********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response March 06, 2003 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses, worldwide: 1 W32.Klez.H@mm 2 W32.Sobig.A@mm 3 Trojan Horse 4 W32.Yaha.K@mm 5 HTML.Redlof.A 6 W32.Bugbear@mm 7 W32.Lirva.A@mm 8 W95.Hybris.worm 9 W95.Spaces.1445 10 W32.FunLove.4099 ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- ASCII.613 File infector 03/03/03 Alive.3800 File infector 02/27/03 BAT.Xaron@mm File infector 02/27/03 Backdoor.Acidoor File infector 02/25/03 Backdoor.Assasin.E File infector 02/20/03 Backdoor.Beasty.C File infector 02/25/03 Backdoor.Darmenu File infector 03/06/03 Backdoor.Gapin File infector 02/27/03 Backdoor.IRC.Yoink File infector 02/24/03 Backdoor.Khaos File infector 02/20/03 Backdoor.PSpider.310 File infector 02/25/03 Backdoor.Redkod File infector 02/26/03 Backdoor.Snowdoor File infector 02/20/03 Backdoor.SubSari.15 File infector 03/04/03 Backdoor.SubSeven.2.15 File infector 03/04/03 Backdoor.Unifida File infector 02/24/03 Backdoor.Zdown File infector 02/25/03 HLLO.Nedal.17174 File infector 02/25/03 HLLP.Roro File infector 02/25/03 HLLP.Vp.8192 File infector 02/20/03 Hello.447 File infector 03/06/03 Jeru.1733 File infector 02/25/03 Nomad.1322 File infector 03/06/03 Nomov.413 File infector 02/27/03 Rebel.906 File infector 02/26/03 Retro.522 File infector 02/27/03 SGH.949 File infector 02/21/03 Salamank.2700 File infector 02/27/03 SillyC.163.i File infector 03/03/03 SillyC.200.g File infector 03/06/03 SillyC.279.a File infector 03/03/03 SillyC.279.b File infector 03/03/03 SillyC.279.c File infector 03/03/03 SillyE.327 File infector 03/03/03 SillyOC.115 File infector 03/06/03 SillyOC.77 File infector 03/03/03 SillyOC.78 File infector 02/27/03 SillyOE.255 File infector 03/06/03 Tellafriend.Trojan File infector 02/20/03 Trivial.46.c File infector 03/03/03 Trivial.48.b File infector 03/03/03 Trojan.Atcpa File infector 03/06/03 Trojan.Barjac File infector 02/26/03 Trojan.Grepage File infector 02/25/03 Trojan.Idly File infector 02/21/03 Trojan.Poot File infector 03/04/03 Trojan.Stealther File infector 03/03/03 V.187 File infector 03/03/03 VBS.Caser@mm File infector 02/20/03 VBS.Clyon@mm File infector 02/24/03 VBS.Doggy@mm File infector 02/27/03 VBS.Gaggle.C File infector 03/05/03 VBS.Grouch@mm File infector 02/27/03 VBS.Ikarus File infector 02/24/03 VBS.Krim.D@mm File infector 02/25/03 VBS.Krim.E@mm File infector 03/04/03 VBS.Lisa.A@mm File infector 02/26/03 VBS.Lunnet.A File infector 03/06/03 VBS.MetSex@mm File infector 03/04/03 VBS.Naughtypic File infector 03/06/03 VBS.Trojan.Lovcx File infector 02/26/03 W32.AimVen.Worm