home *** CD-ROM | disk | FTP | other *** search
/ Chip 2001 January / chipcd20010102.iso / software / office / nav2001 / VirusDef / WHATSNEW.TXT < prev    next >
Encoding:
Text File  |  2000-12-10  |  17.1 KB  |  320 lines
  1. **********************************************************************
  2. **                                                                  **
  3. **  What's New in the NAV Virus Definitions Files      WHATSNEW.TXT **
  4. **                                                                  **
  5. **  Symantec AntiVirus Research Center (SARC)          July 12,2000 **
  6. **                                                                  **
  7. **********************************************************************
  8. This document contains the following topics:
  9.  
  10.  * Virus Alerts
  11.  * New Technologies
  12.  * Changes Incorporated Into This Update
  13.  * Enabling Scanning Features
  14.  * Additional Information
  15.  
  16. **********************************************************************
  17. ** Virus Alerts                                                     **
  18. **********************************************************************
  19. VBS.LoveLetter, a new worm which has been wide-spread since May 4th,
  20. is detected by this definition set.  
  21.  
  22. The ten most commonly reported viruses, worldwide:
  23.  
  24.     1  VBS.LoveLetter.A
  25.     2  WScript.KakWorm
  26.     3  VBS.Network
  27.     4  W95.CIH
  28.     5  Happy99.Worm
  29.     6  Worm.ExploreZip
  30.     7  W97M.ColdApe
  31.     8  W97M.Ethan
  32.     9  W97M.Melissa
  33.    10  WM.Cap
  34.  
  35. **********************************************************************
  36. ** New Technologies                                                 **
  37. **********************************************************************
  38.  
  39. DATE         Technologies Added
  40. ----         ------------------
  41. 8/19/98    * Excel heuristics which detect and repair new and unknown
  42.              macro viruses in Excel 95 & 97 documents.
  43.  
  44. 9/16/98    * Added repair for encrypted Excel 97 documents.
  45.  
  46. 10/21/98   * Heuristics to detect AOL Password Stealer Trojans.
  47.            * WORD Heuristics improvement to increase detection rate.
  48.  
  49. 12/17/98   * Macro Exclusion Engine to speed up the scanning for Word
  50.              and Excel documents.
  51.            * PowerPoint engine to scan PowerPoint related viruses.
  52.              To enable this technology please read "Enabling/Disabling
  53.              PowerPoint Scanning" section later in this document.
  54.  
  55. 02/18/99   * Detection and repair of macro viruses in Word and Excel
  56.              2000 documents.
  57.  
  58. 05/15/99   * Added repair for PowerPoint viruses.
  59.            * Improved heuristics to detect more WORD 97 related
  60.              viruses.
  61.  
  62. 06/10/99   * Menu repair technology for WORD macro viruses that change
  63.              command bar customizations in NORMAL.DOT.
  64.  
  65. 07/12/99   * Added support for scanning of Ichitaro 8/9 documents.
  66.              (Ichitaro is a Japanese word processing program).
  67.  
  68. 08/19/99   * Added detection and repair for embedded documents inside
  69.              PowerPoint 97.
  70.  
  71. 11/22/99   * Added detection and repair for Trojans embedded in OLE
  72.              files, such as Windows scrap files and MS Office
  73.              documents.
  74.            * Added detection for viruses which infect Microsoft
  75.              Project documents (P98M.Corner.A, for example).
  76.  
  77. 02/10/00   * Added support for scanning of UNIX executables.
  78.            * Added detection for infected Visio documents.
  79.  
  80. **********************************************************************
  81. ** Changes Incorporated Into This Virus Definitions Update          **
  82. **********************************************************************
  83. New virus definitions:
  84.  
