********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response October 07, 2002 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W32.Klez.H@mm 2 W32.Nimda.A@mm 3 W32.Klez.E@mm 4 W32.Nimda.E@mm 5 W95.Hybris.worm 6 Trojan Horse 7 W32.Magistr.39921@mm 8 Backdoor.Trojan 9 JS.Seeker 10 W32.Badtrans.B@mm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/15/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). 08/19/99 * Added detection and repair for embedded documents inside PowerPoint 97. 11/22/99 * Added detection and repair for Trojans embedded in OLE files, such as Windows scrap files and MS Office documents. * Added detection for viruses which infect Microsoft Project documents (P98M.Corner.A, for example). 02/10/00 * Added support for scanning of UNIX executables. * Added detection for infected Visio documents. 12/18/00 * Added heuristics for for 32-bit Windows viruses. * Added a script scanner which increases our capabilities for detecting script based threats. 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- BAT.Trilissa@mm File infector 09/11/02 BAT.Without.C@mm File infector 10/02/02 Backdoor.AntiLam.20 File infector 09/10/02 Backdoor.Armageddon.B File infector 09/23/02 Backdoor.ConstructKit File infector 09/10/02 Backdoor.Cyn File infector 09/10/02 Backdoor.DarkFtp File infector 09/20/02 Backdoor.DarkSky.B File infector 10/03/02 Backdoor.Dumba File infector 09/17/02 Backdoor.Elitem File infector 09/27/02 Backdoor.F3bot File infector 09/23/02 Backdoor.FTP_Ana.B File infector 09/30/02 Backdoor.FunFactory File infector 09/11/02 Backdoor.Goster File infector 09/30/02 Backdoor.Helios File infector 09/12/02 Backdoor.Kaitex.B File infector 09/25/02 Backdoor.Litmus.2a File infector 09/23/02 Backdoor.Optix.04 File infector 09/10/02 Backdoor.OptixPro.11 File infector 09/24/02 Backdoor.OptixPro.12 File infector 09/10/02 Backdoor.Pest.Cli File infector 09/25/02 Backdoor.Pestdoor File infector 10/03/02 Backdoor.Phoenix File infector 09/16/02 Backdoor.RCServ File infector 09/10/02 Backdoor.RMFDoor.Cli File infector 09/24/02 Backdoor.Roxrat.10 File infector 09/23/02 Backdoor.Sequel File infector 09/10/02 Backdoor.Sparta.B File infector 09/11/02 Backdoor.Zenmaster File infector 09/11/02 Bin.Auto.CAP File infector 09/23/02 FreeBSD.Rootkit File infector 10/02/02 HLLP.Bishop.20251 File infector 09/10/02 HLLP.Cyb.8197 File infector 09/10/02 HTML.Reality.D File infector 09/25/02 IRC.Pelic.Worm File infector 10/02/02 Linux.Dup.Trojan File infector 09/23/02 Linux.Slapper.D File infector 10/01/02 Linux.Slapper.Worm File infector 09/16/02 PHP.Appix File infector 09/19/02 PWSteal.BStroj File infector 09/25/02 TSQL.Viroom File infector 09/12/02 Trojan.Adclicker File infector 09/13/02 Trojan.Avid File infector 09/18/02 Trojan.Diskfil File infector 09/20/02 Trojan.FireAnvil File infector 09/11/02 Trojan.Imiserv File infector 09/18/02 Trojan.IrcBounce File infector 09/12/02 