File infector 03/04/03 W32.Duksten.L@mm File infector 03/06/03 W32.Evul.8192.F File infector 03/06/03 W32.Gibe.B@mm File infector 02/26/03 W32.HLLC.Hide File infector 03/06/03 W32.HLLO.Cewalk File infector 03/06/03 W32.HLLP.Tweder File infector 03/06/03 W32.HLLW.Ajja File infector 03/05/03 W32.HLLW.Breat File infector 02/24/03 W32.HLLW.Cult@mm File infector 02/27/03 W32.HLLW.Cydog@mm File infector 02/26/03 W32.HLLW.Dormer.B File infector 03/06/03 W32.HLLW.Dormin.A@mm File infector 03/06/03 W32.HLLW.Iglamer File infector 02/27/03 W32.HLLW.Lamado@mm File infector 02/27/03 W32.HLLW.Lovgate.C@mm File infector 02/24/03 W32.HLLW.Lovgate.D@mm File infector 02/25/03 W32.HLLW.Lovgate.E@mm File infector 03/04/03 W32.HLLW.Netsp File infector 03/06/03 W32.HLLW.Oror.Z@mm File infector 03/03/03 W32.HLLW.Poter File infector 02/24/03 W32.HLLW.Rimnod@mm File infector 02/24/03 W32.HLLW.Zackfoo File infector 02/24/03 W32.Hscr File infector 03/06/03 W32.Missu.1757 File infector 03/06/03 W32.Slackor File infector 03/06/03 W32.Vorcan File infector 03/06/03 W32.Yaha.P@mm File infector 03/04/03 W32.Yinker.Trojan File infector 02/21/03 W32.Zokrim.B@mm File infector 03/04/03 W97M.Automat.AGY File infector 02/27/03 W97M.Ira.C File infector 02/27/03 W97M.MBop.int File infector 02/27/03 W97M.X3 File infector 02/24/03 Win.HLLC.Lodex File infector 03/06/03 X97M.Linik File infector 03/03/03 X97M.Rawo File infector 02/26/03 X97M.Romlax File infector 03/03/03 Yougdos.Worm File infector 03/06/03 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Darmenu File infector 03/06/03 Hello.447 File infector 03/06/03 Nomad.1322 File infector 03/06/03 SillyC.200.g File infector 03/06/03 SillyOC.115 File infector 03/06/03 SillyOE.255 File infector 03/06/03 Trojan.Atcpa File infector 03/06/03 VBS.Lunnet.A File infector 03/06/03 VBS.Naughtypic File infector 03/06/03 W32.Duksten.L@mm File infector 03/06/03 W32.Evul.8192.F File infector 03/06/03 W32.HLLC.Hide File infector 03/06/03 W32.HLLO.Cewalk File infector 03/06/03 W32.HLLP.Tweder File infector 03/06/03 W32.HLLW.Dormer.B File infector 03/06/03 W32.HLLW.Dormin.A@mm File infector 03/06/03 W32.HLLW.Netsp File infector 03/06/03 W32.Hscr File infector 03/06/03 W32.Missu.1757 File infector 03/06/03 W32.Slackor File infector 03/06/03 W32.Vorcan File infector 03/06/03 Win.HLLC.Lodex File infector 03/06/03 Yougdos.Worm File infector 03/06/03 VBS.Gaggle.C File infector 03/05/03 W32.HLLW.Ajja File infector 03/05/03 Backdoor.SubSari.15 File infector 03/04/03 Backdoor.SubSeven.2.15 File infector 03/04/03 Trojan.Poot File infector 03/04/03 VBS.Krim.E@mm File infector 03/04/03 VBS.MetSex@mm