********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response August 19, 2002 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W32.Klez.H@mm 2 W32.Nimda.A@mm 3 W32.Klez.E@mm 4 W32.Nimda.E@mm 5 W95.Hybris.worm 6 Trojan Horse 7 W32.Magistr.39921@mm 8 Backdoor.Trojan 9 JS.Seeker 10 W32.Badtrans.B@mm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/15/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). 08/19/99 * Added detection and repair for embedded documents inside PowerPoint 97. 11/22/99 * Added detection and repair for Trojans embedded in OLE files, such as Windows scrap files and MS Office documents. * Added detection for viruses which infect Microsoft Project documents (P98M.Corner.A, for example). 02/10/00 * Added support for scanning of UNIX executables. * Added detection for infected Visio documents. 12/18/00 * Added heuristics for for 32-bit Windows viruses. * Added a script scanner which increases our capabilities for detecting script based threats. 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- AntiPascal.440 File infector 08/12/02 BAT.Etimolod.A File infector 08/09/02 BAT.Eversaw.B@mm File infector 08/08/02 BAT.Krazyb.A@mm File infector 08/08/02 BAT.Razpi.Int File infector 08/12/02 BW.Cyber.628 File infector 08/12/02 Backdoor.Delf.B File infector 08/09/02 Backdoor.Delf.C File infector 08/13/02 Backdoor.Ducktoy File infector 08/08/02 Backdoor.Fearic File infector 08/08/02 Backdoor.Fearic.Cli File infector 08/08/02 Backdoor.Gholame File infector 08/14/02 Backdoor.Kavar File infector 08/09/02 Backdoor.MoSuck File infector 08/13/02 Backdoor.MoSuck.dr File infector 08/14/02 Backdoor.Mosuck File infector 08/16/02 Backdoor.Mosuck.dr File infector 08/16/02 Backdoor.NDad File infector 08/13/02 Backdoor.Ndad File infector 08/16/02 Backdoor.Osirdoor File infector 08/12/02 Backdoor.Tela File infector 08/15/02 Bat.Natay File infector 08/12/02 Bat.Natay@mm File infector 08/16/02 Chad.749 File infector 08/12/02 Cluster.282 File infector 08/12/02 Cmos.1536 File infector 08/12/02 Diffusion.347 File infector 08/13/02 Freedom.870 File infector 08/12/02 Grog.500 File infector 08/12/02 HLLC.5056 File infector 08/12/02 HLLC.Dred.6416 File infector 08/12/02 HLLC.Energy.6480 File infector 08/12/02 HLLC.Imp.6080 File infector 08/12/02 HLLC.TPPE.13936 File infector 08/12/02 HLLO.Coderz.7904 File infector 08/12/02 HLLP.5546 File infector 08/13/02 HLLP.CoolHaz.9024 File infector 08/12/02 HLLP.XEP.5532 File infector 08/08/02 HLLW.Naston.19044 File infector 08/12/02 IIS.Beavuh-Exploit File infector 08/16/02 IRC.Kierz File infector 08/08/02 Jerusalem.1536 File infector 08/12/02 Jerusalem.Enigma.1664 File infector 08/12/02 Lockjaw.1046 File infector 08/08/02 Netbus.160.dropper File infector 08/15/02 Nosnam.409.B File infector 08/12/02 PWSteal.Kaylo File