********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response June 05, 2002 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W32.Klez.H@mm 2 W32.Nimda.A@mm 3 W32.Klez.E@mm 4 W32.Nimda.E@mm 5 W95.Hybris.worm 6 Trojan Horse 7 W32.Magistr.39921@mm 8 Backdoor.Trojan 9 JS.Seeker 10 W32.Badtrans.B@mm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/15/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). 08/19/99 * Added detection and repair for embedded documents inside PowerPoint 97. 11/22/99 * Added detection and repair for Trojans embedded in OLE files, such as Windows scrap files and MS Office documents. * Added detection for viruses which infect Microsoft Project documents (P98M.Corner.A, for example). 02/10/00 * Added support for scanning of UNIX executables. * Added detection for infected Visio documents. 12/18/00 * Added heuristics for for 32-bit Windows viruses. * Added a script scanner which increases our capabilities for detecting script based threats. 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- AIMpws.Trojan File infector 05/28/02 Adeni.Trojan File infector 05/30/02 Apulia.17584 File infector 05/21/02 Backdoor.Akosch File infector 06/03/02 Backdoor.DKAngel File infector 05/21/02 Backdoor.Feeth File infector 06/03/02 Backdoor.Ghost File infector 06/03/02 Backdoor.Lithium File infector 06/03/02 Backdoor.Muska File infector 06/03/02 Backdoor.Nemesis File infector 06/03/02 Backdoor.Omed.B File infector 05/22/02 Backdoor.Provder File infector 06/03/02 Backdoor.Subseven.cfg File infector 06/03/02 Backdoor.Trojan.dr(15) File infector 05/24/02 Backdoor.Trojan.dr(16) File infector 05/24/02 Backdoor.Tron File infector 06/05/02 Backdoor.Tubma File infector 06/05/02 Backdoor.Y3KRat.16 File infector 05/24/02 Backdoor.Yat File infector 06/05/02 Backdoor.actx File infector 05/24/02 Bashme.3241 File infector 05/21/02 Boot.Hive File infector 05/21/02 Boot.Lamerman.c File infector 05/21/02 Boot.Mia.9000 File infector 05/21/02 Cannabis.B File infector 05/24/02 Digispid.B.Worm File infector 05/21/02 Eek.B (b) Boot infector 05/20/02 Gdog.182 File infector 05/21/02 Goma.256 File infector 05/28/02 HLLC.Apocalipse File infector 05/30/02 HLLC.Energy.Family File infector 05/28/02 HLLC.Lerm.41732 File infector 05/30/02 HLLP.1442 File infector 05/22/02 HLLP.2337 File infector 05/30/02 HLLP.7991 File infector 05/30/02 HLLP.Blast.6300 File infector 05/30/02 Hacktool.AOLchat.DOS File infector 05/28/02 Hacktool.Echapa File infector 05/30/02 Hell.573 File infector 05/28/02 HotMailpws.Trojan File infector 05/28/02 ICQpws.Trojan File infector 05/28/02 Juntador.Trojan File infector 05/24/02 Keylogger.Trojan File infector 05/22/02 LANpws.Trojan File infector 05/28/02 Likha.2908 File infector 05/21/02 Linux.Mixter File infector 06/05/02 Linux.Simile File infector 05/24/02 Lucky.519 File