  85.         Virus Name                Infection Type          Week added
  86.         ----------                --------------          ----------
  87.         BAT.Rhapsody              File infector            06/22/00
  88.         BackOrifice2k.Cfg         File infector            06/12/00
  89.         Backdoor.Admire           File infector            06/22/00
  90.         Backdoor.DGS              File infector            07/12/00
  91.         Backdoor.DGSDrop          File infector            07/12/00
  92.         Backdoor.DU               File infector            06/12/00
  93.         Backdoor.Explorer32       File infector            06/22/00
  94.         Backdoor.Fof              File infector            06/12/00
  95.         Backdoor.GateCrasher      File infector            06/12/00
  96.         Backdoor.ICQ.Syphillis    File infector            06/12/00
  97.         Backdoor.Millenium        File infector            06/22/00
  98.         Backdoor.NSSX             File infector            06/29/00
  99.         Backdoor.NetBus.svr       File infector            06/12/00
  100.         Backdoor.Netbus.cli       File infector            06/29/00
  101.         Backdoor.Netbus.drop      File infector            06/12/00
  102.         Backdoor.OneTime          File infector            06/22/00
  103.         Backdoor.Onliner          File infector            06/12/00
  104.         Backdoor.Rat.Client       File infector            06/29/00
  105.         Backdoor.Satan            File infector            06/12/00
  106.         Backdoor.Silence          File infector            06/12/00
  107.         Backdoor.WinMap           File infector            06/22/00
  108.         Backdoor.WinMapClient     File infector            06/22/00
  109.         Crash.Trojan              File infector            06/22/00
  110.         Dummr.Trojan              File infector            07/12/00
  111.         HLP.Dream                 File infector            06/12/00
  112.         HTML.StartMe              File infector            06/12/00
  113.         ICQ.Trojan                File infector            06/22/00
  114.         INI.Aphex                 File infector            06/12/00
  115.         IRC.SRVCP.Trojan          File infector            06/29/00
  116.         IRC.Trojan.Fabio          File infector            06/22/00
  117.         Ini.Scrambler             File infector            06/12/00
  118.         JS.Aphex                  File infector            06/12/00
  119.         KillMe.1997               File infector            07/12/00
  120.         KillMe.1997 (x)           File infector            07/12/00
  121.         KillMe.1997 (x1)          File infector            07/12/00
  122.         O97M.SweetestThing        File infector            07/12/00
  123.         PP97M.Scene               File infector            07/12/00
  124.         PWSteal.Winup             File infector            06/12/00
  125.         Serbian.Trojan            File infector            06/12/00
  126.         Shnaz.Trojan.A            File infector            06/22/00
  127.         Simpsons.Trojan           File infector            06/22/00
  128.         SubSeven.B                File infector            07/12/00
  129.         TD.1536.B                 File infector            06/12/00
  130.         TD.1536.B (2)             File infector            06/12/00
  131.         Trojan.Nariz              File infector            06/22/00
  132.         Trojan.Smile              File infector            06/22/00
  133.         VBS.Aphex                 File infector            06/12/00
  134.         VBS.Independence          File infector            06/29/00
  135.         VBS.Jer(htm)              File infector            07/12/00
  136.         VBS.Jer(htm) (2)          File infector            07/12/00
  137.         VBS.Jer(htm) (3)          File infector            07/12/00
  138.         VBS.Osterhase             File infector            06/29/00
  139.         VBS.Plan.A                File infector            06/12/00
  140.         VBS.Stages                File infector            06/16/00
  141.         VBS.Timofonica            File infector            06/12/00
  142.         VCL.Viral_Mess.(enc)      File infector            07/12/00
  143.         W32.Dilber.Worm           File infector            07/12/00
  144.         W32.Dream                 File infector            06/12/00
  145.         W32.Gara.Dr               File infector            07/12/00
  146.         W32.HLLO.Job.22528        File infector            06/12/00
  147.         W32.HLLP.Semisoft.H       File infector            07/12/00
  148.         W32.HLLP.Semisoft.I       File infector            07/12/00
  149.         W32.HLLW.Tress            File infector            06/22/00
  150.         W32.Henky.8888            File infector            06/29/00
  151.         W32.Knight.2350           File infector            06/22/00
  152.         W32.Mypics.B.Worm         File infector            07/12/00
  153.         W32.Mypics.Worm (zip)     File infector            07/12/00
  154.         W32.Mypics.Worm (zip2)    File infector            07/12/00
  155.         W32.NHKR.A.Worm           File infector            07/12/00
  156.         W32.NHKR.B.Worm           File infector            07/12/00
  157.         W32.Pokey.Worm            File infector            06/22/00
  158.         W32.RainSong.3925         File infector            06/29/00
