********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response January 08, 2004 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for October 2003, worldwide: 1 Download.Adware.Lop 2 Trojan.ByteVerify 3 Trojan Horse 4 W32.Bugbear.B@mm 5 W32.Swen.A@mm 6 IRC Trojan 7 HTML.Redlof.A 8 Download.Trojan 9 Trojan.Bootconf 10 W32.Klez.H@mm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Adware.AdShooter File infector 12/24/03 Adware.DownloadPlus File infector 12/22/03 Adware.FOne File infector 12/18/03 Adware.FreeComm File infector 01/05/04 Adware.IAGold File infector 12/20/03 Adware.IWon File infector 12/29/03 Adware.Netpal File infector 12/18/03 Adware.Ntsearch File infector 12/29/03 Adware.SearchSpace File infector 12/17/03 Adware.SideBar File infector 01/05/04 Adware.Sqwire File infector 12/23/03 Adware.TopMoxie File infector 12/22/03 Adware.YellowPages File infector 12/30/03 BAT.Hostidel.Trojan File infector 12/16/03 Backdoor.Gaster File infector 12/30/03 Backdoor.Graybird.H File infector 01/05/04 Backdoor.IRC.Aladinz.F File infector 01/02/04 Backdoor.Portless File infector 12/29/03 Backdoor.Sdbot.S File infector 01/08/04 Backdoor.Sinique File infector 12/31/03 Backdoor.Trodal File infector 12/20/03 Bin.Auto.CLW File infector 12/19/03 Bin.Auto.CLX File infector 12/19/03 Bin.Auto.CLY File infector 12/19/03 Dialer.CarpeDiem File infector 12/30/03 Dialer.DateMake File infector 12/29/03 Dialer.Erostars File infector 12/24/03 Dialer.ExDialer File infector 12/30/03 Dialer.Freeload File infector 12/30/03 Dialer.InstantAccess File infector 01/05/04 Dialer.Pornosex File infector 12/22/03 Dialer.Prime File infector 12/24/03 Dialer.RASDialer File infector 12/16/03 Dialer.Sexitaly File infector 12/29/03 Dialer.Sibun File infector 12/24/03 Dialer.SwitchDialer File infector 12/29/03 Download.Berbew.dam File infector 01/02/04 Gnark.2479 File infector 12/29/03 HTML.Rumbile File infector 12/20/03 Hacktool.FDate.15360 File infector 12/17/03 Hacktool.FxScanner File infector 01/05/04 Hacktool.HideWindow File infector 01/07/04 JS.Casra File infector 12/24/03 Joke.Flash File infector 12/30/03 Joke.MoveMouse File infector 12/29/03 PWSteal.Bancos.D File infector 12/23/03 PWSteal.RTCW File infector 01/05/04 Remacc.SAdoor File infector 12/29/03 SecurityRisk.Downldr File infector 01/02/04 Spyware.Acext File infector 01/05/04 Trojan.Anymail File infector 12/19/03 Trojan.Bookmarker File infector 12/22/03 Trojan.Dalfer File infector 01/08/04 Trojan.Dalfer.B File infector 01/08/04 Trojan.Dalfer.C File infector 01/08/04 Trojan.Download.Revird File infector 12/29/03 Trojan.Gema File infector 12/17/03 Trojan.Narat File infector 12/31/03 URLSpoof.Exploit File infector 12/31/03 VBS.Leo File infector 01/07/04 VBS.Sling File infector 12/20/03 W32.Bizten File infector 01/06/04 W32.Bugbros@mm File infector 01/05/04 W32.Cissi.A@mm File infector 12/22/03 W32.Gase File infector 12/30/03 W32.Gluber.B@mm File infector 12/22/03 W32.Gluber@mm File infector 12/19/03 W32.HLLC.Golin@mm File infector 01/06/04 W32.HLLP.Belzy@mm File infector 12/24/03 W32.HLLP.Sholta File infector 01/07/04 W32.HLLW.Apler File infector 01/08/04 W32.HLLW.Cayam@mm File infector 12/17/03 W32.HLLW.Gaobot.EZ File infector 01/05/04 W32.HLLW.Gaobot.FL File infector 01/07/04 W32.HLLW.Mooze File infector 01/08/04 W32.HLLW.Norat File infector 01/06/04 W32.HLLW.Rirc File infector 01/07/04 W32.HLLW.Warpigs.C File infector 12/20/03 W32.HLLW.Widfrey File infector 01/07/04 W32.Jitux.Worm File infector 12/31/03 W32.Jubon@mm File infector 01/05/04 W32.Kuksec File infector 01/08/04 W32.Mimail.P@mm File infector 01/07/04 W32.Mimail.P@mm (1) File infector 01/08/04 W32.Miroot.Worm File infector 01/05/04 W32.Mumo File infector 12/30/03 W32.Nirky.Worm File infector 01/06/04 W32.Opaserv.AE.Worm File infector 01/07/04 W32.SillyFDC File infector 01/08/04 W32.Sober.B@mm File infector 12/18/03 W32.Sober.C@mm File infector 12/20/03 W32.Sober.gen File infector 12/20/03 W32.Torun File infector 12/29/03 W32.Torun.dr File infector 12/29/03 W32.Tupeg File infector 01/02/04 W32.Wilsef File infector 12/18/03 W97M.Automat.AHE File infector 12/19/03 W97M.Automat.AHF File infector 12/19/03 W97M.Automat.AHG File infector 12/19/03 W97M.VMPCK1.ED File infector 12/24/03 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Sdbot.S File infector 01/08/04 Trojan.Dalfer File infector 01/08/04 Trojan.Dalfer.B File infector 01/08/04 Trojan.Dalfer.C File infector 01/08/04 W32.HLLW.Apler File infector 01/08/04 W32.HLLW.Mooze File infector 01/08/04 W32.Kuksec File infector 01/08/04 W32.Mimail.P@mm (1) File infector 01/08/04 W32.SillyFDC File infector 01/08/04 Hacktool.HideWindow File infector 01/07/04 VBS.Leo File infector 01/07/04 W32.HLLP.Sholta File infector 01/07/04 W32.HLLW.Gaobot.FL File infector 01/07/04 W32.HLLW.Rirc File infector 01/07/04 W32.HLLW.Widfrey File infector 01/07/04 W32.Mimail.P@mm File infector 01/07/04 W32.Opaserv.AE.Worm File infector 01/07/04 W32.Bizten File infector 01/06/04 W32.HLLC.Golin@mm File infector 01/06/04 W32.HLLW.Norat File infector 01/06/04 W32.Nirky.Worm File infector 01/06/04 Adware.FreeComm File infector 01/05/04 Adware.SideBar File infector 01/05/04 Backdoor.Graybird.H File infector 01/05/04 Dialer.InstantAccess File infector 01/05/04 Hacktool.FxScanner File infector 01/05/04 PWSteal.RTCW File infector 01/05/04 Spyware.Acext File infector 01/05/04 W32.Bugbros@mm File infector 01/05/04 W32.HLLW.Gaobot.EZ File infector 01/05/04 W32.Jubon@mm File infector 01/05/04 W32.Miroot.Worm File infector 01/05/04 Backdoor.IRC.Aladinz.F File infector 01/02/04 Download.Berbew.dam File infector 01/02/04 SecurityRisk.Downldr File infector 01/02/04 W32.Tupeg File infector 01/02/04 Backdoor.Sinique File infector 12/31/03 Trojan.Narat File infector 12/31/03 URLSpoof.Exploit File infector 12/31/03 W32.Jitux.Worm File infector 12/31/03 Adware.YellowPages File infector 12/30/03 Backdoor.Gaster File infector 12/30/03 Dialer.CarpeDiem File infector 12/30/03 Dialer.ExDialer File infector 12/30/03 Dialer.Freeload File infector 12/30/03 Joke.Flash File infector 12/30/03 W32.Gase File infector 12/30/03 W32.Mumo File infector 12/30/03 Adware.IWon File infector 12/29/03 Adware.Ntsearch File infector 12/29/03 Backdoor.Portless File infector 12/29/03 Dialer.DateMake File infector 12/29/03 Dialer.Sexitaly File infector 12/29/03 Dialer.SwitchDialer File infector 12/29/03 Gnark.2479 