********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response January 07, 2003 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W32.Bugbear@mm 2 W32.Klez.H@mm 3 W32.Opaserv.Worm 4 Trojan Horse 5 W95.Hybris.worm 6 W32.Datom.Worm 7 W95.Spaces.1445 8 W32.Klez.E@mm 9 W32.Yaha.F@mm 10 W95.CIH ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- AD.206 File infector 12/20/02 AFV.517 File infector 12/23/02 AI22.1659 File infector 12/23/02 Acy.790 File infector 12/20/02 Adindi.1976 File infector 12/23/02 Adrenaline.552 File infector 12/23/02 Ale.1911 File infector 12/26/02 Alien.480 File infector 12/26/02 Anad.725 File infector 12/30/02 Anarchy.1268 File infector 12/30/02 Anarchy.300 File infector 12/30/02 April.426 File infector 12/26/02 BAT.YpocPX File infector 01/04/03 Backdoor.Amitis File infector 01/07/03 Backdoor.Assasin.D File infector 12/30/02 Backdoor.Bionet.306 File infector 01/07/03 Backdoor.Bionet.312 File infector 01/07/03 Backdoor.Cow File infector 12/27/02 Backdoor.Deftcode File infector 01/07/03 Backdoor.Hornet File infector 12/20/02 Backdoor.Lala File infector 12/23/02 Backdoor.NetDevil.B File infector 12/27/02 Backdoor.NetTrojan File infector 12/24/02 Backdoor.Ohpass File infector 01/07/03 Backdoor.OptixPro.10.c File infector 01/04/03 Backdoor.Servsax File infector 12/23/02 Backdoor.Upfudoor File infector 12/23/02 Editz.656 File infector 12/26/02 Fidel File and Boot infector 01/04/03 I13.Albi.2180 File infector 12/26/02 JS.Frist File infector 12/24/02 Killboot.145 (b) Boot infector 12/31/02 Moonlite.380 File infector 01/07/03 Neurot.568 File infector 12/24/02 OL.281.b File infector 12/31/02 PS-MPC.298 File infector 01/07/03 PWSteal.AlLight File infector 01/06/03 PWSteal.Rimd File infector 12/31/02 SillyC.235 File infector 12/31/02 SillyC.241.b(2) File infector 12/31/02 SillyC.305 File infector 01/07/03 SillyC.544 File infector 12/31/02 SillyCO.728 File infector 01/07/03 SillyRCE.490 File infector 12/31/02 Ternopol.1653 File infector 12/23/02 Tiny.family File infector 12/27/02 Trivial.223 File infector 12/24/02 Trojan.Dasmin File infector 01/02/03 Trojan.KKiller File infector 01/07/03 Trojan.Killboot File infector 12/31/02 Trojan.PSW.Platan.5.A File infector 01/07/03 Trojan.Unblockee File infector 01/02/03 V.594 File infector 12/31/02 VBS.Celeron.B.Worm File infector 12/31/02 VBS.Celeron.Worm File infector 12/24/02 VBS.Fit.A File infector 12/31/02 VBS.K-Osb@mm File infector 12/24/02 VBS.Kagra@mm File infector 01/07/03 VBS.PPWCK.gen File infector 01/07/03 VBS.Seniat File infector 12/26/02 VBS.Sysnom@mm File infector 12/24/02 VCL.579 File infector 12/31/02 W32.Asterz@mm File infector 01/07/03 W32.Backzat.Worm File infector 12/26/02 W32.Cicicc File infector 01/07/03 W32.Coflop@mm File infector 01/07/03 W32.Dexec File infector 01/07/03 W32.Duksten.D@mm File infector 12/24/02 W32.Duksten.E@mm File infector 12/24/02 W32.Erdine File infector 12/23/02 W32.Flita File infector 01/03/03 W32.HLLW.Backzat.B File infector 12/31/02 W32.HLLW.Backzat.C File infector 01/04/03 W32.HLLW.GOP.F@mm File infector 01/04/03 W32.HLLW.Gotit File infector 01/07/03 W32.HLLW.Sodabot File infector 12/27/02 