infector 04/12/02 Bin.Auto.BWG File infector 04/15/02 Bin.Auto.BWH File infector 04/15/02 Bin.Auto.BWI File infector 04/15/02 Bin.Auto.BWJ File infector 04/15/02 Bin.Auto.BWK File infector 04/15/02 Bin.Auto.BWL File infector 04/15/02 Bin.Auto.BWM File infector 04/15/02 Bin.Auto.BWN File infector 04/15/02 Bin.Auto.BWO File infector 04/15/02 Bin.Auto.BWP File infector 04/15/02 Bin.Auto.BWQ File infector 04/15/02 Bin.Auto.BWR File infector 04/15/02 Bin.Auto.BWS File infector 04/15/02 Bin.Auto.BWT File infector 04/15/02 Bin.Auto.BWU File infector 04/15/02 Bin.Auto.BWV File infector 04/15/02 Bin.Auto.BWW File infector 04/15/02 Bin.Auto.BWX File infector 04/15/02 Bin.Auto.BWY File infector 04/15/02 Bin.Auto.BWZ File infector 04/15/02 Bin.Auto.BXA File infector 04/15/02 Bin.Auto.BXB File infector 04/15/02 Bin.Auto.BXC File infector 04/15/02 Bin.Auto.BXD File infector 04/15/02 Bin.Auto.BXE File infector 04/15/02 Bin.Auto.BXF File infector 04/15/02 Bin.Auto.BXG File infector 04/15/02 Bin.Auto.BXH File infector 04/15/02 Bin.Auto.BXI File infector 04/15/02 Bin.Auto.BXJ File infector 04/15/02 Bin.Auto.BXK File infector 04/15/02 Bin.Auto.BXL File infector 04/15/02 Bin.Auto.BXM File infector 04/16/02 Bin.Auto.BXN File infector 04/16/02 Bin.Auto.BXO File infector 04/16/02 Bin.Auto.BXP File infector 04/16/02 Boot.Dragon1.b Boot infector 04/15/02 Caterpillar.1819 File infector 04/15/02 Elf.3290 File infector 04/16/02 Evolution.2910.b File infector 04/15/02 GCAE.2530 File infector 04/16/02 GCAE.WildDog.997 File infector 04/15/02 HLL.9131 (1) File infector 04/15/02 HLL.9131 (2) File infector 04/15/02 HTML.Redlof.A File infector 04/16/02 IRC.Kazimas.worm File infector 04/16/02 Ircsux.341 File infector 04/15/02 Irxsux.341 File infector 04/15/02 LightGeneral.1168 File infector 04/15/02 Lost_Love.356 File infector 04/16/02 Neum.4338 File infector 04/16/02 Orto.901 File infector 04/15/02 PS-MPC.516 File infector 04/16/02 PS-MPC.618.C File infector 04/16/02 PS-MPC.876 File infector 04/16/02 PS-MPC.950 File infector 04/16/02 Promis File infector 04/15/02 SVC.3121 File infector 04/16/02 SVS.c Boot infector 04/15/02 Script.HE.Flys File infector 04/16/02 SillyC.226 File infector 04/16/02 SillyE.family File infector 04/16/02 Stoned.March6.a7 Boot infector 04/15/02 Stoned.March6.k Boot infector 04/15/02 Stoned.c4 Boot infector 04/15/02 TPE.cw.1915 File infector 04/16/02 Tchechen.Gen.A File infector 04/15/02 Trojan.Winsex File infector 04/15/02 Uruguay.2721 File infector 04/16/02 VBS.Chikita File infector 04/16/02 VBS.Indra@mm File infector 04/16/02 VBS.Jaggal File infector 04/16/02 VBS.Moon@mm File infector 04/15/02 VCL.862 File infector 04/16/02 W32.Mylife.I@mm File infector 04/15/02 W32.Wanhope.1834 File infector 04/15/02 W95.Lanky.3153 File infector 04/15/02 W95.Stoogy.6031 File infector 04/16/02 W95.Stoogy@mm File infector 04/15/02 W95.Wideman.8135 File infector 04/15/02 W97M.Doublet File infector 04/16/02 Worm.Automat.AGQ File infector 04/15/02 X97M.Divi.O File infector 04/15/02 Yankee.1047.B File infector 04/16/02 Zhengxi.7313 File infector 04/16/02 Zombie.2493 File