Trojan.JaneBoot File infector 09/25/02 Trojan.PSW.Ajim_bbs File infector 09/19/02 Trojan.WinReboot File infector 09/25/02 VBS.Chick.H@mm File infector 10/07/02 VBS.Corica@mm File infector 09/27/02 VBS.Deev@mm File infector 09/19/02 VBS.Deltad.A@mm File infector 09/18/02 VBS.Ednav.B@mm File infector 09/17/02 VBS.Indra.B@mm File infector 10/07/02 VBS.Melhack.B File infector 09/16/02 W32.Alpoor.6144 File infector 09/19/02 W32.Ameter@m File infector 09/24/02 W32.Appix.B.Worm File infector 09/24/02 W32.Appix.Worm File infector 09/17/02 W32.Archimime File infector 09/17/02 W32.Binghe File infector 10/02/02 W32.Bugbear@mm File infector 09/30/02 W32.Cazinat@mm File infector 09/27/02 W32.Chet@mm File infector 09/11/02 W32.Cianam.Worm File infector 09/27/02 W32.Deev@mm File infector 09/19/02 W32.Deltad.A@mm File infector 09/18/02 W32.Duksten@mm File infector 09/17/02 W32.Efno.Worm File infector 09/16/02 W32.Elet File infector 10/02/02 W32.Enert File infector 10/02/02 W32.Frethem.R File infector 09/20/02 W32.Gillich.Mirc File infector 10/02/02 W32.HLLO.Samand File infector 10/07/02 W32.HLLP.Flate.D File infector 10/01/02 W32.HLLP.Flate.F File infector 10/02/02 W32.HLLP.Ipamor File infector 10/02/02 W32.HLLP.Zwqq File infector 09/16/02 W32.HLLW.Dax File infector 09/18/02 W32.HLLW.Kazdot File infector 09/27/02 W32.HLLW.Kazkaz File infector 09/16/02 W32.HLLW.Kazspre File infector 09/23/02 W32.HLLW.Tefuss File infector 09/19/02 W32.Hobble@mm File infector 09/24/02 W32.Indor File infector 09/17/02 W32.Jonbarr@mm File infector 09/13/02 W32.Juejue File infector 10/02/02 W32.Lovit File infector 10/02/02 W32.Molim@mm File infector 09/23/02 W32.Opaserv.Worm File infector 09/30/02 W32.Osapex File infector 10/02/02 W32.Ramlide File infector 10/01/02 W32.Sand.6144 File infector 10/02/02 W95.Epoxy File infector 10/02/02 W97M.Furio.B File infector 09/30/02 W97M.Pane File infector 10/07/02 W97M.Tractor.Trojan File infector 09/13/02 Worm.Automat.AGV File infector 10/07/02 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- VBS.Chick.H@mm File infector 10/07/02 VBS.Indra.B@mm File infector 10/07/02 W32.HLLO.Samand File infector 10/07/02 W97M.Pane File infector 10/07/02 Worm.Automat.AGV File infector 10/07/02 Backdoor.DarkSky.B File infector 10/03/02 Backdoor.Pestdoor File infector 10/03/02 BAT.Without.C@mm File infector 10/02/02 FreeBSD.Rootkit File infector 10/02/02 IRC.Pelic.Worm File infector 10/02/02 W32.Binghe File infector 10/02/02 W32.Elet File infector 10/02/02 W32.Enert File infector 10/02/02 W32.Gillich.Mirc File infector 10/02/02 W32.HLLP.Flate.F File infector 10/02/02 W32.HLLP.Ipamor File infector 10/02/02 W32.Juejue File infector 10/02/02 W32.Lovit File infector 10/02/02 W32.Osapex File infector 10/02/02 W32.Sand.6144 File infector 10/02/02 W95.Epoxy File infector 10/02/02 Linux.Slapper.D File infector 10/01/02 W32.HLLP.Flate.D File infector 10/01/02 W32.Ramlide File infector 10/01/02 