File infector 03/04/03 W32.AimVen.Worm File infector 03/04/03 W32.HLLW.Lovgate.E@mm File infector 03/04/03 W32.Yaha.P@mm File infector 03/04/03 W32.Zokrim.B@mm File infector 03/04/03 ASCII.613 File infector 03/03/03 SillyC.163.i File infector 03/03/03 SillyC.279.a File infector 03/03/03 SillyC.279.b File infector 03/03/03 SillyC.279.c File infector 03/03/03 SillyE.327 File infector 03/03/03 SillyOC.77 File infector 03/03/03 Trivial.46.c File infector 03/03/03 Trivial.48.b File infector 03/03/03 Trojan.Stealther File infector 03/03/03 V.187 File infector 03/03/03 W32.HLLW.Oror.Z@mm File infector 03/03/03 X97M.Linik File infector 03/03/03 X97M.Romlax File infector 03/03/03 Alive.3800 File infector 02/27/03 BAT.Xaron@mm File infector 02/27/03 Backdoor.Gapin File infector 02/27/03 Nomov.413 File infector 02/27/03 Retro.522 File infector 02/27/03 Salamank.2700 File infector 02/27/03 SillyOC.78 File infector 02/27/03 VBS.Doggy@mm File infector 02/27/03 VBS.Grouch@mm File infector 02/27/03 W32.HLLW.Cult@mm File infector 02/27/03 W32.HLLW.Iglamer File infector 02/27/03 W32.HLLW.Lamado@mm File infector 02/27/03 W97M.Automat.AGY File infector 02/27/03 W97M.Ira.C File infector 02/27/03 W97M.MBop.int File infector 02/27/03 Backdoor.Redkod File infector 02/26/03 Rebel.906 File infector 02/26/03 Trojan.Barjac File infector 02/26/03 VBS.Lisa.A@mm File infector 02/26/03 VBS.Trojan.Lovcx File infector 02/26/03 W32.Gibe.B@mm File infector 02/26/03 W32.HLLW.Cydog@mm File infector 02/26/03 X97M.Rawo File infector 02/26/03 Backdoor.Acidoor File infector 02/25/03 Backdoor.Beasty.C File infector 02/25/03 Backdoor.PSpider.310 File infector 02/25/03 Backdoor.Zdown File infector 02/25/03 HLLO.Nedal.17174 File infector 02/25/03 HLLP.Roro File infector 02/25/03 Jeru.1733 File infector 02/25/03 Trojan.Grepage File infector 02/25/03 VBS.Krim.D@mm File infector 02/25/03 W32.HLLW.Lovgate.D@mm File infector 02/25/03 Backdoor.IRC.Yoink File infector 02/24/03 Backdoor.Unifida File infector 02/24/03 VBS.Clyon@mm File infector 02/24/03 VBS.Ikarus File infector 02/24/03 W32.HLLW.Breat File infector 02/24/03 W32.HLLW.Lovgate.C@mm File infector 02/24/03 W32.HLLW.Poter File infector 02/24/03 W32.HLLW.Rimnod@mm File infector 02/24/03 W32.HLLW.Zackfoo File infector 02/24/03 W97M.X3 File infector 02/24/03 SGH.949 File infector 02/21/03 Trojan.Idly File infector 02/21/03 W32.Yinker.Trojan File infector 02/21/03 Backdoor.Assasin.E File infector 02/20/03 Backdoor.Khaos File infector 02/20/03 Backdoor.Snowdoor File infector 02/20/03 HLLP.Vp.8192 File infector 02/20/03 Tellafriend.Trojan File infector 02/20/03 VBS.Caser@mm File infector 