********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response April 09, 2003 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for March 2003, worldwide: 1 W32.Klez.H@mm 2 Trojan Horse 3 HTML.Redlof.A 4 Backdoor.Dvldr 5 IRC Trojan 6 W95.Hybris.worm 7 W95.Spaces.1445 8 W32.FunLove.4099 9 W32.Nimda.E@mm 10 W32.HLLW.Deloder ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Backdoor.Beasty.F File infector 03/31/03 Backdoor.Delf.F File infector 04/01/03 Backdoor.FTP_Ana.C File infector 03/28/03 Backdoor.FTP_Ana.D File infector 04/08/03 Backdoor.Fluxay File infector 03/26/03 Backdoor.Graybird File infector 04/02/03 Backdoor.OptixDDoS File infector 04/04/03 Backdoor.OptixPro.12.b File infector 03/26/03 Backdoor.Rsbot File infector 03/25/03 Backdoor.Sdbot.F File infector 04/01/03 Backdoor.Tankedoor File infector 04/04/03 Backdoor.Turkojan File infector 03/28/03 Backdoor.VB.ff File infector 04/01/03 Backdoor.Zombam File infector 04/07/03 HLLP.5653 File infector 04/09/03 HLLP.8448 File infector 04/09/03 HLLP.Petio File infector 04/09/03 HLLP.Vir.8563 File infector 03/20/03 HLLW.Mrweb.4173 File infector 03/20/03 Happer.648 File infector 03/25/03 Intruder.1322 File infector 03/24/03 JS.Fortnight.B File infector 03/20/03 JS.Mountoni@mm File infector 03/21/03 JS.Weblog File infector 03/28/03 JS.Zalma@mm File infector 03/21/03 Lemming.2058 File infector 04/08/03 PWSteal.Hukle File infector 04/07/03 Reom.Trojan File infector 04/04/03 SillyCER.942 File infector 03/24/03 Small.264 File infector 03/26/03 Trivial.47.a File infector 03/25/03 Trojan.AprilFool File infector 04/04/03 VBS.Alcaul.B@mm File infector 04/01/03 VBS.Alcaul.Gen File infector 04/04/03 VBS.Boost@mm File infector 03/24/03 VBS.DDV File infector 03/21/03 VBS.Ereglili@mm File infector 03/26/03 VBS.HPWG.gen File infector 03/21/03 VBS.Interor File infector 03/21/03 VBS.Lolo File infector 03/24/03 VBS.SST.B@mm File infector 04/01/03 VBS.Suconelo File infector 03/20/03 VBS.Super File infector 03/20/03 VBS.Vmort File infector 04/02/03 VBS.WSHWC.gen@mm File infector 03/21/03 VBS.Ymale@mm File infector 03/21/03 W32.Adurk@mm File infector 04/02/03 W32.Aidonz File infector 04/02/03 W32.Alcaul.Kit File infector 04/04/03 W32.Ashley@mm File infector 04/02/03 W32.Dabra File infector 04/02/03 W32.Evom File infector 04/02/03 W32.Flocker.Worm File infector 03/21/03 W32.Fourseman.A File infector 04/08/03 W32.Gedaz File infector 04/02/03 W32.Ghotex.A File infector 04/07/03 W32.HLLC.Debar File infector 04/02/03 W32.HLLC.Vbinfer File infector 04/02/03 W32.HLLP.Systemp File infector 03/24/03 W32.HLLP.Taris File infector 04/02/03 W32.HLLW.Amerx File infector 04/02/03 W32.HLLW.Antilope File infector 04/02/03 W32.HLLW.Cult.B@mm File infector 04/01/03 W32.HLLW.Cult.C@mm File infector 