********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response December 04, 2002 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W32.Bugbear@mm 2 W32.Klez.H@mm 3 W32.Opaserv.Worm 4 Trojan Horse 5 W95.Hybris.worm 6 W32.Datom.Worm 7 W95.Spaces.1445 8 W32.Klez.E@mm 9 W32.Yaha.F@mm 10 W95.CIH ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Ana.174 File infector 11/22/02 Asscom (bat) File infector 11/26/02 BAT.BWG.gen File infector 11/22/02 BAT.Snake File infector 12/02/02 Backdoor.Assasin.C File infector 11/22/02 Backdoor.Assasin.Dr File infector 12/04/02 Backdoor.Coreflood File infector 12/02/02 Backdoor.Daer File infector 11/26/02 Backdoor.Delf.E File infector 11/26/02 Backdoor.Denwp File infector 12/02/02 Backdoor.Fulamer.25 File infector 11/26/02 Backdoor.Ghoice.12 File infector 12/04/02 Backdoor.Lanfilt File infector 11/20/02 Backdoor.LoxoScam File infector 11/22/02 Backdoor.Malpayo File infector 11/26/02 Backdoor.NetDevil.Dr File infector 12/04/02 Backdoor.Ripjac File infector 11/21/02 Backdoor.Roxrat.12 File infector 12/04/02 Backdoor.Spoofbot File infector 11/20/02 Backdoor.Tourniq File infector 12/02/02 Bayak.179 File infector 11/26/02 Bin.Auto.CAQ File infector 12/02/02 Boot.DelPar.Trojan File infector 11/20/02 Ceydem.6750.Worm File infector 11/25/02 Ceydem.Worm.Variant File infector 11/25/02 Cruiser.1120 File infector 11/20/02 Dik.1393 File infector 11/21/02 Dikshev.188 File infector 11/26/02 Dikshev.192 File infector 11/26/02 Downloader.BO.dr File infector 11/22/02 Kondrik@mm File infector 12/02/02 Lonig.INT File infector 11/20/02 Muru.2529 File infector 12/04/02 PIF.Delwin.Trojan File infector 11/20/02 PWSteal.Avisa File infector 11/25/02 PWSteal.THG.Trojan File infector 12/04/02 Raidnx.1160 File infector 11/26/02 SH.Nirvus File infector 11/20/02 SH.Zq File infector 11/20/02 TAVC.Jazva File infector 11/20/02 Trivial.75.b File infector 11/26/02 Trojan.Apher File infector 11/22/02 Trojan.DCP File infector 12/04/02 Trojan.Macur File infector 12/02/02 VBS.8codes File infector 12/04/02 VBS.Cepic@mm File infector 11/26/02 VBS.Hypoth@mm File infector 11/26/02 VBS.Omsee File infector 12/04/02 VBS.Talorm@m File infector 11/26/02 VBS.Ypsan@mm File infector 12/02/02 VBS.Zsyang@mm File infector 11/21/02 VBuster.511 File infector 11/24/02 Vice.3987 File infector 12/04/02 W32.Balick.Trojan File infector 12/02/02 W32.Cervan.6256 File infector 12/02/02 W32.Cherich@mm File infector 12/02/02 W32.Cunar File infector 12/02/02 W32.Darkgoose.Trojan File infector 11/27/02 W32.Figbox File infector 11/20/02 W32.Funypic.Worm File infector 12/02/02 W32.Fusic@mm File infector 11/22/02 W32.HLLC.Godev File infector 12/02/02 W32.HLLP.Delf File infector 12/02/02 W32.HLLP.Handy File infector 11/26/02 W32.HLLP.Yelli File infector 12/02/02 W32.HLLW.Axata File infector 12/02/02 W32.HLLW.Bonny File infector 12/02/02 W32.HLLW.Bored File infector 12/02/02 W32.HLLW.Burnox@mm File infector 12/04/02 W32.HLLW.Cdil File infector 12/02/02 