infector 08/09/02 PWSteal.Netsnake File infector 08/13/02 PWSteal.Profman File infector 08/09/02 Pilce Boot infector 08/08/02 Predator.1020 File infector 08/12/02 Prophecy.Worm File infector 08/09/02 RPME.737 File infector 08/12/02 SillyE.311 File infector 08/12/02 Slow.1721 File infector 08/14/02 Stalker.gen File infector 08/12/02 Strange Boot infector 08/12/02 Sysex.286 File infector 08/12/02 Tricks.gen File infector 08/12/02 Trinity.499 File infector 08/12/02 Trivial.196 File infector 08/12/02 Trivial.205 File infector 08/12/02 Trivial.348 File infector 08/12/02 Trivial.386 File infector 08/12/02 Trivial.390 File infector 08/12/02 Trivial.94 File infector 08/12/02 Trivial.Lifl.101 File infector 08/09/02 Trojan.Adnap File infector 08/19/02 Trojan.Crabox File infector 08/14/02 Trojan.Diga.253 File infector 08/12/02 Trojan.MSNTrick File infector 08/19/02 Trojan.Pandora File infector 08/08/02 Trojan.Portocopo:br File infector 08/09/02 Trojan.Ring0.B File infector 08/08/02 Trojan.SharesEnable File infector 08/08/02 Unix.Tvar File infector 08/08/02 VBS.AlcaPapa File infector 08/08/02 VBS.Camire.Int File infector 08/12/02 VBS.CokeBoy File infector 08/08/02 VBS.Exclam File infector 08/14/02 VBS.Falling File infector 08/14/02 VBS.Natay File infector 08/16/02 VBS.Natay@mm File infector 08/12/02 VBS.Netlog.H File infector 08/14/02 VBS.Nivag.Int File infector 08/14/02 VBS.Phram.D File infector 08/14/02 VBS.Rabfu File infector 08/14/02 VBS.Razhitt.Int File infector 08/12/02 VBS.Shine.C.Int File infector 08/14/02 VCL_MUT.845 File infector 08/12/02 Voyager.318 File infector 08/13/02 W32.Golsys.14292 File infector 08/16/02 W32.Mortag File infector 08/16/02 W32.Mortag.Worm File infector 08/13/02 W32.Nios.14292 File infector 08/14/02 W97M.Byboom.A File infector 08/16/02 W97M.Maike File infector 08/19/02 Win.Winlamer.1734 File infector 08/12/02 XM.Laroux.ST File infector 08/09/02 ZMmT.346 File infector 08/12/02 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Trojan.Adnap File infector 08/19/02 Trojan.MSNTrick File infector 08/19/02 W97M.Maike File infector 08/19/02 Backdoor.Mosuck File infector 08/16/02 Backdoor.Mosuck.dr File infector 08/16/02 Backdoor.Ndad File infector 08/16/02 Bat.Natay@mm File infector 08/16/02 IIS.Beavuh-Exploit File infector 08/16/02 VBS.Natay File infector 08/16/02 W32.Golsys.14292 File infector 08/16/02 W32.Mortag File infector 08/16/02 W97M.Byboom.A File infector 08/16/02 Backdoor.Tela File infector 08/15/02 Netbus.160.dropper File infector 08/15/02 Backdoor.Gholame File infector 08/14/02 Backdoor.MoSuck.dr File infector 08/14/02 Slow.1721 File infector 08/14/02 Trojan.Crabox File infector 08/14/02 VBS.Exclam File infector 08/14/02 VBS.Falling File infector 08/14/02 VBS.Netlog.H File infector 08/14/02 VBS.Nivag.Int File infector 08/14/02 VBS.Phram.D