  159.         W32.Silver.B.Mirc         File infector            06/12/00
  160.         W32.TheSpy.A.Mirc         File infector            06/12/00
  161.         W32.TheSpy.B.Mirc         File infector            06/12/00
  162.         W32.Wolf.4096.A           File infector            07/12/00
  163.         W95.Alpha.842             File infector            06/29/00
  164.         W95.FYS.1728.Int          File infector            06/12/00
  165.         W95.Hooy.8192             File infector            06/12/00
  166.         W95.Hooy.8192.Dr          File infector            06/12/00
  167.         W95.I13.12288.B.Int       File infector            07/12/00
  168.         W95.Merinos.1849          File infector            07/12/00
  169.         W95.NB.Worm               File infector            06/12/00
  170.         W95.Smash (SYS)           File infector            06/22/00
  171.         W95.Zomb.Gen              File infector            07/12/00
  172.         W95.Zperm.A               File infector            06/22/00
  173.         W95.Zperm.A.Dr            File infector            07/12/00
  174.         W95.Zperm.B               File infector            06/22/00
  175.         W95.Zperm.B.Dr            File infector            07/12/00
  176.         W97M.Aleja5.Remnants      File infector            07/12/00
  177.         W97M.Bablas.AD            File infector            06/22/00
  178.         W97M.Bablas.AE            File infector            06/29/00
  179.         W97M.Bablas.AF            File infector            06/29/00
  180.         W97M.Bablas.AG            File infector            07/12/00
  181.         W97M.Bablas.AH            File infector            07/12/00
  182.         W97M.Bablas.AI            File infector            07/12/00
  183.         W97M.Bablas.int           File infector            06/29/00
  184.         W97M.Barras               File infector            07/12/00
  185.         W97M.Beth.A               File infector            06/12/00
  186.         W97M.Bobo                 File infector            07/12/00
  187.         W97M.Bobo.int             File infector            06/22/00
  188.         W97M.Contec.A             File infector            07/12/00
  189.         W97M.DIVI.I               File infector            06/22/00
  190.         W97M.Eight941.K           File infector            06/22/00
  191.         W97M.Goober.C             File infector            06/29/00
  192.         W97M.Homer                File infector            06/12/00
  193.         W97M.Marker.BO            File infector            06/12/00
  194.         W97M.Marker.BX            File infector            06/22/00
  195.         W97M.Marker.EF            File infector            07/12/00
  196.         W97M.Michael              File infector            07/12/00
  197.         W97M.NSI.B                File infector            06/12/00
  198.         W97M.Nova.E               File infector            06/29/00
  199.         W97M.Odious.C             File infector            06/29/00
  200.         W97M.Passbox.I            File infector            06/22/00
  201.         W97M.Relax                File infector            06/29/00
  202.         W97M.Service.B            File infector            06/22/00
  203.         W97M.Shepmah.B            File infector            06/22/00
  204.         W97M.Sherlock             File infector            06/22/00
  205.         W97M.Smaller.A            File infector            06/12/00
  206.         W97M.Stealth.A            File infector            06/29/00
  207.         W97M.Surround.Varian      File infector            06/19/00
  208.         W97M.Thus.AB              File infector            07/12/00
  209.         W97M.Thus.X               File infector            06/22/00
  210.         W97M.Thus.Y               File infector            06/22/00
  211.         W97M.Thus.Z               File infector            07/12/00
  212.         W97M.Tips.A               File infector            07/12/00
  213.         W97M.Trap                 File infector            06/29/00
  214.         W97M.VMPCK1.AY            File infector            07/12/00
  215.         W97M.VMPCK1.BZ            File infector            07/12/00
  216.         W97M.VMPCK1.DI            File infector            06/12/00
  217.         W97M.VMPCK1.DK            File infector            06/22/00
  218.         W97M.VMPCK1.DL            File infector            06/29/00
  219.         Win.HLLP.Sector           File infector            06/12/00
  220.         Win.HLLP.Sector.Gen       File infector            06/12/00
  221.         Win.Pada.B.Int            File infector            06/12/00
  222.         Worms.Trojan.Intended     File infector            06/12/00
  223.         X97M.DIVI.J               File infector            06/22/00
  224.         X97M.DIVI.K               File infector            06/22/00
  225.         X97M.Divi.L               File infector            07/12/00
  226.         X97M.Hongo.B              File infector            06/22/00
  227.         X97M.Looksn.B             File infector            07/12/00
  228.         X97M.Manalo.I             File infector            06/22/00
  229.         X97M.Obvious.A            File infector            06/29/00
  230.         X97M.Toraja.C             File infector            06/12/00
  231.         XM.Laroux.TV              File infector            06/29/00
  232.         XM.SlimCow.A              File infector            06/29/00
  233.  