Backdoor.FTP_Ana.B File infector 09/30/02 Backdoor.Goster File infector 09/30/02 W32.Bugbear@mm File infector 09/30/02 W32.Opaserv.Worm File infector 09/30/02 W97M.Furio.B File infector 09/30/02 Backdoor.Elitem File infector 09/27/02 VBS.Corica@mm File infector 09/27/02 W32.Cazinat@mm File infector 09/27/02 W32.Cianam.Worm File infector 09/27/02 W32.HLLW.Kazdot File infector 09/27/02 Backdoor.Kaitex.B File infector 09/25/02 Backdoor.Pest.Cli File infector 09/25/02 HTML.Reality.D File infector 09/25/02 PWSteal.BStroj File infector 09/25/02 Trojan.JaneBoot File infector 09/25/02 Trojan.WinReboot File infector 09/25/02 Backdoor.OptixPro.11 File infector 09/24/02 Backdoor.RMFDoor.Cli File infector 09/24/02 W32.Ameter@m File infector 09/24/02 W32.Appix.B.Worm File infector 09/24/02 W32.Hobble@mm File infector 09/24/02 Backdoor.Armageddon.B File infector 09/23/02 Backdoor.F3bot File infector 09/23/02 Backdoor.Litmus.2a File infector 09/23/02 Backdoor.Roxrat.10 File infector 09/23/02 Bin.Auto.CAP File infector 09/23/02 Linux.Dup.Trojan File infector 09/23/02 W32.HLLW.Kazspre File infector 09/23/02 W32.Molim@mm File infector 09/23/02 Backdoor.DarkFtp File infector 09/20/02 Trojan.Diskfil File infector 09/20/02 W32.Frethem.R File infector 09/20/02 PHP.Appix File infector 09/19/02 Trojan.PSW.Ajim_bbs File infector 09/19/02 VBS.Deev@mm File infector 09/19/02 W32.Alpoor.6144 File infector 09/19/02 W32.Deev@mm File infector 09/19/02 W32.HLLW.Tefuss File infector 09/19/02 Trojan.Avid File infector 09/18/02 Trojan.Imiserv File infector 09/18/02 VBS.Deltad.A@mm File infector 09/18/02 W32.Deltad.A@mm File infector 09/18/02 W32.HLLW.Dax File infector 09/18/02 Backdoor.Dumba File infector 09/17/02 VBS.Ednav.B@mm File infector 09/17/02 W32.Appix.Worm File infector 09/17/02 W32.Archimime File infector 09/17/02 W32.Duksten@mm File infector 09/17/02 W32.Indor File infector 09/17/02 Backdoor.Phoenix File infector 09/16/02 Linux.Slapper.Worm File infector 09/16/02 VBS.Melhack.B File infector 09/16/02 W32.Efno.Worm File infector 09/16/02 W32.HLLP.Zwqq File infector 09/16/02 W32.HLLW.Kazkaz File infector 09/16/02 Trojan.Adclicker File infector 09/13/02 W32.Jonbarr@mm File infector 09/13/02 W97M.Tractor.Trojan File infector 09/13/02 Backdoor.Helios File infector 09/12/02 TSQL.Viroom File infector 09/12/02 Trojan.IrcBounce File infector 09/12/02 BAT.Trilissa@mm File infector 09/11/02 Backdoor.FunFactory File infector 09/11/02 Backdoor.Sparta.B File infector 09/11/02 Backdoor.Zenmaster File infector 09/11/02 Trojan.FireAnvil File infector 09/11/02 W32.Chet@mm File infector 09/11/02 Backdoor.AntiLam.20 File infector 09/10/02 Backdoor.ConstructKit File infector 09/10/02 Backdoor.Cyn File infector 09/10/02 Backdoor.Optix.04 File infector 09/10/02 Backdoor.OptixPro.12 File infector 09/10/02 Backdoor.RCServ File infector 09/10/02 Backdoor.Sequel File infector 09/10/02 HLLP.Bishop.20251 File infector 09/10/02 HLLP.Cyb.8197 