infector 05/30/02 Manuel.510 File infector 05/24/02 Monster.gen File infector 06/03/02 Quantas.4315 File infector 06/04/02 Retch.1030 File infector 05/21/02 Retch.1055 File infector 05/22/02 Riot.600 File infector 05/21/02 Tetris.633 File infector 05/30/02 TotalChaos.B File infector 05/20/02 Tremor.4000.D File infector 05/21/02 Trojan.Humour File infector 06/03/02 Trojan.PWS.QQPass File infector 05/28/02 Trojan.W32.G-Spot File infector 06/03/02 Trojan.WinKill (2) File infector 05/30/02 VBS.Arica@mm File infector 06/05/02 VBS.Down File infector 05/30/02 VBS.Threed File infector 05/24/02 VBS.VBSWG.AQ@mm File infector 05/28/02 W2K.Team File infector 05/28/02 W32.Alisa File infector 06/05/02 W32.Benjamin.Worm File infector 05/20/02 W32.Buxth@mm File infector 05/30/02 W32.Chicken.Irc File infector 06/05/02 W32.Cloner File infector 06/04/02 W32.Coler File infector 06/04/02 W32.Eex File infector 06/05/02 W32.Enemany.A.int File infector 05/30/02 W32.Enemany.B@mm File infector 05/30/02 W32.Enemany.C@mm File infector 05/30/02 W32.Enemany.D@mm File infector 05/30/02 W32.Frethem.A@mm File infector 06/04/02 W32.Frethem.B@mm File infector 06/04/02 W32.Ginra File infector 06/05/02 W32.HLLP.Metrion File infector 06/05/02 W32.Idim File infector 05/24/02 W32.Juegos File infector 06/04/02 W32.Lame.1751 File infector 06/05/02 W32.Listas File infector 05/28/02 W32.PGN.Kit File infector 05/30/02 W32.Pet_Ticky.B@mm File infector 06/04/02 W32.Pet_ticky.gen File infector 05/30/02 W32.Shiba.Worm File infector 06/05/02 W32.Starfil File infector 06/05/02 W32.Unis.Kit File infector 05/30/02 W32.Yaha.D@mm File infector 05/21/02 W95.Sma File infector 05/30/02 W97M.Apish File infector 05/20/02 W97M.Beko@mm File infector 05/21/02 W97M.Hich File infector 05/30/02 WordPro.Spenty File infector 05/28/02 X97M.Ellar.E File infector 05/21/02 Xinix.533 File infector 05/20/02 YMpws.Trojan File infector 06/03/02 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Tron File infector 06/05/02 Backdoor.Tubma File infector 06/05/02 Backdoor.Yat File infector 06/05/02 Linux.Mixter File infector 06/05/02 VBS.Arica@mm File infector 06/05/02 W32.Alisa File infector 06/05/02 W32.Chicken.Irc File infector 06/05/02 W32.Eex File infector 06/05/02 W32.Ginra File infector 06/05/02 W32.HLLP.Metrion File infector 06/05/02 W32.Lame.1751 File infector 06/05/02 W32.Shiba.Worm File infector 06/05/02 W32.Starfil File infector 06/05/02 Quantas.4315 File infector 06/04/02 W32.Cloner File infector 06/04/02 W32.Coler File infector 06/04/02 W32.Frethem.A@mm File infector 06/04/02 W32.Frethem.B@mm File infector 06/04/02 W32.Juegos File infector 06/04/02 W32.Pet_Ticky.B@mm File infector 06/04/02 Backdoor.Akosch File infector 06/03/02 Backdoor.Feeth File infector 06/03/02 Backdoor.Ghost File infector 06/03/02 Backdoor.Lithium File infector 06/03/02 Backdoor.Muska