********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response August 05, 2002 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W32.Klez.H@mm 2 W32.Nimda.A@mm 3 W32.Klez.E@mm 4 W32.Nimda.E@mm 5 W95.Hybris.worm 6 Trojan Horse 7 W32.Magistr.39921@mm 8 Backdoor.Trojan 9 JS.Seeker 10 W32.Badtrans.B@mm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 02/18/99 * Detection and repair of macro viruses in Word and Excel 2000 documents. 05/15/99 * Added repair for PowerPoint viruses. * Improved heuristics to detect more WORD 97 related viruses. 06/10/99 * Menu repair technology for WORD macro viruses that change command bar customizations in NORMAL.DOT. 07/12/99 * Added support for scanning of Ichitaro 8/9 documents. (Ichitaro is a Japanese word processing program). 08/19/99 * Added detection and repair for embedded documents inside PowerPoint 97. 11/22/99 * Added detection and repair for Trojans embedded in OLE files, such as Windows scrap files and MS Office documents. * Added detection for viruses which infect Microsoft Project documents (P98M.Corner.A, for example). 02/10/00 * Added support for scanning of UNIX executables. * Added detection for infected Visio documents. 12/18/00 * Added heuristics for for 32-bit Windows viruses. * Added a script scanner which increases our capabilities for detecting script based threats. 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Aduj.1406 File infector 07/22/02 BAT.Batwin.Worm File infector 07/22/02 BAT.Br File infector 07/22/02 BAT.Covex File infector 07/22/02 BAT.Eversaw.B@mm File infector 07/18/02 BAT.FineKiller File infector 07/22/02 BAT.Rofs File infector 07/22/02 BAT.Tryc File infector 07/22/02 Backdoor.Delf File infector 08/05/02 Backdoor.Ducktoy File infector 07/19/02 Backdoor.Winshell File infector 08/05/02 Bin.Auto.BXW File infector 07/25/02 Bin.Auto.BXX File infector 07/25/02 Bin.Auto.BXY File infector 07/25/02 Bin.Auto.BXZ File infector 07/25/02 Bin.Auto.BYA File infector 07/25/02 Bin.Auto.BYB File infector 07/25/02 Bin.Auto.BYC File infector 07/25/02 Bin.Auto.BYD File infector 07/25/02 Bin.Auto.BYE File infector 07/25/02 Bin.Auto.BYF File infector 07/25/02 Bin.Auto.BYG File infector 07/25/02 Bin.Auto.BYH File infector 07/25/02 Bin.Auto.BYI File infector 07/25/02 Bin.Auto.BYJ File infector 07/25/02 Bin.Auto.BYK File infector 07/25/02 Bin.Auto.BYL File infector 07/25/02 Bin.Auto.BYM File infector 07/26/02 Bin.Auto.BYN File infector 07/26/02 Bin.Auto.BYO File infector 07/26/02 Bin.Auto.BYP File infector 07/26/02 Bin.Auto.BYQ File infector 07/26/02 Bin.Auto.BYR File infector 07/26/02 Bin.Auto.BYS File infector 07/26/02 Bin.Auto.BYT File infector 07/26/02 Bin.Auto.BYU File infector 07/26/02 Bin.Auto.BYV File infector 07/26/02 Bin.Auto.BYW File infector 07/26/02 Dadu File infector 07/22/02 HLLC.9088 File infector 07/30/02 HLLO.Bas.Xyc File