********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response October 10, 2003 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for September 2003, worldwide: 1 Trojan.ByteVerify 2 W32.Bugbear.B@mm 3 Trojan Horse 4 W32.Swen.A@mm 5 W32.Sobig.F@mm 6 IRC Trojan 7 HTML.Redlof.A 8 W32.Dumaru@mm 9 W32.Blaster.Worm 10 W32.Klez.H@mm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Abba.410 File infector 10/07/03 Adri.886 File infector 10/07/03 Adware.Satbo File infector 10/06/03 Adware.Searchq File infector 10/03/03 Adware.StopPopupAdsNow File infector 10/06/03 Adware.Ting File infector 10/06/03 Backdoor.Armageddon.C File infector 10/08/03 Backdoor.Avstral File infector 10/03/03 Backdoor.Battack File infector 10/10/03 Backdoor.Daemonize File infector 10/10/03 Backdoor.Gspot.20 File infector 10/08/03 Backdoor.Hacarmy File infector 10/06/03 Backdoor.IRC.RPCBot.G File infector 10/08/03 Backdoor.Jittar File infector 10/03/03 Backdoor.Lassrv File infector 10/03/03 Backdoor.Lixy File infector 10/08/03 Backdoor.Mxsender File infector 10/10/03 Backdoor.OptixPro.14 File infector 10/06/03 Backdoor.SDBot.Q File infector 10/08/03 Backdoor.Sdbot.R File infector 10/10/03 Backdoor.Sincom File infector 10/10/03 Backdoor.Sinit File infector 10/10/03 Backdoor.Smokodoor File infector 10/07/03 Bloodhound.Inflated File infector 10/07/03 Bloodhound.Overpacked File infector 10/07/03 Bloodhound.Packed File infector 10/07/03 Deadly.1638 File infector 10/07/03 Deadly.366 File infector 10/07/03 Dialer.Adultchat File infector 10/09/03 Dialer.Dia81 File infector 10/09/03 Dialer.Dialstyle File infector 10/09/03 Dialer.GMSoft File infector 10/06/03 Dialer.Gola File infector 10/06/03 Dialer.HotSurprise File infector 10/09/03 Dialer.HotVideo File infector 10/10/03 Dialer.LiveVideo_fi File infector 10/06/03 Dialer.Livegirls File infector 10/09/03 Dialer.Pornostar File infector 10/06/03 Dialer.Pornpaq File infector 10/07/03 Dialer.Stardial File infector 10/08/03 Downloader.Dluca.C File infector 10/03/03 Fayou.1999 File infector 10/07/03 Hacktool.DCOMDoS File infector 10/09/03 Hacktool.Dase File infector 10/09/03 Hacktool.SkServer File infector 10/07/03 JS.Debeski.Trojan File infector 10/03/03 PWSteal.Finero File infector 10/06/03 PWSteal.Nikana File infector 10/08/03 Spyware.ActiveKeylog File infector 10/10/03 Spyware.Screenspy File infector 10/08/03 Trojan.Cuydoc File infector 10/10/03 Trojan.Linuz File infector 10/09/03 VBS.Aqui File infector 10/09/03 VBS.Bing.Trojan File infector 10/07/03 VBS.Canligen@mm File infector 10/06/03 VBS.Chant.Trojan File infector 10/07/03 VBS.Dissec.Trojan File infector 10/07/03 VBS.Gustin@mm File infector 10/09/03 VBS.Lamanella@mm File infector 10/06/03 VBS.Latia@mm File infector 10/06/03 VBS.Regidel.Trojan File infector 10/07/03 VBS.Rivine@mm File