W32.HLLW.Datrix File infector 12/03/02 W32.HLLW.Eggnog File infector 12/02/02 W32.HLLW.Heffer File infector 11/20/02 W32.HLLW.Kovirz File infector 11/26/02 W32.HLLW.Lolol File infector 12/04/02 W32.HLLW.Pluto File infector 11/20/02 W32.HLLW.Winevar File infector 11/24/02 W32.Hobble.H@mm File infector 12/02/02 W32.Jaba File infector 12/02/02 W32.Kameral File infector 12/02/02 W32.Manifest.Trojan File infector 11/26/02 W32.Nulock File infector 11/20/02 W32.Valla.2048 File infector 11/24/02 W95.CIH.remnants File infector 11/21/02 W97M.BPTK.B File infector 11/26/02 W97M.Day13 File infector 12/02/02 W97M.DelAll.Trojan File infector 11/20/02 W97M.Heffer File infector 11/24/02 W97M.IAV.B File infector 12/02/02 W97M.NoMercy File infector 11/26/02 W97M.Omsee File infector 12/04/02 W97M.Opey.J File infector 12/04/02 W97M.Spwatch.B File infector 12/04/02 W97M.Trima.B File infector 12/04/02 W97M.Tropsap File infector 12/04/02 W97M.Xinap@mm File infector 12/04/02 WM.NoMercy File infector 11/26/02 X97M.Ortni.int File infector 12/04/02 X97M.Sugar.F File infector 12/02/02 X97M.War (bat) File infector 11/26/02 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Assasin.Dr File infector 12/04/02 Backdoor.Ghoice.12 File infector 12/04/02 Backdoor.NetDevil.Dr File infector 12/04/02 Backdoor.Roxrat.12 File infector 12/04/02 Muru.2529 File infector 12/04/02 PWSteal.THG.Trojan File infector 12/04/02 Trojan.DCP File infector 12/04/02 VBS.8codes File infector 12/04/02 VBS.Omsee File infector 12/04/02 Vice.3987 File infector 12/04/02 W32.HLLW.Burnox@mm File infector 12/04/02 W32.HLLW.Lolol File infector 12/04/02 W97M.Omsee File infector 12/04/02 W97M.Opey.J File infector 12/04/02 W97M.Spwatch.B File infector 12/04/02 W97M.Trima.B File infector 12/04/02 W97M.Tropsap File infector 12/04/02 W97M.Xinap@mm File infector 12/04/02 X97M.Ortni.int File infector 12/04/02 W32.HLLW.Datrix File infector 12/03/02 BAT.Snake File infector 12/02/02 Backdoor.Coreflood File infector 12/02/02 Backdoor.Denwp File infector 12/02/02 Backdoor.Tourniq File infector 12/02/02 Bin.Auto.CAQ File infector 12/02/02 Kondrik@mm File infector 12/02/02 Trojan.Macur File infector 12/02/02 VBS.Ypsan@mm File infector 12/02/02 W32.Balick.Trojan File infector 12/02/02 W32.Cervan.6256 File infector 12/02/02 W32.Cherich@mm File infector 12/02/02 W32.Cunar File infector 12/02/02 W32.Funypic.Worm File infector 12/02/02 W32.HLLC.Godev File infector 12/02/02 W32.HLLP.Delf File infector 12/02/02 W32.HLLP.Yelli File infector 12/02/02 W32.HLLW.Axata File infector 12/02/02 W32.HLLW.Bonny File infector 12/02/02 W32.HLLW.Bored File infector 12/02/02 W32.HLLW.Cdil File infector 12/02/02 W32.HLLW.Eggnog File infector 12/02/02 W32.Hobble.H@mm File infector 12/02/02 W32.Jaba File infector 12/02/02 W32.Kameral File infector 12/02/02 W97M.Day13 File infector 12/02/02 W97M.IAV.B File infector 12/02/02 X97M.Sugar.F File infector 12/02/02 W32.Darkgoose.Trojan File infector 11/27/02 Asscom (bat) File