infector 07/22/02 HLLP.Maxim.5445 File infector 07/31/02 IRC.Mizi.Worm File infector 07/31/02 IRC.kierz File infector 08/02/02 Joneg.661 File infector 07/22/02 Lockjaw.1046 File infector 07/22/02 P_F.598 File infector 08/05/02 Perl.Tict File infector 08/02/02 Pilce Boot infector 07/22/02 Trojan.Beway File infector 07/25/02 Trojan.Junnan File infector 08/02/02 Trojan.Pandora File infector 07/22/02 Trojan.Ring0.B File infector 07/17/02 Unix.Tvar File infector 07/22/02 VBS.CandyLove File infector 07/29/02 VBS.Sealug@mm File infector 08/02/02 VBS.Zevach File infector 07/22/02 W32.AJM.Worm File infector 08/02/02 W32.Assarm@mm File infector 08/02/02 W32.Blarap File infector 08/02/02 W32.BleBla.J.Worm File infector 08/02/02 W32.Cbomb File infector 07/30/02 W32.Chir.B.enc File infector 08/02/02 W32.Chir.B@mm File infector 07/30/02 W32.Chir.B@mm(html) File infector 08/02/02 W32.Elkern.dam File infector 07/23/02 W32.Forlorn@mm File infector 08/05/02 W32.Frethem.C@mm File infector 07/17/02 W32.Frethem.F@mm File infector 07/17/02 W32.Golsys.8020 File infector 08/02/02 W32.Grador File infector 07/26/02 W32.HLLW.Carlotta File infector 07/22/02 W32.HLLW.Electron File infector 07/29/02 W32.HLLW.Kazmor.C File infector 08/02/02 W32.HLLW.Lama File infector 08/02/02 W32.HLLW.Sambut File infector 08/02/02 W32.HLLW.Yoohoo File infector 07/19/02 W32.HLLW.Yoohoo.B File infector 08/02/02 W32.Holar.A@mm File infector 07/31/02 W32.Kamil File infector 08/02/02 W32.Kitro.E.Worm File infector 07/19/02 W32.Kotef File infector 08/02/02 W32.Langex@mm File infector 07/29/02 W32.Lavehn.A@mm File infector 07/22/02 W32.Manymize@mm File infector 07/25/02 W32.Niqim File infector 07/19/02 W32.Parol@mm File infector 07/31/02 W32.Pigs@m File infector 08/02/02 W32.Qudos File infector 07/22/02 W32.Siltund.Worm File infector 08/02/02 W32.Supova.B.Worm File infector 07/18/02 W32.Urick.A@mm File infector 07/25/02 W32.Venzu.Worm File infector 08/05/02 W95.Bodgy.3230 File infector 07/22/02 W97M.Cane File infector 07/26/02 W97M.Peddec.A File infector 07/31/02 W97M.Saver.G File infector 07/22/02 W97M.Twopey.C File infector 07/30/02 W97M.Zine File infector 08/02/02 XS.577 File infector 07/22/02 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Delf File infector 08/05/02 Backdoor.Winshell File infector 08/05/02 P_F.598 File infector 08/05/02 W32.Forlorn@mm File infector 08/05/02 W32.Venzu.Worm File infector 08/05/02 IRC.kierz File infector 08/02/02 Perl.Tict File infector 08/02/02 Trojan.Junnan File infector 08/02/02 VBS.Sealug@mm File infector 08/02/02 W32.AJM.Worm File infector 08/02/02 W32.Assarm@mm File infector 08/02/02 W32.Blarap File infector 08/02/02 W32.BleBla.J.Worm File infector 08/02/02 W32.Chir.B.enc File infector 08/02/02 W32.Chir.B@mm(html) File infector 08/02/02 W32.Golsys.8020 File infector 08/02/02 W32.HLLW.Kazmor.C File infector 08/02/02 