infector 04/16/02 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- ABAP.Rivpas.A File infector 04/16/02 Bin.Auto.BXM File infector 04/16/02 Bin.Auto.BXN File infector 04/16/02 Bin.Auto.BXO File infector 04/16/02 Bin.Auto.BXP File infector 04/16/02 Elf.3290 File infector 04/16/02 GCAE.2530 File infector 04/16/02 HTML.Redlof.A File infector 04/16/02 IRC.Kazimas.worm File infector 04/16/02 Lost_Love.356 File infector 04/16/02 Neum.4338 File infector 04/16/02 PS-MPC.516 File infector 04/16/02 PS-MPC.618.C File infector 04/16/02 PS-MPC.876 File infector 04/16/02 PS-MPC.950 File infector 04/16/02 SVC.3121 File infector 04/16/02 Script.HE.Flys File infector 04/16/02 SillyC.226 File infector 04/16/02 SillyE.family File infector 04/16/02 TPE.cw.1915 File infector 04/16/02 Uruguay.2721 File infector 04/16/02 VBS.Chikita File infector 04/16/02 VBS.Indra@mm File infector 04/16/02 VBS.Jaggal File infector 04/16/02 VCL.862 File infector 04/16/02 W95.Stoogy.6031 File infector 04/16/02 W97M.Doublet File infector 04/16/02 Yankee.1047.B File infector 04/16/02 Zhengxi.7313 File infector 04/16/02 Zombie.2493 File infector 04/16/02 Arfav.28781 File infector 04/15/02 Bin.466.B File infector 04/15/02 Bin.Auto.BWG File infector 04/15/02 Bin.Auto.BWH File infector 04/15/02 Bin.Auto.BWI File infector 04/15/02 Bin.Auto.BWJ File infector 04/15/02 Bin.Auto.BWK File infector 04/15/02 Bin.Auto.BWL File infector 04/15/02 Bin.Auto.BWM File infector 04/15/02 Bin.Auto.BWN File infector 04/15/02 Bin.Auto.BWO File infector 04/15/02 Bin.Auto.BWP File infector 04/15/02 Bin.Auto.BWQ File infector 04/15/02 Bin.Auto.BWR File infector 04/15/02 Bin.Auto.BWS File infector 04/15/02 Bin.Auto.BWT File infector 04/15/02 Bin.Auto.BWU File infector 04/15/02 Bin.Auto.BWV File infector 04/15/02 Bin.Auto.BWW File infector 04/15/02 Bin.Auto.BWX File infector 04/15/02 Bin.Auto.BWY File infector 04/15/02 Bin.Auto.BWZ File infector 04/15/02 Bin.Auto.BXA File infector 04/15/02 Bin.Auto.BXB File infector 04/15/02 Bin.Auto.BXC File infector 04/15/02 Bin.Auto.BXD File infector 04/15/02 Bin.Auto.BXE File infector 04/15/02 Bin.Auto.BXF File infector 04/15/02 Bin.Auto.BXG File infector 04/15/02 Bin.Auto.BXH File infector 04/15/02 Bin.Auto.BXI File infector 04/15/02 Bin.Auto.BXJ File infector 04/15/02 Bin.Auto.BXK File infector 04/15/02 Bin.Auto.BXL File infector 04/15/02 Boot.Dragon1.b Boot infector 04/15/02 Caterpillar.1819 File infector 04/15/02 Evolution.2910.b File infector 04/15/02 GCAE.WildDog.997 File infector 04/15/02 HLL.9131 (1) File infector 04/15/02 HLL.9131 (2) File infector 04/15/02 Ircsux.341 File infector 04/15/02 Irxsux.341 File infector 04/15/02 LightGeneral.1168 File infector 04/15/02 Orto.901 File infector 04/15/02 Promis File infector 04/15/02 SVS.c Boot infector 04/15/02 Stoned.March6.a7 Boot infector 04/15/02 Stoned.March6.k Boot infector 04/15/02 Stoned.c4 Boot infector 04/15/02 Tchechen.Gen.A File infector 04/15/02 Trojan.Winsex File infector 04/15/02 VBS.Moon@mm File infector 04/15/02 W32.Mylife.I@mm File infector 04/15/02 W32.Wanhope.1834 File infector 04/15/02 W95.Lanky.3153 File infector 04/15/02 W95.Stoogy@mm File infector 04/15/02 W95.Wideman.8135 File infector 04/15/02 Worm.Automat.AGQ File infector 04/15/02 X97M.Divi.O File infector 04/15/02 BAT.DelwinIni.Trojan File infector 04/12/02 Bin.Auto.BVH File infector 04/12/02 Bin.Auto.BVI File infector 04/12/02 Bin.Auto.BVJ File infector 04/12/02 Bin.Auto.BVK File infector 04/12/02 Bin.Auto.BVL File infector 04/12/02 Bin.Auto.BVM File infector 04/12/02 Bin.Auto.BVN File infector 04/12/02 Bin.Auto.BVO File infector 04/12/02 Bin.Auto.BVP File infector 04/12/02 Bin.Auto.BVQ File infector 04/12/02 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Arfav.28781 to Elf.3400 04/15/02 Bat.Mosquito to Bat.Mosquito.B.gen 04/05/02 Boot.Ebo.mp to Boot/Ebo.mp 03/11/02 Boot.Fagen to Boot/Fagen 03/11/02 Boot.Flame to Boot/Flame 03/11/02 Boot.Hide-and-Seek to Boot/Hide-and-Seek 03/11/02 Boot.HideMBR to Boot/HideMBR 03/11/02 Boot.Qwerty to Boot/Qwerty 03/11/02 Boot/BootDr193 to BootDr193 03/11/02 Boot/Ebo.mp to Boot.Ebo.mp 03/11/02 Boot/Fagen to Boot.Fagen 03/11/02 Boot/Flame to Boot.Flame 03/11/02 Boot/Hide-and-Seek to Boot.Hide-and-Seek 03/11/02 Boot/HideMBR to Boot.HideMBR 03/11/02 Boot/Qwerty to Boot.Qwerty 03/11/02 BootDr193 to Boot/BootDr193 03/11/02 HLLC.Rider.5552 to HLLC/Rider.5552 03/11/02 HLLO.10579 to Unhappy.763 04/11/02 JS.Odyssey.602.dr to JS.Odyssey.dr 03/18/02 VBS.AntiSocial.E to VBS.AntiSocial 03/18/02 VBS.Bee.A to VBS.Bee 03/18/02 VBS.Breetnee@mm to VBS.Chick@mm 03/25/02 VBS.Infort.A to VBS.Infort 03/28/02 VBS.TRun98 to JS.TRun98 03/18/02 W32.Aphex@mm to W32.Aplore@mm 04/09/02 W32.Atram@mm to W32.Storiel@mm 03/20/02 W32.Caric@mm to W32.MyLife.B@mm 03/22/02 W32.Impo.Worm to W32.Impo.gen@mm 03/14/02 W32.Impo.Worm to W32.Impo@mm 03/14/02 W32.Impo.gen@mm to W32.FBound.gen@mm 03/18/02 W32.NGVCK.Gen to W95.Doggie.AK 03/19/02 W32.VBSWG.dr to W32.Natah.intd 04/09/02 W95.Axiety.2471 to W95.Anxiety.2471 03/25/02 W95.Doggie.AK to W95.Deemo 04/03/02 W95.Stoogy@mm to W95.Stoogy.Worm@mm 04/16/02 W97M.BPTK.A to W97M.BPTK 03/20/02 W97M.Canned.A to W97M.Opener 03/20/02 W97M.Example.B to W97M.Example.gen 03/12/02 W97M.Exceller.B to O97M.Exceller.B 04/12/02 W97M.Iav.B to W97M.Dest.G 03/20/02 W97M.Pr.A to W97M.Pr 03/20/02 W97M.Specmill.A to W97M.Specmil 03/20/02 W97M.Treoff.A to W97M.Doccopy.E 04/11/02 W97M.YourName.A to W97M.Intro.A 04/11/02 Weed.5590 (3) to Trivial.34 (1) 04/02/02 Winfig.Trojan to W32.Winfig.Gen 04/15/02 Worm.Automat.AGQ to VBS.Dracv 04/16/02 X97M.Plexar to O97M.Plexar 03/20/02 X97M.ROH.A to X97M.Ellar.D 04/11/02 X97M.Xchg to O97M.Xchg 04/05/02 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ W95.Stoogy@mm to W95.Stoogy.Worm@mm 04/16/02 Worm.Automat.AGQ to VBS.Dracv 04/16/02 Arfav.28781 to Elf.3400 04/15/02 Winfig.Trojan to W32.Winfig.Gen 04/15/02 W97M.Exceller.B to O97M.Exceller.B 04/12/02 HLLO.10579 to Unhappy.763 04/11/02 W97M.Treoff.A to W97M.Doccopy.E 04/11/02 W97M.YourName.A to W97M.Intro.A 04/11/02 X97M.ROH.A to X97M.Ellar.D 04/11/02 W32.Aphex@mm to W32.Aplore@mm 04/09/02 W32.VBSWG.dr to W32.Natah.intd 04/09/02 Bat.Mosquito to Bat.Mosquito.B.gen 04/05/02 