File infector 08/14/02 VBS.Rabfu File infector 08/14/02 VBS.Shine.C.Int File infector 08/14/02 W32.Nios.14292 File infector 08/14/02 Backdoor.Delf.C File infector 08/13/02 Backdoor.MoSuck File infector 08/13/02 Backdoor.NDad File infector 08/13/02 Diffusion.347 File infector 08/13/02 HLLP.5546 File infector 08/13/02 PWSteal.Netsnake File infector 08/13/02 Voyager.318 File infector 08/13/02 W32.Mortag.Worm File infector 08/13/02 AntiPascal.440 File infector 08/12/02 BAT.Razpi.Int File infector 08/12/02 BW.Cyber.628 File infector 08/12/02 Backdoor.Osirdoor File infector 08/12/02 Bat.Natay File infector 08/12/02 Chad.749 File infector 08/12/02 Cluster.282 File infector 08/12/02 Cmos.1536 File infector 08/12/02 Freedom.870 File infector 08/12/02 Grog.500 File infector 08/12/02 HLLC.5056 File infector 08/12/02 HLLC.Dred.6416 File infector 08/12/02 HLLC.Energy.6480 File infector 08/12/02 HLLC.Imp.6080 File infector 08/12/02 HLLC.TPPE.13936 File infector 08/12/02 HLLO.Coderz.7904 File infector 08/12/02 HLLP.CoolHaz.9024 File infector 08/12/02 HLLW.Naston.19044 File infector 08/12/02 Jerusalem.1536 File infector 08/12/02 Jerusalem.Enigma.1664 File infector 08/12/02 Nosnam.409.B File infector 08/12/02 Predator.1020 File infector 08/12/02 RPME.737 File infector 08/12/02 SillyE.311 File infector 08/12/02 Stalker.gen File infector 08/12/02 Strange Boot infector 08/12/02 Sysex.286 File infector 08/12/02 Tricks.gen File infector 08/12/02 Trinity.499 File infector 08/12/02 Trivial.196 File infector 08/12/02 Trivial.205 File infector 08/12/02 Trivial.348 File infector 08/12/02 Trivial.386 File infector 08/12/02 Trivial.390 File infector 08/12/02 Trivial.94 File infector 08/12/02 Trojan.Diga.253 File infector 08/12/02 VBS.Camire.Int File infector 08/12/02 VBS.Natay@mm File infector 08/12/02 VBS.Razhitt.Int File infector 08/12/02 VCL_MUT.845 File infector 08/12/02 Win.Winlamer.1734 File infector 08/12/02 ZMmT.346 File infector 08/12/02 BAT.Etimolod.A File infector 08/09/02 Backdoor.Delf.B File infector 08/09/02 Backdoor.Kavar File infector 08/09/02 PWSteal.Kaylo File infector 08/09/02 PWSteal.Profman File infector 08/09/02 Prophecy.Worm File infector 08/09/02 Trivial.Lifl.101 File infector 08/09/02 Trojan.Portocopo:br File infector 08/09/02 XM.Laroux.ST File infector 08/09/02 BAT.Eversaw.B@mm File infector 08/08/02 BAT.Krazyb.A@mm File infector 08/08/02 Backdoor.Ducktoy File infector 08/08/02 Backdoor.Fearic File infector 08/08/02 Backdoor.Fearic.Cli File infector 08/08/02 HLLP.XEP.5532 File infector 08/08/02 IRC.Kierz File infector 08/08/02 Lockjaw.1046 File infector 08/08/02 Pilce Boot infector 08/08/02 Trojan.Pandora File infector 08/08/02 Trojan.Ring0.B File infector 08/08/02 Trojan.SharesEnable File infector 08/08/02 Unix.Tvar File infector 08/08/02 VBS.AlcaPapa File