infector 10/06/03 VBS.Scooty File infector 10/06/03 W32.Basbot File infector 10/07/03 W32.Cidu File infector 10/10/03 W32.CoolFool@mm File infector 10/07/03 W32.Cugirl.Worm File infector 10/08/03 W32.Emeres File infector 10/10/03 W32.Gramos File infector 10/08/03 W32.HLLW.Clepa@mm File infector 10/10/03 W32.HLLW.Colbat@mm File infector 10/07/03 W32.HLLW.Donk.C File infector 10/10/03 W32.HLLW.Gaobot.AQ File infector 10/09/03 W32.HLLW.Habaku File infector 10/09/03 W32.HLLW.Kazwin File infector 10/06/03 W32.HLLW.Logpole File infector 10/09/03 W32.HLLW.Meduna@mm File infector 10/09/03 W32.HLLW.Migels File infector 10/08/03 W32.HLLW.Moega.D File infector 10/10/03 W32.HLLW.Oblion File infector 10/10/03 W32.HLLW.Repsan File infector 10/06/03 W32.HLLW.Syney.B@mm File infector 10/06/03 W32.HLLW.Waxif File infector 10/09/03 W32.Himera@mm File infector 10/08/03 W32.IRCBot.B File infector 10/07/03 W32.Inmota.Worm File infector 10/10/03 W32.Kalshi.A@mm File infector 10/10/03 W32.Kromber File infector 10/07/03 W32.Logex.B File infector 10/08/03 W32.Napsin@mm File infector 10/08/03 W32.Notech File infector 10/08/03 W32.Ogid File infector 10/06/03 W32.Randex.Q File infector 10/06/03 W32.Serab@mm File infector 10/07/03 W32.Sinn.1396 File infector 10/08/03 W32.Sinn.1397 File infector 10/08/03 W32.Spacemark File infector 10/06/03 W32.Valha@mm File infector 10/08/03 W95.Repus.256 File infector 10/10/03 Win.Kodzer File infector 10/08/03 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Battack File infector 10/10/03 Backdoor.Daemonize File infector 10/10/03 Backdoor.Mxsender File infector 10/10/03 Backdoor.Sdbot.R File infector 10/10/03 Backdoor.Sincom File infector 10/10/03 Backdoor.Sinit File infector 10/10/03 Dialer.HotVideo File infector 10/10/03 Spyware.ActiveKeylog File infector 10/10/03 Trojan.Cuydoc File infector 10/10/03 W32.Cidu File infector 10/10/03 W32.Emeres File infector 10/10/03 W32.HLLW.Clepa@mm File infector 10/10/03 W32.HLLW.Donk.C File infector 10/10/03 W32.HLLW.Moega.D File infector 10/10/03 W32.HLLW.Oblion File infector 10/10/03 W32.Inmota.Worm File infector 10/10/03 W32.Kalshi.A@mm File infector 10/10/03 W95.Repus.256 File infector 10/10/03 Dialer.Adultchat File infector 10/09/03 Dialer.Dia81 File infector 10/09/03 Dialer.Dialstyle File infector 10/09/03 Dialer.HotSurprise File infector 10/09/03 Dialer.Livegirls File infector 10/09/03 Hacktool.DCOMDoS File infector 10/09/03 Hacktool.Dase File infector 10/09/03 Trojan.Linuz File infector 10/09/03 VBS.Aqui File infector 10/09/03 VBS.Gustin@mm File infector 10/09/03 W32.HLLW.Gaobot.AQ File infector 10/09/03 W32.HLLW.Habaku File infector 10/09/03 W32.HLLW.Logpole File infector 10/09/03 W32.HLLW.Meduna@mm File infector 10/09/03 W32.HLLW.Waxif File infector 10/09/03 Backdoor.Armageddon.C File infector 10/08/03 