02/20/03 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ BAT.Junkboat@mm to W32.Enerlam.2774 12/05/02 Backdoor.Floodnet to Backdoor.Endool 11/13/02 Backdoor.Qforager to Trojan.Qforager 01/22/03 Backdoor.Tkbot to W32.Tkbot.Worm 02/12/03 Backdoor.Zix to Backdoor.Zyxerv 03/06/03 Cruiser.1120 to Cruiser.1120.Int 11/26/02 Dik.1393 to Dik.1393.Int 11/26/02 HLLP.Roro to HLLO.Nedal.17174 (1) 02/27/03 Lonig.INT to Lonig.Kit 11/26/02 Syst.1665 to AOD.385.B 10/28/02 TAVC.Jazva to Jazva.686 11/26/02 TPE.cw.1915 to TPE.cw 01/08/03 VBS.Betta.A to BAT.Betta.A 01/16/03 VBS.Doggy@mm to HLLP.Roro 02/27/03 VBS.Likun@mm to VBS.Likun 11/05/02 VBS.Pica@m to VBS.Pica@mm 12/11/02 W32.Alcatap.Worm to W32.Hobble.F@mm 11/08/02 W32.Appix.H.Worm to Backdoor.OptixPro.10.b 12/18/02 W32.Asterz@mm to W32.HLLW.Asterz.intd 01/20/03 W32.Bagif.Worm to W32.Bagif 02/10/03 W32.Fanta.B.Worm to Fanta.Trojan.Dr 11/06/02 W32.Fanta.worm to Fanta.Trojan 11/06/02 W32.Gezak to W32.Prodvin 11/06/02 W32.HLLO.Mario to W32.HLLO.Marion 11/08/02 W32.HLLW.Backzat.F to W32.HLLW.Backzat.G 01/23/03 W32.HLLW.Eissa to W32.HLLW.Cassidy.B 02/27/03 W32.HLLW.GOP.F@mm to W32.HLLW.Wangy@mm 01/07/03 W32.HLLW.Gotit to W32.Titog.B.Worm 01/09/03 W32.HLLW.Kifie to W32.HLLW.Backzat.H 02/05/03 W32.HLLW.Lovgate to W32.HLLW.Lovgate@mm 02/20/03 W32.HLLW.Oror.Z@mm to W32.HLLW.Oror.AG@mm 03/04/03 W32.HLLW.Smilex to W32.Stupid.D 11/08/02 W32.HLLW.Stiq to W32.HLLW.Stiq@mm 01/07/03 W32.HLLW.Veednav.B to W32.HLLW.Veedna.B 01/15/03 W32.HLLW.Zackfoo to W32.Zackfoo 02/27/03 W32.Holar.C@mm to W32.Galil@mm 12/05/02 W32.Jonbarr.B@mm to W32.Jonbarr.C@mm 11/12/02 W32.Manex.Worm to W32.HLLW.Manex 11/12/02 W32.Momma to IRC.Momma.Worm 01/21/03 W32.Protex.Worm to W32.Duksten.B@mm 10/24/02 W32.Seesix.Worm to W32.HLLP.VB.14336.C 11/04/02 W32.Tossed@mm to HLLW.Tossed@mm 11/06/02 W32.Wun.Irc to W32.Wuno.Irc 11/08/02 W32.Yalat@mm to W32.Yalat.Worm 02/11/03 W32.campurf@mm to W32.Campurf@mm 01/04/03 W95.CIH.1094 to W95.CIH.1106 11/20/02 W97M.QWERTY to W97M.WERTY 12/17/02 W97M.Swatch to W97M.Spwatch 12/04/02 W97M.Thus.bi to W97M.Thus.BI 11/19/02 Zorm.695 to Zorm.family 01/21/03 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.Zix to Backdoor.Zyxerv 03/06/03 W32.HLLW.Oror.Z@mm to W32.HLLW.Oror.AG@mm 03/04/03 HLLP.Roro to HLLO.Nedal.17174 (1) 02/27/03 VBS.Doggy@mm to HLLP.Roro 02/27/03 W32.HLLW.Eissa to W32.HLLW.Cassidy.B 02/27/03 W32.HLLW.Zackfoo to W32.Zackfoo 02/27/03 W32.HLLW.Lovgate to W32.HLLW.Lovgate@mm 02/20/03 Backdoor.Tkbot to W32.Tkbot.Worm 02/12/03 W32.Yalat@mm to W32.Yalat.Worm 02/11/03 W32.Bagif.Worm to W32.Bagif 02/10/03 W32.HLLW.Kifie to W32.HLLW.Backzat.H 