infector 08/08/02 VBS.CokeBoy File infector 08/08/02 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.CrazyNet to Backdoor.Crazynet 07/12/02 Backdoor.Fragglerock to Backdoor.Fraggle 07/16/02 Backdoor.Gspot to Backdoor.Spigot 06/18/02 Backdoor.Lithium to Backdoor.Lithium 06/13/02 Backdoor.Lithium to Backdoor.Lithium.B 06/13/02 Backdoor.MoSuck to Backdoor.Mosuck 08/14/02 Backdoor.MoSuck.dr to Backdoor.Mosuck.dr 08/15/02 Backdoor.NDad to Backdoor.Ndad 08/14/02 Backdoor.TheefLE to Backdoor.Theef 07/12/02 Bat.Natay to Bat.Natay@mm 08/13/02 Bloodhound.W32.NN1 to Bloodhound.W32.2 07/09/02 Bloodhound.W32.NN2 to Bloodhound.W32.3 07/09/02 Bloodhound.W32.Simple to Bloodhound.W32.WH1 06/10/02 Bloodhound.W32.WH1 to Bloodhound.W32.1 07/09/02 Bloodhound.W32.WH1 to Bloodhound.W32.Simple 06/11/02 Boot.Wyx.c to Wyx.C (b) 08/12/02 IRC.kierz to IRC.Kierz 08/05/02 Supervisor.1256 to Zak.1256 06/20/02 Supervisor.2906 to Zak.2906 06/20/02 Trojan.NetBuie.A to Trojan.Allclicks.A 06/18/02 Trojan.SharesEnable to Trojan.Sharnable 08/12/02 VBS.Bimorph@mm to VBS.Janis 06/10/02 VBS.Krim.B@m to VBS.Krim.B 06/18/02 VBS.Natay@mm to VBS.Natay 08/13/02 VBS.Patch@mm to VBS.Slip.C@mm 07/09/02 VBS.ZVM@mm to VBS.Bajar.B@mm 07/03/02 W32.Alien.Worm to W32.Winfig.Gen 07/23/02 W32.Duni.Worm to W32.Kitro.C.Worm 07/08/02 W32.Fakeweed.Worm to W32.Alcaul.Worm 07/08/02 W32.Gubed@mm to W32.Gubed.int 06/27/02 W32.Kiltro.Worm to W32.Kitro.A.Worm 07/08/02 W32.Kitro.D.int to W32.Kitro.D.Worm 07/09/02 W32.Kitty.Worm to W32.Supova.Worm 07/12/02 W32.Liac@mm to W32.Liac.A@mm 07/09/02 W32.Mona to W32.Mona.Worm 06/10/02 W32.Mortag.Worm to W32.Mortag 08/14/02 W32.Neysid@mm to W32.Alcarys.G@mm 06/13/02 W32.Nimda.F@mm to W32.Nimda.Q@mm 06/14/02 W32.Nios.14292 to W32.Golsys.14292 08/15/02 W32.Ultimax.Worm to W32.HLLW.Ultimax 07/18/02 W32.Warcraft to W32.Evala.Worm 07/12/02 W32.Yaha.D to W32.Lenti.Worm 06/10/02 W32.Yaha.D@mm to W32.Yaha.E@mm 06/18/02 W32.ZVM@mm to W32.Bajar.B@mm 07/03/02 W95.Dammit.Gen to W95.Dawn.Gen 06/10/02 W97M.Neysid@mm to W97M.Alcarys.G@mm 06/13/02 WM.Laroux.UB to XM.Laroux.UB 06/25/02 WNT.YdalBug.Worm to W32.Dalbug.Worm 07/09/02 X97M.Marker to X97M.Trevir 06/13/02 X97M.Neysid@mm to X97M.Alcarys.G@mm 06/13/02 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.MoSuck.dr to Backdoor.Mosuck.dr 08/15/02 W32.Nios.14292 to W32.Golsys.14292 08/15/02 Backdoor.MoSuck to Backdoor.Mosuck 08/14/02 Backdoor.NDad to Backdoor.Ndad 08/14/02 W32.Mortag.Worm to W32.Mortag 08/14/02 Bat.Natay to Bat.Natay@mm 08/13/02 VBS.Natay@mm to VBS.Natay 08/13/02 Boot.Wyx.c to Wyx.C (b) 08/12/02 Trojan.SharesEnable to Trojan.Sharnable 08/12/02 IRC.kierz to IRC.Kierz 08/05/02 W32.Alien.Worm to W32.Winfig.Gen 07/23/02 W32.Ultimax.Worm to W32.HLLW.Ultimax 07/18/02 Backdoor.Fragglerock to Backdoor.Fraggle 07/16/02 Backdoor.CrazyNet