W32.HLLW.Lama File infector 08/02/02 W32.HLLW.Sambut File infector 08/02/02 W32.HLLW.Yoohoo.B File infector 08/02/02 W32.Kamil File infector 08/02/02 W32.Kotef File infector 08/02/02 W32.Pigs@m File infector 08/02/02 W32.Siltund.Worm File infector 08/02/02 W97M.Zine File infector 08/02/02 HLLP.Maxim.5445 File infector 07/31/02 IRC.Mizi.Worm File infector 07/31/02 W32.Holar.A@mm File infector 07/31/02 W32.Parol@mm File infector 07/31/02 W97M.Peddec.A File infector 07/31/02 HLLC.9088 File infector 07/30/02 W32.Cbomb File infector 07/30/02 W32.Chir.B@mm File infector 07/30/02 W97M.Twopey.C File infector 07/30/02 VBS.CandyLove File infector 07/29/02 W32.HLLW.Electron File infector 07/29/02 W32.Langex@mm File infector 07/29/02 Bin.Auto.BYM File infector 07/26/02 Bin.Auto.BYN File infector 07/26/02 Bin.Auto.BYO File infector 07/26/02 Bin.Auto.BYP File infector 07/26/02 Bin.Auto.BYQ File infector 07/26/02 Bin.Auto.BYR File infector 07/26/02 Bin.Auto.BYS File infector 07/26/02 Bin.Auto.BYT File infector 07/26/02 Bin.Auto.BYU File infector 07/26/02 Bin.Auto.BYV File infector 07/26/02 Bin.Auto.BYW File infector 07/26/02 W32.Grador File infector 07/26/02 W97M.Cane File infector 07/26/02 Bin.Auto.BXW File infector 07/25/02 Bin.Auto.BXX File infector 07/25/02 Bin.Auto.BXY File infector 07/25/02 Bin.Auto.BXZ File infector 07/25/02 Bin.Auto.BYA File infector 07/25/02 Bin.Auto.BYB File infector 07/25/02 Bin.Auto.BYC File infector 07/25/02 Bin.Auto.BYD File infector 07/25/02 Bin.Auto.BYE File infector 07/25/02 Bin.Auto.BYF File infector 07/25/02 Bin.Auto.BYG File infector 07/25/02 Bin.Auto.BYH File infector 07/25/02 Bin.Auto.BYI File infector 07/25/02 Bin.Auto.BYJ File infector 07/25/02 Bin.Auto.BYK File infector 07/25/02 Bin.Auto.BYL File infector 07/25/02 Trojan.Beway File infector 07/25/02 W32.Manymize@mm File infector 07/25/02 W32.Urick.A@mm File infector 07/25/02 W32.Elkern.dam File infector 07/23/02 Aduj.1406 File infector 07/22/02 BAT.Batwin.Worm File infector 07/22/02 BAT.Br File infector 07/22/02 BAT.Covex File infector 07/22/02 BAT.FineKiller File infector 07/22/02 BAT.Rofs File infector 07/22/02 BAT.Tryc File infector 07/22/02 Dadu File infector 07/22/02 HLLO.Bas.Xyc File infector 07/22/02 Joneg.661 File infector 07/22/02 Lockjaw.1046 File infector 07/22/02 Pilce Boot infector 07/22/02 Trojan.Pandora File infector 07/22/02 Unix.Tvar File infector 07/22/02 VBS.Zevach File infector 07/22/02 W32.HLLW.Carlotta File infector 07/22/02 W32.Lavehn.A@mm File infector 07/22/02 W32.Qudos File infector 07/22/02 W95.Bodgy.3230 File infector 07/22/02 W97M.Saver.G File infector 07/22/02 XS.577 File infector 07/22/02 Backdoor.Ducktoy File infector 07/19/02 W32.HLLW.Yoohoo File infector 07/19/02 W32.Kitro.E.Worm File infector 07/19/02 W32.Niqim File infector 07/19/02 BAT.Eversaw.B@mm File infector 07/18/02 W32.Supova.B.Worm File