04/02/03 W32.HLLW.Gaobot.P File infector 04/04/03 W32.HLLW.Halfint File infector 04/02/03 W32.HLLW.Lovgate.G@mm File infector 03/25/03 W32.HLLW.Shya File infector 04/02/03 W32.HLLW.Suava File infector 03/27/03 W32.HLLW.Winur.B File infector 03/24/03 W32.Hapween.Worm File infector 03/21/03 W32.Kwbot.E.Worm File infector 03/27/03 W32.Kwbot.F.Worm File infector 04/07/03 W32.Makecall.Trojan File infector 04/01/03 W32.Nixcon File infector 04/02/03 W32.Passma File infector 04/02/03 W32.Refoav@mm File infector 04/08/03 W32.Rondo File infector 04/02/03 W32.Sahay.C@mm File infector 03/31/03 W32.Spinac@mm File infector 03/20/03 W32.Tinyr File infector 04/02/03 W32.Trab File infector 04/02/03 W32.Yaha.I@mm File infector 03/26/03 W32.ZedMac.Kit File infector 04/08/03 W95.Tenrobot File infector 04/04/03 W97M.AntiCon File infector 03/21/03 W97M.Ashraf File infector 04/01/03 W97M.Lucy File infector 04/07/03 W97M.Minimal.BZ File infector 03/24/03 W97M.Minimal.CA File infector 03/24/03 W97M.Minimal.CB File infector 03/24/03 W97M.SFC@mm File infector 03/25/03 W97M.Virugoer File infector 04/02/03 W97M.Vtine File infector 03/24/03 W97M.Wazzu.AW File infector 03/24/03 W97M.Wazzu.DV File infector 03/25/03 WM.Bumble File infector 03/25/03 X97M.Phoneman File infector 03/28/03 Xeno.1968 (x) File infector 03/24/03 Xian.1917 File infector 03/24/03 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- HLLP.5653 File infector 04/09/03 HLLP.8448 File infector 04/09/03 HLLP.Petio File infector 04/09/03 Backdoor.FTP_Ana.D File infector 04/08/03 Lemming.2058 File infector 04/08/03 W32.Fourseman.A File infector 04/08/03 W32.Refoav@mm File infector 04/08/03 W32.ZedMac.Kit File infector 04/08/03 Backdoor.Zombam File infector 04/07/03 PWSteal.Hukle File infector 04/07/03 W32.Ghotex.A File infector 04/07/03 W32.Kwbot.F.Worm File infector 04/07/03 W97M.Lucy File infector 04/07/03 Backdoor.OptixDDoS File infector 04/04/03 Backdoor.Tankedoor File infector 04/04/03 Reom.Trojan File infector 04/04/03 Trojan.AprilFool File infector 04/04/03 VBS.Alcaul.Gen File infector 04/04/03 W32.Alcaul.Kit File infector 04/04/03 W32.HLLW.Gaobot.P File infector 04/04/03 W95.Tenrobot File infector 04/04/03 Backdoor.Graybird File infector 04/02/03 VBS.Vmort File infector 04/02/03 W32.Adurk@mm File infector 04/02/03 W32.Aidonz File infector 04/02/03 W32.Ashley@mm File infector 04/02/03 W32.Dabra File infector 04/02/03 W32.Evom File infector 04/02/03 W32.Gedaz File infector 04/02/03 W32.HLLC.Debar File infector 04/02/03 W32.HLLC.Vbinfer File infector 04/02/03 W32.HLLP.Taris File infector 04/02/03 W32.HLLW.Amerx File infector 04/02/03 W32.HLLW.Antilope File infector 04/02/03 W32.HLLW.Cult.C@mm File infector 04/02/03 W32.HLLW.Halfint File infector 04/02/03 W32.HLLW.Shya File infector 