W32.HLLW.Stiq File infector 01/06/03 W32.HLLW.Zule File infector 12/26/02 W32.Junkcomp File infector 01/07/03 W32.Kwbot.B.Worm File infector 01/03/03 W32.Lirva.A@mm File infector 01/07/03 W32.Opaserv.K.Worm File infector 12/24/02 W32.Orfina@mm File infector 12/24/02 W32.Recory@mm File infector 01/02/03 W32.Ronoper.Worm File infector 01/07/03 W32.Yaha.K@mm File infector 12/26/02 W32.Yaha.L@mm File infector 12/31/02 W32.Yaha.M@mm File infector 01/07/03 W32.campurf@mm File infector 01/03/03 W97M.Bluduag File infector 12/24/02 W97M.Ciga@mm File infector 12/27/02 W97M.Goto File infector 12/24/02 W97M.Killboot File infector 12/31/02 W97M.MPPN2 File infector 12/26/02 W97M.SMVC File infector 12/26/02 W97M.Seniat File infector 12/26/02 W97M.TH.Int File infector 01/06/03 WM.NOP.AB File infector 12/30/02 X97M.Fireal File infector 12/30/02 Yukon.866 File infector 12/31/02 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Amitis File infector 01/07/03 Backdoor.Bionet.306 File infector 01/07/03 Backdoor.Bionet.312 File infector 01/07/03 Backdoor.Deftcode File infector 01/07/03 Backdoor.Ohpass File infector 01/07/03 Moonlite.380 File infector 01/07/03 PS-MPC.298 File infector 01/07/03 SillyC.305 File infector 01/07/03 SillyCO.728 File infector 01/07/03 Trojan.KKiller File infector 01/07/03 Trojan.PSW.Platan.5.A File infector 01/07/03 VBS.Kagra@mm File infector 01/07/03 VBS.PPWCK.gen File infector 01/07/03 W32.Asterz@mm File infector 01/07/03 W32.Cicicc File infector 01/07/03 W32.Coflop@mm File infector 01/07/03 W32.Dexec File infector 01/07/03 W32.HLLW.Gotit File infector 01/07/03 W32.Junkcomp File infector 01/07/03 W32.Lirva.A@mm File infector 01/07/03 W32.Ronoper.Worm File infector 01/07/03 W32.Yaha.M@mm File infector 01/07/03 PWSteal.AlLight File infector 01/06/03 W32.HLLW.Stiq File infector 01/06/03 W97M.TH.Int File infector 01/06/03 BAT.YpocPX File infector 01/04/03 Backdoor.OptixPro.10.c File infector 01/04/03 Fidel File and Boot infector 01/04/03 W32.HLLW.Backzat.C File infector 01/04/03 W32.HLLW.GOP.F@mm File infector 01/04/03 W32.Flita File infector 01/03/03 W32.Kwbot.B.Worm File infector 01/03/03 W32.campurf@mm File infector 01/03/03 Trojan.Dasmin File infector 01/02/03 Trojan.Unblockee File infector 01/02/03 W32.Recory@mm File infector 01/02/03 Killboot.145 (b) Boot infector 12/31/02 OL.281.b File infector 12/31/02 PWSteal.Rimd File infector 12/31/02 SillyC.235 File infector 12/31/02 SillyC.241.b(2) File infector 12/31/02 SillyC.544 File infector 12/31/02 SillyRCE.490 File infector 12/31/02 Trojan.Killboot File infector 12/31/02 V.594 File infector 12/31/02 VBS.Celeron.B.Worm File infector 12/31/02 VBS.Fit.A File infector 12/31/02 VCL.579 File infector 12/31/02 W32.HLLW.Backzat.B File infector 12/31/02 W32.Yaha.L@mm File infector 12/31/02 W97M.Killboot File infector 12/31/02 Yukon.866 File infector 12/31/02 Anad.725 File infector 12/30/02 Anarchy.1268 File infector 12/30/02 Anarchy.300 File infector 12/30/02 Backdoor.Assasin.D File infector 12/30/02 WM.NOP.AB File infector 12/30/02 X97M.Fireal File infector 12/30/02 Backdoor.Cow File infector 12/27/02 Backdoor.NetDevil.B File infector 12/27/02 