infector 11/26/02 Backdoor.Daer File infector 11/26/02 Backdoor.Delf.E File infector 11/26/02 Backdoor.Fulamer.25 File infector 11/26/02 Backdoor.Malpayo File infector 11/26/02 Bayak.179 File infector 11/26/02 Dikshev.188 File infector 11/26/02 Dikshev.192 File infector 11/26/02 Raidnx.1160 File infector 11/26/02 Trivial.75.b File infector 11/26/02 VBS.Cepic@mm File infector 11/26/02 VBS.Hypoth@mm File infector 11/26/02 VBS.Talorm@m File infector 11/26/02 W32.HLLP.Handy File infector 11/26/02 W32.HLLW.Kovirz File infector 11/26/02 W32.Manifest.Trojan File infector 11/26/02 W97M.BPTK.B File infector 11/26/02 W97M.NoMercy File infector 11/26/02 WM.NoMercy File infector 11/26/02 X97M.War (bat) File infector 11/26/02 Ceydem.6750.Worm File infector 11/25/02 Ceydem.Worm.Variant File infector 11/25/02 PWSteal.Avisa File infector 11/25/02 VBuster.511 File infector 11/24/02 W32.HLLW.Winevar File infector 11/24/02 W32.Valla.2048 File infector 11/24/02 W97M.Heffer File infector 11/24/02 Ana.174 File infector 11/22/02 BAT.BWG.gen File infector 11/22/02 Backdoor.Assasin.C File infector 11/22/02 Backdoor.LoxoScam File infector 11/22/02 Downloader.BO.dr File infector 11/22/02 Trojan.Apher File infector 11/22/02 W32.Fusic@mm File infector 11/22/02 Backdoor.Ripjac File infector 11/21/02 Dik.1393 File infector 11/21/02 VBS.Zsyang@mm File infector 11/21/02 W95.CIH.remnants File infector 11/21/02 Backdoor.Lanfilt File infector 11/20/02 Backdoor.Spoofbot File infector 11/20/02 Boot.DelPar.Trojan File infector 11/20/02 Cruiser.1120 File infector 11/20/02 Lonig.INT File infector 11/20/02 PIF.Delwin.Trojan File infector 11/20/02 SH.Nirvus File infector 11/20/02 SH.Zq File infector 11/20/02 TAVC.Jazva File infector 11/20/02 W32.Figbox File infector 11/20/02 W32.HLLW.Heffer File infector 11/20/02 W32.HLLW.Pluto File infector 11/20/02 W32.Nulock File infector 11/20/02 W97M.DelAll.Trojan File infector 11/20/02 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.Dumba to Trojan.Dumba 09/23/02 Backdoor.Floodnet to Backdoor.Endool 11/13/02 Bin.Auto.AZL to PS-MPC.535.B 09/13/02 Cruiser.1120 to Cruiser.1120.Int 11/26/02 Dik.1393 to Dik.1393.Int 11/26/02 HLLC.HappyFlowers to W32.HLLC.Happylow 09/11/02 IRC.Pelic.Worm to VBS.Pelic.Worm 10/02/02 Lonig.INT to Lonig.Kit 11/26/02 Syst.1665 to AOD.385.B 10/28/02 TAVC.Jazva to Jazva.686 11/26/02 Trojan.Imiserv to Backdoor.Imiserv 09/19/02 Trojan.PWS.QQPass.gKb6 to Trojan.PWS.QQPass.C 10/18/02 VBS.Likun@mm to VBS.Likun 11/05/02 VBS.Thambl to VBS.Lavra.B.Worm 09/12/02 W32.Alcarys.H to W32.HLLP.Flate 09/11/02 W32.Alcatap.Worm to W32.Hobble.F@mm 11/08/02 W32.Alpoor.6144 to W32.HLLP.Alpoor 09/20/02 W32.Efno.Worm to W32.HLLW.Efno 09/16/02 W32.Fanta.B.Worm to Fanta.Trojan.Dr 11/06/02 W32.Fanta.worm to Fanta.Trojan 11/06/02 W32.Gezak to W32.Prodvin 11/06/02 W32.HLLO.Mario to W32.HLLO.Marion 11/08/02 W32.HLLO.Samand to W32.HLLC.Samand 10/10/02 W32.HLLP.Alpoor to W32.HLLP.Flate.C 09/25/02 W32.HLLW.Smilex to W32.Stupid.D 