04/02/03 W32.Nixcon File infector 04/02/03 W32.Passma File infector 04/02/03 W32.Rondo File infector 04/02/03 W32.Tinyr File infector 04/02/03 W32.Trab File infector 04/02/03 W97M.Virugoer File infector 04/02/03 Backdoor.Delf.F File infector 04/01/03 Backdoor.Sdbot.F File infector 04/01/03 Backdoor.VB.ff File infector 04/01/03 VBS.Alcaul.B@mm File infector 04/01/03 VBS.SST.B@mm File infector 04/01/03 W32.HLLW.Cult.B@mm File infector 04/01/03 W32.Makecall.Trojan File infector 04/01/03 W97M.Ashraf File infector 04/01/03 Backdoor.Beasty.F File infector 03/31/03 W32.Sahay.C@mm File infector 03/31/03 Backdoor.FTP_Ana.C File infector 03/28/03 Backdoor.Turkojan File infector 03/28/03 JS.Weblog File infector 03/28/03 X97M.Phoneman File infector 03/28/03 W32.HLLW.Suava File infector 03/27/03 W32.Kwbot.E.Worm File infector 03/27/03 Backdoor.Fluxay File infector 03/26/03 Backdoor.OptixPro.12.b File infector 03/26/03 Small.264 File infector 03/26/03 VBS.Ereglili@mm File infector 03/26/03 W32.Yaha.I@mm File infector 03/26/03 Backdoor.Rsbot File infector 03/25/03 Happer.648 File infector 03/25/03 Trivial.47.a File infector 03/25/03 W32.HLLW.Lovgate.G@mm File infector 03/25/03 W97M.SFC@mm File infector 03/25/03 W97M.Wazzu.DV File infector 03/25/03 WM.Bumble File infector 03/25/03 Intruder.1322 File infector 03/24/03 SillyCER.942 File infector 03/24/03 VBS.Boost@mm File infector 03/24/03 VBS.Lolo File infector 03/24/03 W32.HLLP.Systemp File infector 03/24/03 W32.HLLW.Winur.B File infector 03/24/03 W97M.Minimal.BZ File infector 03/24/03 W97M.Minimal.CA File infector 03/24/03 W97M.Minimal.CB File infector 03/24/03 W97M.Vtine File infector 03/24/03 W97M.Wazzu.AW File infector 03/24/03 Xeno.1968 (x) File infector 03/24/03 Xian.1917 File infector 03/24/03 JS.Mountoni@mm File infector 03/21/03 JS.Zalma@mm File infector 03/21/03 VBS.DDV File infector 03/21/03 VBS.HPWG.gen File infector 03/21/03 VBS.Interor File infector 03/21/03 VBS.WSHWC.gen@mm File infector 03/21/03 VBS.Ymale@mm File infector 03/21/03 W32.Flocker.Worm File infector 03/21/03 W32.Hapween.Worm File infector 03/21/03 W97M.AntiCon File infector 03/21/03 HLLP.Vir.8563 File infector 03/20/03 HLLW.Mrweb.4173 File infector 03/20/03 JS.Fortnight.B File infector 03/20/03 VBS.Suconelo File infector 03/20/03 VBS.Super File infector 03/20/03 W32.Spinac@mm File infector 03/20/03 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.Beasty.E to Backdoor.Plux 03/11/03 Backdoor.Colfuser to Backdoor.Coldfusion 03/20/03 Backdoor.Plux to Backdoor.Beasty.E 03/11/03 Backdoor.Qforager to Trojan.Qforager 01/22/03 Backdoor.Tkbot to W32.Tkbot.Worm 02/12/03 Backdoor.Zix to Backdoor.Zyxerv 03/06/03 HLLP.Roro to HLLO.Nedal.17174 (1) 02/27/03 MAC.Simpsons@mm to MacOS.Simpsons@mm 03/12/03 Mac.Autostart to