X97M.Xchg to O97M.Xchg 04/05/02 W95.Doggie.AK to W95.Deemo 04/03/02 Weed.5590 (3) to Trivial.34 (1) 04/02/02 VBS.Infort.A to VBS.Infort 03/28/02 VBS.Breetnee@mm to VBS.Chick@mm 03/25/02 W95.Axiety.2471 to W95.Anxiety.2471 03/25/02 W32.Caric@mm to W32.MyLife.B@mm 03/22/02 W32.Atram@mm to W32.Storiel@mm 03/20/02 W97M.BPTK.A to W97M.BPTK 03/20/02 W97M.Canned.A to W97M.Opener 03/20/02 W97M.Iav.B to W97M.Dest.G 03/20/02 W97M.Pr.A to W97M.Pr 03/20/02 W97M.Specmill.A to W97M.Specmil 03/20/02 X97M.Plexar to O97M.Plexar 03/20/02 W32.NGVCK.Gen to W95.Doggie.AK 03/19/02 JS.Odyssey.602.dr to JS.Odyssey.dr 03/18/02 VBS.AntiSocial.E to VBS.AntiSocial 03/18/02 VBS.Bee.A to VBS.Bee 03/18/02 VBS.TRun98 to JS.TRun98 03/18/02 W32.Impo.gen@mm to W32.FBound.gen@mm 03/18/02 W32.Impo.Worm to W32.Impo.gen@mm 03/14/02 W32.Impo.Worm to W32.Impo@mm 03/14/02 W97M.Example.B to W97M.Example.gen 03/12/02 Boot.Ebo.mp to Boot/Ebo.mp 03/11/02 Boot.Fagen to Boot/Fagen 03/11/02 Boot.Flame to Boot/Flame 03/11/02 Boot.Hide-and-Seek to Boot/Hide-and-Seek 03/11/02 Boot.HideMBR to Boot/HideMBR 03/11/02 Boot.Qwerty to Boot/Qwerty 03/11/02 Boot/BootDr193 to BootDr193 03/11/02 Boot/Ebo.mp to Boot.Ebo.mp 03/11/02 Boot/Fagen to Boot.Fagen 03/11/02 Boot/Flame to Boot.Flame 03/11/02 Boot/Hide-and-Seek to Boot.Hide-and-Seek 03/11/02 Boot/HideMBR to Boot.HideMBR 03/11/02 Boot/Qwerty to Boot.Qwerty 03/11/02 BootDr193 to Boot/BootDr193 03/11/02 HLLC.Rider.5552 to HLLC/Rider.5552 03/11/02 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Alaper.ow File infector 03/11/02 Anti-Aznar.666 File infector 03/28/02 Armenia.230 File infector 03/11/02 Backdoor.Litmus (2) File infector 03/11/02 Backdoor.Trojan.dr(5) File infector 04/08/02 Bishop.15706.b (2) File infector 03/11/02 Boot.Hitler Boot infector 03/11/02 Boot.Megast.907 Boot infector 03/11/02 Boot.Stoned.Torm Boot infector 04/15/02 Boot.Wyx.c Boot infector 03/11/02 Casper.cav.380 File infector 03/11/02 Fir.3467 File infector 03/11/02 HLL.9131 (1) File infector 04/15/02 HLL.9131 (2) File infector 04/15/02 HLLO.10579 (2) File infector 04/11/02 HLLO.10579 (3) File infector 04/11/02 Trivial.34 (1) File infector 04/02/02 Unhappy.763 File infector 04/11/02 Weed.5590 File infector 04/02/02 Weed.5590 (2) File infector 04/02/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ Boot.Stoned.Torm Boot infector 04/15/02 HLL.9131 (1) File infector 04/15/02 HLL.9131 (2) File infector 04/15/02 HLLO.10579 (2) File infector 04/11/02 HLLO.10579 (3) File infector 04/11/02 Unhappy.763 File infector 04/11/02 Backdoor.Trojan.dr(5) File infector 04/08/02 Trivial.34 (1) File infector 04/02/02 Weed.5590 File infector 04/02/02 Weed.5590 (2) File infector 04/02/02 Anti-Aznar.666 File infector 03/28/02 Alaper.ow File infector 03/11/02 Armenia.230 File infector 03/11/02 Backdoor.Litmus (2) File infector 03/11/02 Bishop.15706.b (2) File infector 03/11/02 Boot.Hitler Boot infector 03/11/02 Boot.Megast.907 Boot infector 03/11/02 Boot.Wyx.c Boot infector 03/11/02 Casper.cav.380 File infector 03/11/02 Fir.3467 File infector 03/11/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.