File infector 09/10/02 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ BAT.IKol to BAT.Ikol 08/29/02 Backdoor.CrazyNet to Backdoor.Crazynet 07/12/02 Backdoor.Dumba to Trojan.Dumba 09/23/02 Backdoor.Fragglerock to Backdoor.Fraggle 07/16/02 Backdoor.MoSuck to Backdoor.Mosuck 08/14/02 Backdoor.MoSuck.dr to Backdoor.Mosuck.dr 08/15/02 Backdoor.NDad to Backdoor.Ndad 08/14/02 Backdoor.TheefLE to Backdoor.Theef 07/12/02 Bat.Natay to Bat.Natay@mm 08/13/02 Bin.Auto.AZL to PS-MPC.535.B 09/13/02 Bloodhound.W32.NN1 to Bloodhound.W32.2 07/09/02 Bloodhound.W32.NN2 to Bloodhound.W32.3 07/09/02 Bloodhound.W32.WH1 to Bloodhound.W32.1 07/09/02 Boot.Wyx.c to Wyx.C (b) 08/12/02 HLLC.HappyFlowers to W32.HLLC.Happylow 09/11/02 IRC.Pelic.Worm to VBS.Pelic.Worm 10/02/02 IRC.kierz to IRC.Kierz 08/05/02 MSN.Trojan to Bneo.Trojan 08/26/02 Perl.Abuser to Unix.Abuser 09/04/02 Perl.Klizan to Unix.Klizan 09/04/02 Perl.Molus to Unix.Molus 09/04/02 Trojan.Imiserv to Backdoor.Imiserv 09/19/02 Trojan.MagicCall to W32.MagicCall 09/06/02 Trojan.SharesEnable to Trojan.Sharnable 08/12/02 VBS.IKol to BAT.IKol 08/28/02 VBS.Natay@mm to VBS.Natay 08/13/02 VBS.Patch@mm to VBS.Slip.C@mm 07/09/02 VBS.Phram.D to VBS.Phram.D.Int 08/21/02 VBS.Thambl to VBS.Lavra.B.Worm 09/12/02 W32.Alcarys.H to W32.HLLP.Flate 09/11/02 W32.Alien.Worm to W32.Winfig.Gen 07/23/02 W32.Alpoor.6144 to W32.HLLP.Alpoor 09/20/02 W32.Benf@mm to Trojan.Benfgame 08/26/02 W32.Efno.Worm to W32.HLLW.Efno 09/16/02 W32.Fcoder to W32.HLLC.Fcoder 08/22/02 W32.HLLP.Alpoor to W32.HLLP.Flate.C 09/25/02 W32.HLLW.Dejas to W32.Hunch.E@mm 08/22/02 W32.HLLW.Quin to W32.Quin.Irc 09/03/02 W32.HLLW.Spear to W32.HLLW.Yoohoo.C 08/27/02 W32.Kitro.D.int to W32.Kitro.D.Worm 07/09/02 W32.Kitty.Worm to W32.Supova.Worm 07/12/02 W32.Liac@mm to W32.Liac.A@mm 07/09/02 W32.Mortag.Worm to W32.Mortag 08/14/02 W32.Nios.14292 to W32.Golsys.14292 08/15/02 W32.Niqim to W32.HLLW.Lama.C 08/27/02 W32.Stayrina.Worm to W32.Stayrina 09/06/02 W32.Ultimax.Worm to W32.HLLW.Ultimax 07/18/02 W32.Vig.Worm to W32.HLLW.Vig 08/22/02 W32.Walcomp to W32.HLLC.Happylow 09/13/02 W32.Warcraft to W32.Evala.Worm 07/12/02 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ IRC.Pelic.Worm to VBS.Pelic.Worm 10/02/02 W32.HLLP.Alpoor to W32.HLLP.Flate.C 09/25/02 Backdoor.Dumba to Trojan.Dumba 09/23/02 W32.Alpoor.6144 to W32.HLLP.Alpoor 09/20/02 Trojan.Imiserv to Backdoor.Imiserv 09/19/02 W32.Efno.Worm to W32.HLLW.Efno 09/16/02 Bin.Auto.AZL to PS-MPC.535.B 09/13/02 W32.Walcomp to W32.HLLC.Happylow 09/13/02 VBS.Thambl to VBS.Lavra.B.Worm 09/12/02 HLLC.HappyFlowers to W32.HLLC.Happylow 09/11/02 W32.Alcarys.H to W32.HLLP.Flate 09/11/02 Trojan.MagicCall to W32.MagicCall 09/06/02 W32.Stayrina.Worm to W32.Stayrina 09/06/02 Perl.Abuser to Unix.Abuser 09/04/02 Perl.Klizan to Unix.Klizan 09/04/02 Perl.Molus to Unix.Molus 09/04/02 W32.HLLW.Quin to W32.Quin.Irc 09/03/02 BAT.IKol to BAT.Ikol 08/29/02 VBS.IKol to