File infector 06/03/02 Backdoor.Nemesis File infector 06/03/02 Backdoor.Provder File infector 06/03/02 Backdoor.Subseven.cfg File infector 06/03/02 Monster.gen File infector 06/03/02 Trojan.Humour File infector 06/03/02 Trojan.W32.G-Spot File infector 06/03/02 YMpws.Trojan File infector 06/03/02 Adeni.Trojan File infector 05/30/02 HLLC.Apocalipse File infector 05/30/02 HLLC.Lerm.41732 File infector 05/30/02 HLLP.2337 File infector 05/30/02 HLLP.7991 File infector 05/30/02 HLLP.Blast.6300 File infector 05/30/02 Hacktool.Echapa File infector 05/30/02 Lucky.519 File infector 05/30/02 Tetris.633 File infector 05/30/02 Trojan.WinKill (2) File infector 05/30/02 VBS.Down File infector 05/30/02 W32.Buxth@mm File infector 05/30/02 W32.Enemany.A.int File infector 05/30/02 W32.Enemany.B@mm File infector 05/30/02 W32.Enemany.C@mm File infector 05/30/02 W32.Enemany.D@mm File infector 05/30/02 W32.PGN.Kit File infector 05/30/02 W32.Pet_ticky.gen File infector 05/30/02 W32.Unis.Kit File infector 05/30/02 W95.Sma File infector 05/30/02 W97M.Hich File infector 05/30/02 AIMpws.Trojan File infector 05/28/02 Goma.256 File infector 05/28/02 HLLC.Energy.Family File infector 05/28/02 Hacktool.AOLchat.DOS File infector 05/28/02 Hell.573 File infector 05/28/02 HotMailpws.Trojan File infector 05/28/02 ICQpws.Trojan File infector 05/28/02 LANpws.Trojan File infector 05/28/02 Trojan.PWS.QQPass File infector 05/28/02 VBS.VBSWG.AQ@mm File infector 05/28/02 W2K.Team File infector 05/28/02 W32.Listas File infector 05/28/02 WordPro.Spenty File infector 05/28/02 Backdoor.Trojan.dr(15) File infector 05/24/02 Backdoor.Trojan.dr(16) File infector 05/24/02 Backdoor.Y3KRat.16 File infector 05/24/02 Backdoor.actx File infector 05/24/02 Cannabis.B File infector 05/24/02 Juntador.Trojan File infector 05/24/02 Linux.Simile File infector 05/24/02 Manuel.510 File infector 05/24/02 VBS.Threed File infector 05/24/02 W32.Idim File infector 05/24/02 Backdoor.Omed.B File infector 05/22/02 HLLP.1442 File infector 05/22/02 Keylogger.Trojan File infector 05/22/02 Retch.1055 File infector 05/22/02 Apulia.17584 File infector 05/21/02 Backdoor.DKAngel File infector 05/21/02 Bashme.3241 File infector 05/21/02 Boot.Hive File infector 05/21/02 Boot.Lamerman.c File infector 05/21/02 Boot.Mia.9000 File infector 05/21/02 Digispid.B.Worm File infector 05/21/02 Gdog.182 File infector 05/21/02 Likha.2908 File infector 05/21/02 Retch.1030 File infector 05/21/02 Riot.600 File infector 05/21/02 Tremor.4000.D File infector 05/21/02 W32.Yaha.D@mm File infector 05/21/02 W97M.Beko@mm File infector 05/21/02 X97M.Ellar.E File infector 05/21/02 Eek.B (b) Boot infector 05/20/02 TotalChaos.B File infector 05/20/02 W32.Benjamin.Worm File infector 05/20/02 W97M.Apish File infector 05/20/02 Xinix.533 File infector 05/20/02 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Arfav.28781 