Backdoor.Gspot.20 File infector 10/08/03 Backdoor.IRC.RPCBot.G File infector 10/08/03 Backdoor.Lixy File infector 10/08/03 Backdoor.SDBot.Q File infector 10/08/03 Dialer.Stardial File infector 10/08/03 PWSteal.Nikana File infector 10/08/03 Spyware.Screenspy File infector 10/08/03 W32.Cugirl.Worm File infector 10/08/03 W32.Gramos File infector 10/08/03 W32.HLLW.Migels File infector 10/08/03 W32.Himera@mm File infector 10/08/03 W32.Logex.B File infector 10/08/03 W32.Napsin@mm File infector 10/08/03 W32.Notech File infector 10/08/03 W32.Sinn.1396 File infector 10/08/03 W32.Sinn.1397 File infector 10/08/03 W32.Valha@mm File infector 10/08/03 Win.Kodzer File infector 10/08/03 Abba.410 File infector 10/07/03 Adri.886 File infector 10/07/03 Backdoor.Smokodoor File infector 10/07/03 Bloodhound.Inflated File infector 10/07/03 Bloodhound.Overpacked File infector 10/07/03 Bloodhound.Packed File infector 10/07/03 Deadly.1638 File infector 10/07/03 Deadly.366 File infector 10/07/03 Dialer.Pornpaq File infector 10/07/03 Fayou.1999 File infector 10/07/03 Hacktool.SkServer File infector 10/07/03 VBS.Bing.Trojan File infector 10/07/03 VBS.Chant.Trojan File infector 10/07/03 VBS.Dissec.Trojan File infector 10/07/03 VBS.Regidel.Trojan File infector 10/07/03 W32.Basbot File infector 10/07/03 W32.CoolFool@mm File infector 10/07/03 W32.HLLW.Colbat@mm File infector 10/07/03 W32.IRCBot.B File infector 10/07/03 W32.Kromber File infector 10/07/03 W32.Serab@mm File infector 10/07/03 Adware.Satbo File infector 10/06/03 Adware.StopPopupAdsNow File infector 10/06/03 Adware.Ting File infector 10/06/03 Backdoor.Hacarmy File infector 10/06/03 Backdoor.OptixPro.14 File infector 10/06/03 Dialer.GMSoft File infector 10/06/03 Dialer.Gola File infector 10/06/03 Dialer.LiveVideo_fi File infector 10/06/03 Dialer.Pornostar File infector 10/06/03 PWSteal.Finero File infector 10/06/03 VBS.Canligen@mm File infector 10/06/03 VBS.Lamanella@mm File infector 10/06/03 VBS.Latia@mm File infector 10/06/03 VBS.Rivine@mm File infector 10/06/03 VBS.Scooty File infector 10/06/03 W32.HLLW.Kazwin File infector 10/06/03 W32.HLLW.Repsan File infector 10/06/03 W32.HLLW.Syney.B@mm File infector 10/06/03 W32.Ogid File infector 10/06/03 W32.Randex.Q File infector 10/06/03 W32.Spacemark File infector 10/06/03 Adware.Searchq File infector 10/03/03 Backdoor.Avstral File infector 10/03/03 Backdoor.Jittar File infector 10/03/03 Backdoor.Lassrv File infector 10/03/03 Downloader.Dluca.C File infector 10/03/03 JS.Debeski.Trojan File infector 10/03/03 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Adware.ISTSvc to Adware.Istbar 10/08/03 Adware.Irdixa to Adware.Magicads 10/08/03 Adware.MassFav to Adware.Massfav 09/26/03 Backdoor.Avstral to Trojan.Myss.B 10/06/03 Backdoor.Clt to W32.Cult 08/18/03 Backdoor.FTPserver to