Tiny.family File infector 12/27/02 W32.HLLW.Sodabot File infector 12/27/02 W97M.Ciga@mm File infector 12/27/02 Ale.1911 File infector 12/26/02 Alien.480 File infector 12/26/02 April.426 File infector 12/26/02 Editz.656 File infector 12/26/02 I13.Albi.2180 File infector 12/26/02 VBS.Seniat File infector 12/26/02 W32.Backzat.Worm File infector 12/26/02 W32.HLLW.Zule File infector 12/26/02 W32.Yaha.K@mm File infector 12/26/02 W97M.MPPN2 File infector 12/26/02 W97M.SMVC File infector 12/26/02 W97M.Seniat File infector 12/26/02 Backdoor.NetTrojan File infector 12/24/02 JS.Frist File infector 12/24/02 Neurot.568 File infector 12/24/02 Trivial.223 File infector 12/24/02 VBS.Celeron.Worm File infector 12/24/02 VBS.K-Osb@mm File infector 12/24/02 VBS.Sysnom@mm File infector 12/24/02 W32.Duksten.D@mm File infector 12/24/02 W32.Duksten.E@mm File infector 12/24/02 W32.Opaserv.K.Worm File infector 12/24/02 W32.Orfina@mm File infector 12/24/02 W97M.Bluduag File infector 12/24/02 W97M.Goto File infector 12/24/02 AFV.517 File infector 12/23/02 AI22.1659 File infector 12/23/02 Adindi.1976 File infector 12/23/02 Adrenaline.552 File infector 12/23/02 Backdoor.Lala File infector 12/23/02 Backdoor.Servsax File infector 12/23/02 Backdoor.Upfudoor File infector 12/23/02 Ternopol.1653 File infector 12/23/02 W32.Erdine File infector 12/23/02 AD.206 File infector 12/20/02 Acy.790 File infector 12/20/02 Backdoor.Hornet File infector 12/20/02 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ BAT.Junkboat@mm to W32.Enerlam.2774 12/05/02 Backdoor.Dumba to Trojan.Dumba 09/23/02 Backdoor.Floodnet to Backdoor.Endool 11/13/02 Bin.Auto.AZL to PS-MPC.535.B 09/13/02 Cruiser.1120 to Cruiser.1120.Int 11/26/02 Dik.1393 to Dik.1393.Int 11/26/02 HLLC.HappyFlowers to W32.HLLC.Happylow 09/11/02 IRC.Pelic.Worm to VBS.Pelic.Worm 10/02/02 Lonig.INT to Lonig.Kit 11/26/02 Syst.1665 to AOD.385.B 10/28/02 TAVC.Jazva to Jazva.686 11/26/02 Trojan.Imiserv to Backdoor.Imiserv 09/19/02 Trojan.PWS.QQPass.gKb6 to Trojan.PWS.QQPass.C 10/18/02 VBS.Likun@mm to VBS.Likun 11/05/02 VBS.Pica@m to VBS.Pica@mm 12/11/02 VBS.Thambl to VBS.Lavra.B.Worm 09/12/02 W32.Alcarys.H to W32.HLLP.Flate 09/11/02 W32.Alcatap.Worm to W32.Hobble.F@mm 11/08/02 W32.Alpoor.6144 to W32.HLLP.Alpoor 09/20/02 W32.Appix.H.Worm to Backdoor.OptixPro.10.b 12/18/02 W32.Efno.Worm to W32.HLLW.Efno 09/16/02 W32.Fanta.B.Worm to Fanta.Trojan.Dr 11/06/02 W32.Fanta.worm to Fanta.Trojan 11/06/02 W32.Gezak to W32.Prodvin 11/06/02 W32.HLLO.Mario to W32.HLLO.Marion 11/08/02 W32.HLLO.Samand to W32.HLLC.Samand 10/10/02 W32.HLLP.Alpoor to W32.HLLP.Flate.C 09/25/02 W32.HLLW.GOP.F@mm to W32.HLLW.Wangy@mm 01/07/03 W32.HLLW.Smilex to W32.Stupid.D 11/08/02 W32.HLLW.Stiq to W32.HLLW.Stiq@mm 01/07/03 W32.Holar.C@mm to W32.Galil@mm 12/05/02 W32.Jonbarr.B@mm to W32.Jonbarr.C@mm 11/12/02 W32.Manex.Worm to W32.HLLW.Manex 11/12/02 W32.Protex.Worm to W32.Duksten.B@mm 10/24/02 W32.Seesix.Worm to W32.HLLP.VB.14336.C 11/04/02 W32.Topsec.Worm to W32.Topsec 10/14/02 W32.Tossed@mm to HLLW.Tossed@mm 11/06/02 W32.Walcomp to W32.HLLC.Happylow 09/13/02 W32.Wun.Irc to W32.Wuno.Irc 11/08/02 W32.campurf@mm to W32.Campurf@mm 01/04/03 