11/08/02 W32.Jonbarr.B@mm to W32.Jonbarr.C@mm 11/12/02 W32.Manex.Worm to W32.HLLW.Manex 11/12/02 W32.Protex.Worm to W32.Duksten.B@mm 10/24/02 W32.Seesix.Worm to W32.HLLP.VB.14336.C 11/04/02 W32.Topsec.Worm to W32.Topsec 10/14/02 W32.Tossed@mm to HLLW.Tossed@mm 11/06/02 W32.Walcomp to W32.HLLC.Happylow 09/13/02 W32.Wun.Irc to W32.Wuno.Irc 11/08/02 W95.CIH.1094 to W95.CIH.1106 11/20/02 W95.Sleepyhead to W95.Sleepyhead.5632 10/22/02 W97M.Swatch to W97M.Spwatch 12/04/02 W97M.Thus.bi to W97M.Thus.BI 11/19/02 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ W97M.Swatch to W97M.Spwatch 12/04/02 Cruiser.1120 to Cruiser.1120.Int 11/26/02 Dik.1393 to Dik.1393.Int 11/26/02 Lonig.INT to Lonig.Kit 11/26/02 TAVC.Jazva to Jazva.686 11/26/02 W95.CIH.1094 to W95.CIH.1106 11/20/02 W97M.Thus.bi to W97M.Thus.BI 11/19/02 Backdoor.Floodnet to Backdoor.Endool 11/13/02 W32.Jonbarr.B@mm to W32.Jonbarr.C@mm 11/12/02 W32.Manex.Worm to W32.HLLW.Manex 11/12/02 W32.Alcatap.Worm to W32.Hobble.F@mm 11/08/02 W32.HLLO.Mario to W32.HLLO.Marion 11/08/02 W32.HLLW.Smilex to W32.Stupid.D 11/08/02 W32.Wun.Irc to W32.Wuno.Irc 11/08/02 W32.Fanta.B.Worm to Fanta.Trojan.Dr 11/06/02 W32.Fanta.worm to Fanta.Trojan 11/06/02 W32.Gezak to W32.Prodvin 11/06/02 W32.Tossed@mm to HLLW.Tossed@mm 11/06/02 VBS.Likun@mm to VBS.Likun 11/05/02 W32.Seesix.Worm to W32.HLLP.VB.14336.C 11/04/02 Syst.1665 to AOD.385.B 10/28/02 W32.Protex.Worm to W32.Duksten.B@mm 10/24/02 W95.Sleepyhead to W95.Sleepyhead.5632 10/22/02 Trojan.PWS.QQPass.gKb6 to Trojan.PWS.QQPass.C 10/18/02 W32.Topsec.Worm to W32.Topsec 10/14/02 W32.HLLO.Samand to W32.HLLC.Samand 10/10/02 IRC.Pelic.Worm to VBS.Pelic.Worm 10/02/02 W32.HLLP.Alpoor to W32.HLLP.Flate.C 09/25/02 Backdoor.Dumba to Trojan.Dumba 09/23/02 W32.Alpoor.6144 to W32.HLLP.Alpoor 09/20/02 Trojan.Imiserv to Backdoor.Imiserv 09/19/02 W32.Efno.Worm to W32.HLLW.Efno 09/16/02 Bin.Auto.AZL to PS-MPC.535.B 09/13/02 W32.Walcomp to W32.HLLC.Happylow 09/13/02 VBS.Thambl to VBS.Lavra.B.Worm 09/12/02 HLLC.HappyFlowers to W32.HLLC.Happylow 09/11/02 W32.Alcarys.H to W32.HLLP.Flate 09/11/02 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ BAT911.Worm File infector 11/05/02 Bin.Auto.CAQ File infector 12/04/02 JS.WindowBomb File infector 09/26/02 VBS.Breberka@mm File infector 10/29/02 VBS.Draft@mm File infector 10/29/02 VBS.Futonik@mm File infector 10/29/02 W32.Compo File infector 10/21/02 W32.HLLC.Happylow File infector 09/13/02 W32.Hotlix.Worm File infector 11/12/02 W97M.Pane File infector 10/11/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ Bin.Auto.CAQ File infector 12/04/02 W32.Hotlix.Worm File infector 11/12/02 BAT911.Worm File infector 11/05/02 VBS.Breberka@mm File infector 10/29/02 VBS.Draft@mm File infector 10/29/02 VBS.Futonik@mm File infector 10/29/02 W32.Compo File infector 10/21/02 W97M.Pane File infector 10/11/02 JS.WindowBomb File infector 09/26/02 W32.HLLC.Happylow File infector 09/13/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.