Backdoor.Usirf 10/09/03 Backdoor.Fxdoor.Cli to Backdoor.Snowdoor.Cli 09/12/03 Backdoor.Gspot.20 to Backdoor.Spigot.C 10/09/03 Backdoor.IRC.Lade to W32.Lade 08/26/03 Backdoor.Lorac to W32.Lorac 10/10/03 Backdoor.SubSeven.2.15 to Backdoor.SubSeven215 07/29/03 Backdoor.VB.ff to Backdoor.Himba 08/29/03 Bin.Auto.AWK to PS-MPC.335 08/18/03 Bin.Auto.BBF to PS-MPC.729 08/04/03 Boot.Face to Face (b) 07/31/03 Face (b) to Boot.Face 08/04/03 MBA.Remiform to MpB.Kynel.A 08/28/03 PS-MPC.335 to Bin.Auto.AWK 08/18/03 PS-MPC.729 to Bin.Auto.BBF 08/04/03 Proxy.Thunker to Backdoor.Thunker 09/25/03 Remacc.DWRCS to Remacc.Dwremote 10/08/03 Remote_Access.RAServer to Remacc.RAServer 09/24/03 Trojan.W32.KillNAV to Trojan.KillAV.B 09/08/03 VBS.Annod.D to VBS.Taber 09/25/03 VBS.Omni to VBS.Omsee.C 09/17/03 VBS.Quocus@mm.int to VBS.Quocus.int 08/07/03 VBS.Radnet to VBS.Omsee.D 09/17/03 W32.Blare@mm to W32.Quaters.A@mm 09/05/03 W32.CoolFool@mm to W32.Coolfool@mm 10/08/03 W32.Cult to Backdoor.Clt 08/18/03 W32.Darby.Worm to W32.HLLW.Darby 08/29/03 W32.Fomur.B to W32.Fomur 08/25/03 W32.HLLP.Savno to W32.HLLP.Spreda.B 09/30/03 W32.HLLW.Egar to W32.Egar.int 07/30/03 W32.HLLW.Kabak to W32.HLLW.Kabak.Int 08/18/03 W32.HLLW.Kabak.Int to W32.HLLW.Kabak 08/08/03 W32.HLLW.Malicou to W32.HLLW.Nulut 08/26/03 W32.HLLW.Shydy.C to W32.HLLW.Shynet 08/28/03 W32.HLLW.Shynet to W32.HLLW.Shydy.C 08/28/03 W32.HLLW.Yodo to W32.HLLW.Yodidoo 09/02/03 W32.HLLW.Yodo.B to W32.HLLW.Yodi 09/02/03 W32.Hartco@mm to W32.HLLW.LovHart@mm 09/10/03 W32.Julk to W32.HLLP.Julk@mm 09/29/03 W32.Kermit@mm to W32.Kerim@mm 09/26/03 W32.Nuf.A to W32.Nuffy.A 08/08/03 W32.Nuffy.A to W32.Nuf.A 08/18/03 W32.Squirm@mm to W32.Pandem.B.Worm 08/21/03 W97M.Omni to W97M.Omsee.C 09/17/03 W97M.Radnet to W97M.Omsee.D 09/17/03 W97M.Radnet.B to W97M.Omsee.E 09/17/03 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.Lorac to W32.Lorac 10/10/03 Backdoor.FTPserver to Backdoor.Usirf 10/09/03 Backdoor.Gspot.20 to Backdoor.Spigot.C 10/09/03 Adware.ISTSvc to Adware.Istbar 10/08/03 Adware.Irdixa to Adware.Magicads 10/08/03 Remacc.DWRCS to Remacc.Dwremote 10/08/03 W32.CoolFool@mm to W32.Coolfool@mm 10/08/03 Backdoor.Avstral to Trojan.Myss.B 10/06/03 W32.HLLP.Savno to W32.HLLP.Spreda.B 09/30/03 W32.Julk to W32.HLLP.Julk@mm 09/29/03 Adware.MassFav to Adware.Massfav 09/26/03 W32.Kermit@mm to W32.Kerim@mm 09/26/03 Proxy.Thunker to Backdoor.Thunker 09/25/03 VBS.Annod.D to VBS.Taber 09/25/03 Remote_Access.RAServer to Remacc.RAServer 09/24/03 VBS.Omni to VBS.Omsee.C 09/17/03 VBS.Radnet to VBS.Omsee.D 09/17/03 W97M.Omni to W97M.Omsee.C 09/17/03 W97M.Radnet to W97M.Omsee.D 09/17/03 W97M.Radnet.B to W97M.Omsee.E 09/17/03 Backdoor.Fxdoor.Cli to Backdoor.Snowdoor.Cli 09/12/03 W32.Hartco@mm to W32.HLLW.LovHart@mm 09/10/03 Trojan.W32.KillNAV to Trojan.KillAV.B 