MacOS.Autostart 03/12/03 Mac.CPro to MacOS.CPro 03/12/03 Mac.ChinaTalk to MacOS.ChinaTalk 03/12/03 Mac.CursorPrank to MacOS.CursorPrank 03/12/03 Mac.DimWit to MacOS.DimWit 03/12/03 Mac.FontFinder to MacOS.FontFinder 03/12/03 Mac.Frankie to MacOS.Frankie 03/12/03 Mac.HotlineDelete to MacOS.HotlineDelete 03/12/03 Mac.HotlineServer to MacOS.HotlineServer 03/12/03 Mac.Mosaic to MacOS.Mosaic 03/12/03 Mac.NVP to MacOS.NVP 03/12/03 Mac.NaughtyLeftovers to MacOS.NaughtyLeftovers 03/12/03 Mac.Oldgirl to MacOS.Oldgirl 03/12/03 Mac.Scores to MacOS.Scores 03/12/03 Mac.Steroid to MacOS.Steroid 03/12/03 Mac.VirusInfo to MacOS.VirusInfo 03/12/03 TPE.cw.1915 to TPE.cw 01/08/03 Trojan.Poot to Trojan.Slanret.B 04/04/03 VBS.Betta.A to BAT.Betta.A 01/16/03 VBS.Bulbas.B to VBS.Bulbas.B@mm 03/11/03 VBS.Doggy@mm to HLLP.Roro 02/27/03 W32.Asterz@mm to W32.HLLW.Asterz.intd 01/20/03 W32.Bagif.Worm to W32.Bagif 02/10/03 W32.Deborm.Worm to W32.HLLW.Deborms.B 03/14/03 W32.HLLW.Backzat.F to W32.HLLW.Backzat.G 01/23/03 W32.HLLW.Begbie@mm to W32.Gibe.C@mm 03/19/03 W32.HLLW.Der@mm to W32.Vote.D@mm 03/21/03 W32.HLLW.Eissa to W32.HLLW.Cassidy.B 02/27/03 W32.HLLW.GOP.F@mm to W32.HLLW.Wangy@mm 01/07/03 W32.HLLW.Gotit to W32.Titog.B.Worm 01/09/03 W32.HLLW.Kifie to W32.HLLW.Backzat.H 02/05/03 W32.HLLW.Lovgate to W32.HLLW.Lovgate@mm 02/20/03 W32.HLLW.Oror.Z@mm to W32.HLLW.Oror.AG@mm 03/04/03 W32.HLLW.Stiq to W32.HLLW.Stiq@mm 01/07/03 W32.HLLW.Veednav.B to W32.HLLW.Veedna.B 01/15/03 W32.HLLW.Zackfoo to W32.Zackfoo 02/27/03 W32.Momma to IRC.Momma.Worm 01/21/03 W32.Rondon to Backdoor.IRC.Aladinz.B 03/12/03 W32.Yaha.I@mm to W32.Yaha.Q@mm 03/27/03 W32.Yalat@mm to W32.Yalat.Worm 02/11/03 W97M.Virugoer to W97M.Twopey.D 04/02/03 Zorm.695 to Zorm.family 01/21/03 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Trojan.Poot to Trojan.Slanret.B 04/04/03 W97M.Virugoer to W97M.Twopey.D 04/02/03 W32.Yaha.I@mm to W32.Yaha.Q@mm 03/27/03 W32.HLLW.Der@mm to W32.Vote.D@mm 03/21/03 Backdoor.Colfuser to Backdoor.Coldfusion 03/20/03 W32.HLLW.Begbie@mm to W32.Gibe.C@mm 03/19/03 W32.Deborm.Worm to W32.HLLW.Deborms.B 03/14/03 MAC.Simpsons@mm to MacOS.Simpsons@mm 03/12/03 Mac.Autostart to MacOS.Autostart 03/12/03 Mac.CPro to MacOS.CPro 03/12/03 Mac.ChinaTalk to MacOS.ChinaTalk 03/12/03 Mac.CursorPrank to MacOS.CursorPrank 03/12/03 Mac.DimWit to MacOS.DimWit 03/12/03 Mac.FontFinder to MacOS.FontFinder 03/12/03 Mac.Frankie to MacOS.Frankie 03/12/03 Mac.HotlineDelete to MacOS.HotlineDelete 03/12/03 Mac.HotlineServer to MacOS.HotlineServer 03/12/03 Mac.Mosaic to MacOS.Mosaic 03/12/03 Mac.NVP to MacOS.NVP 03/12/03 Mac.NaughtyLeftovers to MacOS.NaughtyLeftovers 03/12/03 Mac.Oldgirl to MacOS.Oldgirl 03/12/03 Mac.Scores to MacOS.Scores 03/12/03 Mac.Steroid to MacOS.Steroid 03/12/03 