BAT.IKol 08/28/02 W32.HLLW.Spear to W32.HLLW.Yoohoo.C 08/27/02 W32.Niqim to W32.HLLW.Lama.C 08/27/02 MSN.Trojan to Bneo.Trojan 08/26/02 W32.Benf@mm to Trojan.Benfgame 08/26/02 W32.Fcoder to W32.HLLC.Fcoder 08/22/02 W32.HLLW.Dejas to W32.Hunch.E@mm 08/22/02 W32.Vig.Worm to W32.HLLW.Vig 08/22/02 VBS.Phram.D to VBS.Phram.D.Int 08/21/02 Backdoor.MoSuck.dr to Backdoor.Mosuck.dr 08/15/02 W32.Nios.14292 to W32.Golsys.14292 08/15/02 Backdoor.MoSuck to Backdoor.Mosuck 08/14/02 Backdoor.NDad to Backdoor.Ndad 08/14/02 W32.Mortag.Worm to W32.Mortag 08/14/02 Bat.Natay to Bat.Natay@mm 08/13/02 VBS.Natay@mm to VBS.Natay 08/13/02 Boot.Wyx.c to Wyx.C (b) 08/12/02 Trojan.SharesEnable to Trojan.Sharnable 08/12/02 IRC.kierz to IRC.Kierz 08/05/02 W32.Alien.Worm to W32.Winfig.Gen 07/23/02 W32.Ultimax.Worm to W32.HLLW.Ultimax 07/18/02 Backdoor.Fragglerock to Backdoor.Fraggle 07/16/02 Backdoor.CrazyNet to Backdoor.Crazynet 07/12/02 Backdoor.TheefLE to Backdoor.Theef 07/12/02 W32.Kitty.Worm to W32.Supova.Worm 07/12/02 W32.Warcraft to W32.Evala.Worm 07/12/02 Bloodhound.W32.NN1 to Bloodhound.W32.2 07/09/02 Bloodhound.W32.NN2 to Bloodhound.W32.3 07/09/02 Bloodhound.W32.WH1 to Bloodhound.W32.1 07/09/02 VBS.Patch@mm to VBS.Slip.C@mm 07/09/02 W32.Kitro.D.int to W32.Kitro.D.Worm 07/09/02 W32.Liac@mm to W32.Liac.A@mm 07/09/02 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Acurev.272 File infector 06/10/02 Acurev.536 File infector 06/10/02 Adios.601 File infector 06/10/02 Adit.1210 File infector 06/10/02 Akuku.886 File infector 06/10/02 Akuku.886.E File infector 06/10/02 AntiPascal.400.D File infector 06/10/02 Antilamer.Trojan File infector 06/10/02 Apulia.17584 File infector 06/10/02 Bin.Auto.BZV File infector 09/06/02 Bloodhound.W32.NN1 File infector 06/11/02 Bloodhound.W32.NN2 File infector 06/11/02 Gutter.1855 File infector 09/06/02 JS.WindowBomb File infector 09/26/02 Joke.JS.Alert File infector 06/11/02 Pedophilia Trojan File infector 07/08/02 W32.HLLC.Happylow File infector 09/13/02 W32.Prato File infector 08/22/02 W32.Winfig.Gen File infector 07/23/02 Ydaerla File infector 06/11/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ JS.WindowBomb File infector 09/26/02 W32.HLLC.Happylow File infector 09/13/02 Bin.Auto.BZV File infector 09/06/02 Gutter.1855 File infector 09/06/02 W32.Prato File infector 08/22/02 W32.Winfig.Gen File infector 07/23/02 Pedophilia Trojan File infector 07/08/02 Bloodhound.W32.NN1 File infector 06/11/02 Bloodhound.W32.NN2 File infector 06/11/02 Joke.JS.Alert File infector 06/11/02 Ydaerla File infector 06/11/02 Acurev.272 File infector 06/10/02 Acurev.536 File infector 06/10/02 Adios.601 File infector 06/10/02 Adit.1210 File infector 06/10/02 Akuku.886 File infector 06/10/02 Akuku.886.E File infector 06/10/02 AntiPascal.400.D File infector 06/10/02 Antilamer.Trojan File infector 06/10/02 Apulia.17584 File infector 06/10/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.