infector 07/18/02 Trojan.Ring0.B File infector 07/17/02 W32.Frethem.C@mm File infector 07/17/02 W32.Frethem.F@mm File infector 07/17/02 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.CrazyNet to Backdoor.Crazynet 07/12/02 Backdoor.Fragglerock to Backdoor.Fraggle 07/16/02 Backdoor.Gspot to Backdoor.Spigot 06/18/02 Backdoor.Lithium to Backdoor.Lithium 06/13/02 Backdoor.Lithium to Backdoor.Lithium.B 06/13/02 Backdoor.TheefLE to Backdoor.Theef 07/12/02 Bloodhound.W32.NN1 to Bloodhound.W32.2 07/09/02 Bloodhound.W32.NN2 to Bloodhound.W32.3 07/09/02 Bloodhound.W32.Simple to Bloodhound.W32.WH1 06/10/02 Bloodhound.W32.WH1 to Bloodhound.W32.1 07/09/02 Bloodhound.W32.WH1 to Bloodhound.W32.Simple 06/11/02 IRC.kierz to IRC.Kierz 08/05/02 Supervisor.1256 to Zak.1256 06/20/02 Supervisor.2906 to Zak.2906 06/20/02 Trojan.NetBuie.A to Trojan.Allclicks.A 06/18/02 Trojan.W32.G-Spot to Backdoor.Gspot 06/05/02 Tuil.W95.Trojan to W95.Tuil.Trojan 06/08/02 VBS.Bimorph@mm to VBS.Janis 06/10/02 VBS.Janis to VBS.Bimorph@mm 05/17/02 VBS.Krim.B@m to VBS.Krim.B 06/18/02 VBS.Patch@mm to VBS.Slip.C@mm 07/09/02 VBS.ZVM@mm to VBS.Bajar.B@mm 07/03/02 VBS.noggaz to VBS.Noggaz 06/08/02 W32.Alien.Worm to W32.Winfig.Gen 07/23/02 W32.Bilido.Worm to W97M.Mxfile.L.gen 05/15/02 W32.Duni.Worm to W32.Kitro.C.Worm 07/08/02 W32.Fakeweed.Worm to W32.Alcaul.Worm 07/08/02 W32.Gubed@mm to W32.Gubed.int 06/27/02 W32.Kiltro.Worm to W32.Kitro.A.Worm 07/08/02 W32.Kitro.D.int to W32.Kitro.D.Worm 07/09/02 W32.Kitty.Worm to W32.Supova.Worm 07/12/02 W32.Lame.1751 to W32.Lamy.gen 06/06/02 W32.Lenti.Worm to W32.Yaha.D 05/14/02 W32.Liac@mm to W32.Liac.A@mm 07/09/02 W32.Mona to W32.Mona.Worm 06/10/02 W32.Mona.Worm to W32.Mona 05/20/02 W32.Neysid@mm to W32.Alcarys.G@mm 06/13/02 W32.Nimda.F@mm to W32.Nimda.Q@mm 06/14/02 W32.Pet_ticky.gen to W32.Pet_Ticky.gen 06/03/02 W32.Ultimax.Worm to W32.HLLW.Ultimax 07/18/02 W32.Warcraft to W32.Evala.Worm 07/12/02 W32.Yaha.D to W32.Lenti.Worm 06/10/02 W32.Yaha.D@mm to W32.Yaha.E@mm 06/18/02 W32.ZVM@mm to W32.Bajar.B@mm 07/03/02 W95.Dammit.Gen to W95.Dawn.Gen 06/10/02 W97M.Neysid@mm to W97M.Alcarys.G@mm 06/13/02 WM.Laroux.UB to XM.Laroux.UB 06/25/02 WNT.YdalBug.Worm to W32.Dalbug.Worm 07/09/02 X97M.Marker to X97M.Trevir 06/13/02 X97M.Neysid@mm to X97M.Alcarys.G@mm 06/13/02 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ IRC.kierz to IRC.Kierz 08/05/02 W32.Alien.Worm to W32.Winfig.Gen 07/23/02 W32.Ultimax.Worm to W32.HLLW.Ultimax 07/18/02 Backdoor.Fragglerock to Backdoor.Fraggle 07/16/02 Backdoor.CrazyNet to Backdoor.Crazynet 07/12/02 Backdoor.TheefLE to Backdoor.Theef 07/12/02 W32.Kitty.Worm to W32.Supova.Worm 07/12/02 W32.Warcraft to W32.Evala.Worm 07/12/02 Bloodhound.W32.NN1 to Bloodhound.W32.2 07/09/02 Bloodhound.W32.NN2 to Bloodhound.W32.3 07/09/02 Bloodhound.W32.WH1 to Bloodhound.W32.1 07/09/02 VBS.Patch@mm to