  234.  
  235. Name Changes:
  236.  
  237.         Old Virus Name            New Virus Name          Date changed
  238.         --------------            --------------          ------------
  239.         W95.Fosforo.Int        to W95.Fosforo             06/22/00
  240.         W97M.Aquil             to W97M.Heels.B            06/22/00
  241.         W95.Rinim.431          to W95.Rinim.Gen           07/12/00
  242.  
  243. Deletions:
  244.  
  245.         Virus Name                Infection Type          Date removed
  246.         ----------                --------------          ------------
  247.  
  248.  
  249. **********************************************************************
  250. **  Enabling Scanning Features                                      **
  251. **********************************************************************
  252.  
  253. Several scanning features can be enabled through the use of an INF 
  254. configuration file.  For NAV for Windows 95/NT version 4.x and later, 
  255. or NAV for OS/2, this configuration file should be called NAVEX15.INF
  256. and should be placed in the directory where NAV is installed (i.e.,
  257. C:\Program Files\Norton AntiVirus).  For NAV for Netware version 4.x,
  258. the file should be called NAVEX15.INF and should be placed in the 
  259. directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
  260. NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
  261. NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
  262. should be placed in the directory where NAV is installed (i.e., C:\NAV).
  263. If this configuration file does not exist, create one in the appropriate
  264. directory if you want to change the default settings.
  265.  
  266. To enable a scanning feature for a particular component, one or more 
  267. entries need to be added to the configuration file under the correct
  268. section.  For each platform there is a corresponding section that is used 
  269. in the INF file.  Below is a table of section names and platforms.
  270.  
  271. Section Name    Platform
  272. ------------    --------
  273. NAVW32          Windows 95/98/NT
  274. NAVAP           Windows 95/98/NT Auto-Protect
  275. NAVDX           DOS
  276. NAVNLM          Netware
  277. NAVWIN          Windows 3.1
  278. NAVOS2          OS/2
  279. NAVAIX          AIX
  280. NAVSOL          Solaris
  281.  
  282. Entries are case insensitive.  Below is a description of possible 
  283. entries.
  284.  
  285. 1. Files can be excluded from scans by the NAVEX engine.  To exclude a
  286. specific file from the NAVEX engine scan, add an entry with the full
  287. path and file name.  This is case insensitive.  No wildcards are allowed.
  288. To exclude multiple files, add a separate entry for each file.  To exclude
  289. a file, add an entry like the one below where <PATH> is the full path
  290. and file name.
  291.         ExcludeFile = <PATH>
  292.  
  293. 2. Files within a directory can be excluded from scans by the NAVEX engine.
  294. To exclude all files within a directory, add an entry with the full 
  295. directory path.  This is case insensitive.  No wildcards are allowed.  This
  296. does not exclude files located in subdirectories of the specified 
  297. directory.  To exclude multiple directories, add a separate entry for each
  298. directory. To exclude a directory, add an entry like the one below where
  299. <DIRECTORY> is the full path.
  300.         ExcludeDirectory = <DIRECTORY>
  301.  
  302. The following example of an INF configuration file excludes two files, 
  303. NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT 
  304. scanner.  It excludes the D:\PRIVATE directory from Windows 95/98/NT 
  305. Auto-Protect.
  306.  
  307. [NAVW32]
  308. ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
  309. ExcludeFile = C:\TEMP\BIGFILE.DOC
  310.  
  311. [NAVAP]
  312. ExcludeDirectory = D:\PRIVATE
  313.  
  314. **********************************************************************
  315. **    Additional Information                                        **
  316. **********************************************************************
  317.  
  318. Additional information regarding this virus definitions update can be
  319. found in UPDATE.TXT and TECHNOTE.TXT.
  320.