to Elf.3400 04/15/02 BAT.IBBM.Virus to BAT.IBBM.gen 04/30/02 BAT.Sway@mm to BAT.BWG@mm 05/01/02 Bat.Mosquito to Bat.Mosquito.B.gen 04/05/02 HLLO.10579 to Unhappy.763 04/11/02 IRC.Sway to IRC.BWG 05/01/02 JS.Odyssey.602.dr to JS.Odyssey.dr 03/18/02 Kilroy.h to Boot.Kilroy 05/02/02 Trojan.W32.G-Spot to Backdoor.Gspot 06/05/02 VBS.AntiSocial.E to VBS.AntiSocial 03/18/02 VBS.Bee.A to VBS.Bee 03/18/02 VBS.Breetnee@mm to VBS.Chick@mm 03/25/02 VBS.Infort.A to VBS.Infort 03/28/02 VBS.Janis to VBS.Bimorph@mm 05/17/02 VBS.Karga@mm to VBS.Horty@mm 04/29/02 VBS.TRun98 to JS.TRun98 03/18/02 W32.Acebo.Worm to W32.HLLW.Acebo 04/25/02 W32.Aphex@mm to W32.Aplore@mm 04/09/02 W32.Atram@mm to W32.Storiel@mm 03/20/02 W32.Bilido.Worm to W97M.Mxfile.L.gen 05/15/02 W32.Caric@mm to W32.MyLife.B@mm 03/22/02 W32.ElKern.3326 to W32.ElKern.gen 05/06/02 W32.Impo.Worm to W32.Impo.gen@mm 03/14/02 W32.Impo.gen@mm to W32.FBound.gen@mm 03/18/02 W32.Lenti.Worm to W32.Yaha.D 05/14/02 W32.Mona.Worm to W32.Mona 05/20/02 W32.NGVCK.Gen to W95.Doggie.AK 03/19/02 W32.Pet_ticky.gen to W32.Pet_Ticky.gen 06/03/02 W32.Shrug.gen to W32.Chiton.gen 04/29/02 W32.Trilisa.B@mm to W32.Trilisa.B 05/14/02 W32.VBSWG.dr to W32.Natah.intd 04/09/02 W95.Axiety.2471 to W95.Anxiety.2471 03/25/02 W95.Dawn.Gen to W95.Dammit.Gen 05/13/02 W95.Doggie.AK to W95.Deemo 04/03/02 W95.Stoogy@mm to W95.Stoogy.Worm@mm 04/16/02 W97M.BPTK.A to W97M.BPTK 03/20/02 W97M.Boluc.A@mm to W97M.Boluc@mm 04/23/02 W97M.Canned.A to W97M.Opener 03/20/02 W97M.Exceller.B to O97M.Exceller.B 04/12/02 W97M.Iav.B to W97M.Dest.G 03/20/02 W97M.Pr.A to W97M.Pr 03/20/02 W97M.Specmill.A to W97M.Specmil 03/20/02 W97M.Treoff.A to W97M.Doccopy.E 04/11/02 W97M.YourName.A to W97M.Intro.A 04/11/02 Weed.5590 (3) to Trivial.34 (1) 04/02/02 Winfig.Trojan to W32.Winfig.Gen 04/15/02 Worm.Automat.AGQ to VBS.Dracv 04/16/02 X97M.Plexar to O97M.Plexar 03/20/02 X97M.ROH.A to X97M.Ellar.D 04/11/02 X97M.Xchg to O97M.Xchg 04/05/02 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Trojan.W32.G-Spot to Backdoor.Gspot 06/05/02 W32.Pet_ticky.gen to W32.Pet_Ticky.gen 06/03/02 W32.Mona.Worm to W32.Mona 05/20/02 VBS.Janis to VBS.Bimorph@mm 05/17/02 W32.Bilido.Worm to W97M.Mxfile.L.gen 05/15/02 W32.Lenti.Worm to W32.Yaha.D 05/14/02 W32.Trilisa.B@mm to W32.Trilisa.B 05/14/02 W95.Dawn.Gen to W95.Dammit.Gen 05/13/02 W32.ElKern.3326 to W32.ElKern.gen 05/06/02 Kilroy.h to Boot.Kilroy 05/02/02 BAT.Sway@mm to BAT.BWG@mm 05/01/02 IRC.Sway to IRC.BWG 05/01/02 BAT.IBBM.Virus to BAT.IBBM.gen 04/30/02 VBS.Karga@mm to VBS.Horty@mm 04/29/02 W32.Shrug.gen to W32.Chiton.gen 04/29/02 W32.Acebo.Worm to W32.HLLW.Acebo 04/25/02 W97M.Boluc.A@mm to W97M.Boluc@mm 04/23/02 W95.Stoogy@mm to W95.Stoogy.Worm@mm 04/16/02 Worm.Automat.AGQ to VBS.Dracv 04/16/02 Arfav.28781 to Elf.3400 04/15/02 Winfig.Trojan to W32.Winfig.Gen 