W95.CIH.1094 to W95.CIH.1106 11/20/02 W95.Sleepyhead to W95.Sleepyhead.5632 10/22/02 W97M.QWERTY to W97M.WERTY 12/17/02 W97M.Swatch to W97M.Spwatch 12/04/02 W97M.Thus.bi to W97M.Thus.BI 11/19/02 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ W32.HLLW.GOP.F@mm to W32.HLLW.Wangy@mm 01/07/03 W32.HLLW.Stiq to W32.HLLW.Stiq@mm 01/07/03 W32.campurf@mm to W32.Campurf@mm 01/04/03 W32.Appix.H.Worm to Backdoor.OptixPro.10.b 12/18/02 W97M.QWERTY to W97M.WERTY 12/17/02 VBS.Pica@m to VBS.Pica@mm 12/11/02 BAT.Junkboat@mm to W32.Enerlam.2774 12/05/02 W32.Holar.C@mm to W32.Galil@mm 12/05/02 W97M.Swatch to W97M.Spwatch 12/04/02 Cruiser.1120 to Cruiser.1120.Int 11/26/02 Dik.1393 to Dik.1393.Int 11/26/02 Lonig.INT to Lonig.Kit 11/26/02 TAVC.Jazva to Jazva.686 11/26/02 W95.CIH.1094 to W95.CIH.1106 11/20/02 W97M.Thus.bi to W97M.Thus.BI 11/19/02 Backdoor.Floodnet to Backdoor.Endool 11/13/02 W32.Jonbarr.B@mm to W32.Jonbarr.C@mm 11/12/02 W32.Manex.Worm to W32.HLLW.Manex 11/12/02 W32.Alcatap.Worm to W32.Hobble.F@mm 11/08/02 W32.HLLO.Mario to W32.HLLO.Marion 11/08/02 W32.HLLW.Smilex to W32.Stupid.D 11/08/02 W32.Wun.Irc to W32.Wuno.Irc 11/08/02 W32.Fanta.B.Worm to Fanta.Trojan.Dr 11/06/02 W32.Fanta.worm to Fanta.Trojan 11/06/02 W32.Gezak to W32.Prodvin 11/06/02 W32.Tossed@mm to HLLW.Tossed@mm 11/06/02 VBS.Likun@mm to VBS.Likun 11/05/02 W32.Seesix.Worm to W32.HLLP.VB.14336.C 11/04/02 Syst.1665 to AOD.385.B 10/28/02 W32.Protex.Worm to W32.Duksten.B@mm 10/24/02 W95.Sleepyhead to W95.Sleepyhead.5632 10/22/02 Trojan.PWS.QQPass.gKb6 to Trojan.PWS.QQPass.C 10/18/02 W32.Topsec.Worm to W32.Topsec 10/14/02 W32.HLLO.Samand to W32.HLLC.Samand 10/10/02 IRC.Pelic.Worm to VBS.Pelic.Worm 10/02/02 W32.HLLP.Alpoor to W32.HLLP.Flate.C 09/25/02 Backdoor.Dumba to Trojan.Dumba 09/23/02 W32.Alpoor.6144 to W32.HLLP.Alpoor 09/20/02 Trojan.Imiserv to Backdoor.Imiserv 09/19/02 W32.Efno.Worm to W32.HLLW.Efno 09/16/02 Bin.Auto.AZL to PS-MPC.535.B 09/13/02 W32.Walcomp to W32.HLLC.Happylow 09/13/02 VBS.Thambl to VBS.Lavra.B.Worm 09/12/02 HLLC.HappyFlowers to W32.HLLC.Happylow 09/11/02 W32.Alcarys.H to W32.HLLP.Flate 09/11/02 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ BAT911.Worm File infector 11/05/02 Bin.Auto.CAQ File infector 12/04/02 HLLO.Gotov.5488 File infector 12/11/02 JS.WindowBomb File infector 09/26/02 VBS.Breberka@mm File infector 10/29/02 VBS.Draft@mm File infector 10/29/02 VBS.Futonik@mm File infector 10/29/02 W32.Compo File infector 10/21/02 W32.HLLC.Happylow File infector 09/13/02 W32.Hotlix.Worm File infector 11/12/02 W32.Wahwah@mm File infector 12/09/02 W97M.Pane File infector 10/11/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ HLLO.Gotov.5488 File infector 12/11/02 W32.Wahwah@mm File infector 12/09/02 Bin.Auto.CAQ File infector 12/04/02 W32.Hotlix.Worm File infector 11/12/02 BAT911.Worm File infector 11/05/02 VBS.Breberka@mm File infector 10/29/02 VBS.Draft@mm File infector 10/29/02 VBS.Futonik@mm File infector 10/29/02 W32.Compo File infector 10/21/02 W97M.Pane File infector 10/11/02 JS.WindowBomb File infector 09/26/02 W32.HLLC.Happylow File infector 09/13/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.