to Backdoor.Crazynet 07/12/02 Backdoor.TheefLE to Backdoor.Theef 07/12/02 W32.Kitty.Worm to W32.Supova.Worm 07/12/02 W32.Warcraft to W32.Evala.Worm 07/12/02 Bloodhound.W32.NN1 to Bloodhound.W32.2 07/09/02 Bloodhound.W32.NN2 to Bloodhound.W32.3 07/09/02 Bloodhound.W32.WH1 to Bloodhound.W32.1 07/09/02 VBS.Patch@mm to VBS.Slip.C@mm 07/09/02 W32.Kitro.D.int to W32.Kitro.D.Worm 07/09/02 W32.Liac@mm to W32.Liac.A@mm 07/09/02 WNT.YdalBug.Worm to W32.Dalbug.Worm 07/09/02 W32.Duni.Worm to W32.Kitro.C.Worm 07/08/02 W32.Fakeweed.Worm to W32.Alcaul.Worm 07/08/02 W32.Kiltro.Worm to W32.Kitro.A.Worm 07/08/02 VBS.ZVM@mm to VBS.Bajar.B@mm 07/03/02 W32.ZVM@mm to W32.Bajar.B@mm 07/03/02 W32.Gubed@mm to W32.Gubed.int 06/27/02 WM.Laroux.UB to XM.Laroux.UB 06/25/02 Supervisor.1256 to Zak.1256 06/20/02 Supervisor.2906 to Zak.2906 06/20/02 Backdoor.Gspot to Backdoor.Spigot 06/18/02 Trojan.NetBuie.A to Trojan.Allclicks.A 06/18/02 VBS.Krim.B@m to VBS.Krim.B 06/18/02 W32.Yaha.D@mm to W32.Yaha.E@mm 06/18/02 W32.Nimda.F@mm to W32.Nimda.Q@mm 06/14/02 Backdoor.Lithium to Backdoor.Lithium 06/13/02 Backdoor.Lithium to Backdoor.Lithium.B 06/13/02 W32.Neysid@mm to W32.Alcarys.G@mm 06/13/02 W97M.Neysid@mm to W97M.Alcarys.G@mm 06/13/02 X97M.Marker to X97M.Trevir 06/13/02 X97M.Neysid@mm to X97M.Alcarys.G@mm 06/13/02 Bloodhound.W32.WH1 to Bloodhound.W32.Simple 06/11/02 Bloodhound.W32.Simple to Bloodhound.W32.WH1 06/10/02 VBS.Bimorph@mm to VBS.Janis 06/10/02 W32.Mona to W32.Mona.Worm 06/10/02 W32.Yaha.D to W32.Lenti.Worm 06/10/02 W95.Dammit.Gen to W95.Dawn.Gen 06/10/02 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Acurev.272 File infector 06/10/02 Acurev.536 File infector 06/10/02 Adios.601 File infector 06/10/02 Adit.1210 File infector 06/10/02 Akuku.886 File infector 06/10/02 Akuku.886.E File infector 06/10/02 AntiPascal.400.D File infector 06/10/02 Antilamer.Trojan File infector 06/10/02 Apulia.17584 File infector 06/10/02 Bloodhound.W32.NN1 File infector 06/11/02 Bloodhound.W32.NN2 File infector 06/11/02 Joke.JS.Alert File infector 06/11/02 Pedophilia Trojan File infector 07/08/02 W32.Winfig.Gen File infector 07/23/02 Ydaerla File infector 06/11/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ W32.Winfig.Gen File infector 07/23/02 Pedophilia Trojan File infector 07/08/02 Bloodhound.W32.NN1 File infector 06/11/02 Bloodhound.W32.NN2 File infector 06/11/02 Joke.JS.Alert File infector 06/11/02 Ydaerla File infector 06/11/02 Acurev.272 File infector 06/10/02 Acurev.536 File infector 06/10/02 Adios.601 File infector 06/10/02 Adit.1210 File infector 06/10/02 Akuku.886 File infector 06/10/02 Akuku.886.E File infector 06/10/02 AntiPascal.400.D File infector 06/10/02 Antilamer.Trojan File infector 06/10/02 Apulia.17584 File infector 06/10/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.