04/15/02 W97M.Exceller.B to O97M.Exceller.B 04/12/02 HLLO.10579 to Unhappy.763 04/11/02 W97M.Treoff.A to W97M.Doccopy.E 04/11/02 W97M.YourName.A to W97M.Intro.A 04/11/02 X97M.ROH.A to X97M.Ellar.D 04/11/02 W32.Aphex@mm to W32.Aplore@mm 04/09/02 W32.VBSWG.dr to W32.Natah.intd 04/09/02 Bat.Mosquito to Bat.Mosquito.B.gen 04/05/02 X97M.Xchg to O97M.Xchg 04/05/02 W95.Doggie.AK to W95.Deemo 04/03/02 Weed.5590 (3) to Trivial.34 (1) 04/02/02 VBS.Infort.A to VBS.Infort 03/28/02 VBS.Breetnee@mm to VBS.Chick@mm 03/25/02 W95.Axiety.2471 to W95.Anxiety.2471 03/25/02 W32.Caric@mm to W32.MyLife.B@mm 03/22/02 W32.Atram@mm to W32.Storiel@mm 03/20/02 W97M.BPTK.A to W97M.BPTK 03/20/02 W97M.Canned.A to W97M.Opener 03/20/02 W97M.Iav.B to W97M.Dest.G 03/20/02 W97M.Pr.A to W97M.Pr 03/20/02 W97M.Specmill.A to W97M.Specmil 03/20/02 X97M.Plexar to O97M.Plexar 03/20/02 W32.NGVCK.Gen to W95.Doggie.AK 03/19/02 JS.Odyssey.602.dr to JS.Odyssey.dr 03/18/02 VBS.AntiSocial.E to VBS.AntiSocial 03/18/02 VBS.Bee.A to VBS.Bee 03/18/02 VBS.TRun98 to JS.TRun98 03/18/02 W32.Impo.gen@mm to W32.FBound.gen@mm 03/18/02 W32.Impo.Worm to W32.Impo.gen@mm 03/14/02 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Boot.Stoned.Torm Boot infector 04/15/02 EICAR Test String File infector 04/30/02 EICAR Test String (2) File infector 04/30/02 EICAR Test String (3) File infector 04/30/02 EICAR Test String.70 File infector 04/30/02 HLL.9131 (1) File infector 04/15/02 HLL.9131 (2) File infector 04/15/02 HLLO.10579 (2) File infector 04/11/02 HLLO.10579 (3) File infector 04/11/02 IIS.Traversal-Exploit File infector 05/10/02 JS.Noclose File infector 05/08/02 Joke.JS.Alert File infector 05/21/02 Trojan.Fatkill File infector 05/01/02 Unhappy.763 File infector 04/11/02 W32.ElKern (gen) File infector 05/06/02 W32.ElKern.3587 File infector 05/06/02 W32.Klez.D@mm File infector 04/17/02 W32.Klez.H@mm File infector 04/17/02 WordPro.Spenty File infector 05/29/02 Ydaerla File infector 05/13/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ WordPro.Spenty File infector 05/29/02 Joke.JS.Alert File infector 05/21/02 Ydaerla File infector 05/13/02 IIS.Traversal-Exploit File infector 05/10/02 JS.Noclose File infector 05/08/02 W32.ElKern (gen) File infector 05/06/02 W32.ElKern.3587 File infector 05/06/02 Trojan.Fatkill File infector 05/01/02 EICAR Test String File infector 04/30/02 EICAR Test String (2) File infector 04/30/02 EICAR Test String (3) File infector 04/30/02 EICAR Test String.70 File infector 04/30/02 W32.Klez.D@mm File infector 04/17/02 W32.Klez.H@mm File infector 04/17/02 Boot.Stoned.Torm Boot infector 04/15/02 HLL.9131 (1) File infector 04/15/02 HLL.9131 (2) File infector 04/15/02 HLLO.10579 (2) File infector 04/11/02 HLLO.10579 (3) File infector 04/11/02 Unhappy.763 File infector 04/11/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.