02/05/03 W32.HLLW.Backzat.F to W32.HLLW.Backzat.G 01/23/03 Backdoor.Qforager to Trojan.Qforager 01/22/03 W32.Momma to IRC.Momma.Worm 01/21/03 Zorm.695 to Zorm.family 01/21/03 W32.Asterz@mm to W32.HLLW.Asterz.intd 01/20/03 VBS.Betta.A to BAT.Betta.A 01/16/03 W32.HLLW.Veednav.B to W32.HLLW.Veedna.B 01/15/03 W32.HLLW.Gotit to W32.Titog.B.Worm 01/09/03 TPE.cw.1915 to TPE.cw 01/08/03 W32.HLLW.GOP.F@mm to W32.HLLW.Wangy@mm 01/07/03 W32.HLLW.Stiq to W32.HLLW.Stiq@mm 01/07/03 W32.campurf@mm to W32.Campurf@mm 01/04/03 W32.Appix.H.Worm to Backdoor.OptixPro.10.b 12/18/02 W97M.QWERTY to W97M.WERTY 12/17/02 VBS.Pica@m to VBS.Pica@mm 12/11/02 BAT.Junkboat@mm to W32.Enerlam.2774 12/05/02 W32.Holar.C@mm to W32.Galil@mm 12/05/02 W97M.Swatch to W97M.Spwatch 12/04/02 Cruiser.1120 to Cruiser.1120.Int 11/26/02 Dik.1393 to Dik.1393.Int 11/26/02 Lonig.INT to Lonig.Kit 11/26/02 TAVC.Jazva to Jazva.686 11/26/02 W95.CIH.1094 to W95.CIH.1106 11/20/02 W97M.Thus.bi to W97M.Thus.BI 11/19/02 Backdoor.Floodnet to Backdoor.Endool 11/13/02 W32.Jonbarr.B@mm to W32.Jonbarr.C@mm 11/12/02 W32.Manex.Worm to W32.HLLW.Manex 11/12/02 W32.Alcatap.Worm to W32.Hobble.F@mm 11/08/02 W32.HLLO.Mario to W32.HLLO.Marion 11/08/02 W32.HLLW.Smilex to W32.Stupid.D 11/08/02 W32.Wun.Irc to W32.Wuno.Irc 11/08/02 W32.Fanta.B.Worm to Fanta.Trojan.Dr 11/06/02 W32.Fanta.worm to Fanta.Trojan 11/06/02 W32.Gezak to W32.Prodvin 11/06/02 W32.Tossed@mm to HLLW.Tossed@mm 11/06/02 VBS.Likun@mm to VBS.Likun 11/05/02 W32.Seesix.Worm to W32.HLLP.VB.14336.C 11/04/02 Syst.1665 to AOD.385.B 10/28/02 W32.Protex.Worm to W32.Duksten.B@mm 10/24/02 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ BAT911.Worm File infector 11/05/02 Bin.Auto.CAQ File infector 12/04/02 HLLO.Gotov.5488 File infector 12/11/02 JS.WindowBomb File infector 09/26/02 VBS.Breberka@mm File infector 10/29/02 VBS.Draft@mm File infector 10/29/02 VBS.Futonik@mm File infector 10/29/02 W32.Compo File infector 10/21/02 W32.HLLC.Happylow File infector 09/13/02 W32.Hotlix.Worm File infector 11/12/02 W32.Wahwah@mm File infector 12/09/02 W97M.Pane File infector 10/11/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ HLLO.Gotov.5488 File infector 12/11/02 W32.Wahwah@mm File infector 12/09/02 Bin.Auto.CAQ File infector 12/04/02 W32.Hotlix.Worm File infector 11/12/02 BAT911.Worm File infector 11/05/02 VBS.Breberka@mm File infector 10/29/02 VBS.Draft@mm File infector 10/29/02 VBS.Futonik@mm File infector 10/29/02 W32.Compo File infector 10/21/02 W97M.Pane File infector 10/11/02 JS.WindowBomb File infector 09/26/02 W32.HLLC.Happylow File infector 09/13/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.