Mac.VirusInfo to MacOS.VirusInfo 03/12/03 W32.Rondon to Backdoor.IRC.Aladinz.B 03/12/03 Backdoor.Beasty.E to Backdoor.Plux 03/11/03 Backdoor.Plux to Backdoor.Beasty.E 03/11/03 VBS.Bulbas.B to VBS.Bulbas.B@mm 03/11/03 Backdoor.Zix to Backdoor.Zyxerv 03/06/03 W32.HLLW.Oror.Z@mm to W32.HLLW.Oror.AG@mm 03/04/03 HLLP.Roro to HLLO.Nedal.17174 (1) 02/27/03 VBS.Doggy@mm to HLLP.Roro 02/27/03 W32.HLLW.Eissa to W32.HLLW.Cassidy.B 02/27/03 W32.HLLW.Zackfoo to W32.Zackfoo 02/27/03 W32.HLLW.Lovgate to W32.HLLW.Lovgate@mm 02/20/03 Backdoor.Tkbot to W32.Tkbot.Worm 02/12/03 W32.Yalat@mm to W32.Yalat.Worm 02/11/03 W32.Bagif.Worm to W32.Bagif 02/10/03 W32.HLLW.Kifie to W32.HLLW.Backzat.H 02/05/03 W32.HLLW.Backzat.F to W32.HLLW.Backzat.G 01/23/03 Backdoor.Qforager to Trojan.Qforager 01/22/03 W32.Momma to IRC.Momma.Worm 01/21/03 Zorm.695 to Zorm.family 01/21/03 W32.Asterz@mm to W32.HLLW.Asterz.intd 01/20/03 VBS.Betta.A to BAT.Betta.A 01/16/03 W32.HLLW.Veednav.B to W32.HLLW.Veedna.B 01/15/03 W32.HLLW.Gotit to W32.Titog.B.Worm 01/09/03 TPE.cw.1915 to TPE.cw 01/08/03 W32.HLLW.GOP.F@mm to W32.HLLW.Wangy@mm 01/07/03 W32.HLLW.Stiq to W32.HLLW.Stiq@mm 01/07/03 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ BAT911.Worm File infector 11/05/02 Bin.Auto.BZM File infector 03/24/03 Bin.Auto.CAQ File infector 12/04/02 HLLO.Gotov.5488 File infector 12/11/02 JS.WindowBomb File infector 09/26/02 TC.Adware.7 File infector 03/11/03 TC.Adware.9 File infector 03/11/03 TC.HeurVirus.9 File infector 03/11/03 TC.Malware.7 File infector 03/11/03 TC.Malware.8 File infector 03/11/03 TC.Malware.9 File infector 03/11/03 TC.Spyware.8 File infector 03/11/03 VBS.Breberka@mm File infector 10/29/02 VBS.Draft@mm File infector 10/29/02 VBS.Futonik@mm File infector 10/29/02 W32.Compo File infector 10/21/02 W32.HLLC.Happylow File infector 09/13/02 W32.Hotlix.Worm File infector 11/12/02 W32.Wahwah@mm File infector 12/09/02 W97M.Pane File infector 10/11/02 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ Bin.Auto.BZM File infector 03/24/03 TC.Adware.7 File infector 03/11/03 TC.Adware.9 File infector 03/11/03 TC.HeurVirus.9 File infector 03/11/03 TC.Malware.7 File infector 03/11/03 TC.Malware.8 File infector 03/11/03 TC.Malware.9 File infector 03/11/03 TC.Spyware.8 File infector 03/11/03 HLLO.Gotov.5488 File infector 12/11/02 W32.Wahwah@mm File infector 12/09/02 Bin.Auto.CAQ File infector 12/04/02 W32.Hotlix.Worm File infector 11/12/02 BAT911.Worm File infector 11/05/02 VBS.Breberka@mm File infector 10/29/02 VBS.Draft@mm File infector 10/29/02 VBS.Futonik@mm File infector 10/29/02 W32.Compo File infector 10/21/02 W97M.Pane File infector 10/11/02 JS.WindowBomb File infector 09/26/02 W32.HLLC.Happylow File infector 09/13/02 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.