VBS.Slip.C@mm 07/09/02 W32.Kitro.D.int to W32.Kitro.D.Worm 07/09/02 W32.Liac@mm to W32.Liac.A@mm 07/09/02 WNT.YdalBug.Worm to W32.Dalbug.Worm 07/09/02 W32.Duni.Worm to W32.Kitro.C.Worm 07/08/02 W32.Fakeweed.Worm to W32.Alcaul.Worm 07/08/02 W32.Kiltro.Worm to W32.Kitro.A.Worm 07/08/02 VBS.ZVM@mm to VBS.Bajar.B@mm 07/03/02 W32.ZVM@mm to W32.Bajar.B@mm 07/03/02 W32.Gubed@mm to W32.Gubed.int 06/27/02 WM.Laroux.UB to XM.Laroux.UB 06/25/02 Supervisor.1256 to Zak.1256 06/20/02 Supervisor.2906 to Zak.2906 06/20/02 Backdoor.Gspot to Backdoor.Spigot 06/18/02 Trojan.NetBuie.A to Trojan.Allclicks.A 06/18/02 VBS.Krim.B@m to VBS.Krim.B 06/18/02 W32.Yaha.D@mm to W32.Yaha.E@mm 06/18/02 W32.Nimda.F@mm to W32.Nimda.Q@mm 06/14/02 Backdoor.Lithium to Backdoor.Lithium 06/13/02 Backdoor.Lithium to Backdoor.Lithium.B 06/13/02 W32.Neysid@mm to W32.Alcarys.G@mm 06/13/02 W97M.Neysid@mm to W97M.Alcarys.G@mm 06/13/02 X97M.Marker to X97M.Trevir 06/13/02 X97M.Neysid@mm to X97M.Alcarys.G@mm 06/13/02 Bloodhound.W32.WH1 to Bloodhound.W32.Simple 06/11/02 Bloodhound.W32.Simple to Bloodhound.W32.WH1 06/10/02 VBS.Bimorph@mm to VBS.Janis 06/10/02 W32.Mona to W32.Mona.Worm 06/10/02 W32.Yaha.D to W32.Lenti.Worm 06/10/02 W95.Dammit.Gen to W95.Dawn.Gen 06/10/02 Tuil.W95.Trojan to W95.Tuil.Trojan 06/08/02 VBS.noggaz to VBS.Noggaz 06/08/02 W32.Lame.1751 to W32.Lamy.gen 06/06/02 Trojan.W32.G-Spot to Backdoor.Gspot 06/05/02 W32.Pet_ticky.gen to W32.Pet_Ticky.gen 06/03/02 W32.Mona.Worm to W32.Mona 05/20/02 VBS.Janis to VBS.Bimorph@mm 05/17/02 W32.Bilido.Worm to W97M.Mxfile.L.gen 05/15/02 W32.Lenti.Worm to W32.Yaha.D 05/14/02 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Acurev.272 File infector 06/10/02 Acurev.536 File infector 06/10/02 Adios.601 File infector 06/10/02 Adit.1210 File infector 06/10/02 Akuku.886 File infector 06/10/02 Akuku.886.E File infector 06/10/02 AntiPascal.400.D File infector 06/10/02 Antilamer.Trojan File infector 06/10/02 Apulia.17584 File infector 06/10/02 Bloodhound.W32.NN1 File infector 06/11/02 Bloodhound.W32.NN2 File infector 06/11/02 Joke.JS.Alert File infector 06/11/02 Pedophilia Trojan File infector 07/08/02 W32.Winfig.Gen File infector 07/23/02 Ydaerla File infector 06/11/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ W32.Winfig.Gen File infector 07/23/02 Pedophilia Trojan File infector 07/08/02 Bloodhound.W32.NN1 File infector 06/11/02 Bloodhound.W32.NN2 File infector 06/11/02 Joke.JS.Alert File infector 06/11/02 Ydaerla File infector 06/11/02 Acurev.272 File infector 06/10/02 Acurev.536 File infector 06/10/02 Adios.601 File infector 06/10/02 Adit.1210 File infector 06/10/02 Akuku.886 File infector 06/10/02 Akuku.886.E File infector 06/10/02 AntiPascal.400.D File infector 06/10/02 Antilamer.Trojan File infector 06/10/02 Apulia.17584 File infector 06/10/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.