09/08/03 W32.Blare@mm to W32.Quaters.A@mm 09/05/03 W32.HLLW.Yodo to W32.HLLW.Yodidoo 09/02/03 W32.HLLW.Yodo.B to W32.HLLW.Yodi 09/02/03 Backdoor.VB.ff to Backdoor.Himba 08/29/03 W32.Darby.Worm to W32.HLLW.Darby 08/29/03 MBA.Remiform to MpB.Kynel.A 08/28/03 W32.HLLW.Shydy.C to W32.HLLW.Shynet 08/28/03 W32.HLLW.Shynet to W32.HLLW.Shydy.C 08/28/03 Backdoor.IRC.Lade to W32.Lade 08/26/03 W32.HLLW.Malicou to W32.HLLW.Nulut 08/26/03 W32.Fomur.B to W32.Fomur 08/25/03 W32.Squirm@mm to W32.Pandem.B.Worm 08/21/03 Backdoor.Clt to W32.Cult 08/18/03 Bin.Auto.AWK to PS-MPC.335 08/18/03 PS-MPC.335 to Bin.Auto.AWK 08/18/03 W32.Cult to Backdoor.Clt 08/18/03 W32.HLLW.Kabak to W32.HLLW.Kabak.Int 08/18/03 W32.Nuffy.A to W32.Nuf.A 08/18/03 W32.HLLW.Kabak.Int to W32.HLLW.Kabak 08/08/03 W32.Nuf.A to W32.Nuffy.A 08/08/03 VBS.Quocus@mm.int to VBS.Quocus.int 08/07/03 Bin.Auto.BBF to PS-MPC.729 08/04/03 Face (b) to Boot.Face 08/04/03 PS-MPC.729 to Bin.Auto.BBF 08/04/03 Boot.Face to Face (b) 07/31/03 W32.HLLW.Egar to W32.Egar.int 07/30/03 Backdoor.SubSeven.2.15 to Backdoor.SubSeven215 07/29/03 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Backdoor.EZBot File infector 09/04/03 Backdoor.IRC.Hatter File infector 08/28/03 Bloodhound.IU.01 File infector 08/28/03 Bloodhound.IU.02 File infector 08/28/03 Bloodhound.IU.03 File infector 08/28/03 Download.Aduent.Trojan File infector 09/04/03 EICAR Test String(new) File infector 08/28/03 Heavy.761 File infector 08/28/03 Heavy.761(1) File infector 08/28/03 Heavy.761(2) File infector 08/28/03 Heavy.761(3) File infector 08/28/03 Heavy.761(4) File infector 08/28/03 IRC.Family.Gen File infector 09/23/03 Keypress.Peach (x) File infector 09/19/03 Trojan.Aduent File infector 09/04/03 Trojan.Norio File infector 09/04/03 W32.HLLW.Gaobot.AQ File infector 10/10/03 W32.Opaserv.AE.Worm File infector 09/23/03 W95.Silcer File infector 09/08/03 Worm.Automat.AHB File infector 09/19/03 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ W32.HLLW.Gaobot.AQ File infector 10/10/03 IRC.Family.Gen File infector 09/23/03 W32.Opaserv.AE.Worm File infector 09/23/03 Keypress.Peach (x) File infector 09/19/03 Worm.Automat.AHB File infector 09/19/03 W95.Silcer File infector 09/08/03 Backdoor.EZBot File infector 09/04/03 Download.Aduent.Trojan File infector 09/04/03 Trojan.Aduent File infector 09/04/03 Trojan.Norio File infector 09/04/03 Backdoor.IRC.Hatter File infector 08/28/03 Bloodhound.IU.01 File infector 08/28/03 Bloodhound.IU.02 File infector 08/28/03 Bloodhound.IU.03 File infector 08/28/03 EICAR Test String(new) File infector 08/28/03 Heavy.761 File infector 08/28/03 Heavy.761(1) File infector 08/28/03 Heavy.761(2) File infector 08/28/03 Heavy.761(3) File infector 08/28/03 Heavy.761(4) File infector 08/28/03 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.