File infector 12/29/03 Joke.MoveMouse File infector 12/29/03 Remacc.SAdoor File infector 12/29/03 Trojan.Download.Revird File infector 12/29/03 W32.Torun File infector 12/29/03 W32.Torun.dr File infector 12/29/03 Adware.AdShooter File infector 12/24/03 Dialer.Erostars File infector 12/24/03 Dialer.Prime File infector 12/24/03 Dialer.Sibun File infector 12/24/03 JS.Casra File infector 12/24/03 W32.HLLP.Belzy@mm File infector 12/24/03 W97M.VMPCK1.ED File infector 12/24/03 Adware.Sqwire File infector 12/23/03 PWSteal.Bancos.D File infector 12/23/03 Adware.DownloadPlus File infector 12/22/03 Adware.TopMoxie File infector 12/22/03 Dialer.Pornosex File infector 12/22/03 Trojan.Bookmarker File infector 12/22/03 W32.Cissi.A@mm File infector 12/22/03 W32.Gluber.B@mm File infector 12/22/03 Adware.IAGold File infector 12/20/03 Backdoor.Trodal File infector 12/20/03 HTML.Rumbile File infector 12/20/03 VBS.Sling File infector 12/20/03 W32.HLLW.Warpigs.C File infector 12/20/03 W32.Sober.C@mm File infector 12/20/03 W32.Sober.gen File infector 12/20/03 Bin.Auto.CLW File infector 12/19/03 Bin.Auto.CLX File infector 12/19/03 Bin.Auto.CLY File infector 12/19/03 Trojan.Anymail File infector 12/19/03 W32.Gluber@mm File infector 12/19/03 W97M.Automat.AHE File infector 12/19/03 W97M.Automat.AHF File infector 12/19/03 W97M.Automat.AHG File infector 12/19/03 Adware.FOne File infector 12/18/03 Adware.Netpal File infector 12/18/03 W32.Sober.B@mm File infector 12/18/03 W32.Wilsef File infector 12/18/03 Adware.SearchSpace File infector 12/17/03 Hacktool.FDate.15360 File infector 12/17/03 Trojan.Gema File infector 12/17/03 W32.HLLW.Cayam@mm File infector 12/17/03 BAT.Hostidel.Trojan File infector 12/16/03 Dialer.RASDialer File infector 12/16/03 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.IRC.Microb to Backdoor.IRC.Microb 12/05/03 Adware.CNS3721 to Adware.Wengs 10/16/03 Adware.ISTSvc to Adware.Istbar 10/08/03 Adware.Irdixa to Adware.Magicads 10/08/03 Adware.Madfind to Backdoor.Madfind 10/31/03 Adware.Quad to Dialer.Heysan 10/27/03 Backdoor.Avstral to Trojan.Myss.B 10/06/03 Backdoor.DragonQQ to Backdoor.Dragonqq 12/01/03 Backdoor.FTPserver to Backdoor.Usirf 10/09/03 Backdoor.Gspot.20 to Backdoor.Spigot.C 10/09/03 Backdoor.Hazzer to Trojan.Hazzer 12/18/03 Backdoor.Lorac to W32.Lorac 10/10/03 Backdoor.Ranck to Backdoor.Ranky 11/01/03 Backdoor.Ranck.B to Backdoor.Ranky.B 11/01/03 Backdoor.Ranck.C to Backdoor.Ranky.C 11/01/03 Backdoor.Semes to Trojan.QQMess 10/22/03 Backdoor.Togfer to Backdoor.Tofger 12/09/03 Dialer.Starsfake to W32.Adclicker.G.Trojan 10/24/03 Hacktool.DRM to Hacktool.Keygen.151552 12/01/03 IRC.Trojan.Fgt to W32.Petch 10/31/03 MHTML.Redir.Exploit to MHTMLRedir.Exploit 12/12/03 Remacc.DWRCS to Remacc.Dwremote 10/08/03 SecurityRisk.Privshell to Hacktool.Privshell 10/14/03 Trojan.Confi to VBS.Confi 10/29/03 Trojan.Download.Swizz to Download.Adware.Lop 10/10/03 Trojan.Narat to Adware.Mpgcom 01/05/04 Trojan.Qhosts.A to Trojan.Qhosts.B 10/14/03 Trojan.Qhosts.B to Trojan.Bootconf 10/15/03 W32.CoolFool@mm to W32.Coolfool@mm 10/08/03 W32.ExitWin.A.Trojan to W32.Winex.A.Trojan 10/19/03 W32.Gase to W32.Gase.intd 12/30/03 W32.Gnomef.Worm to W32.Nomeg.Worm 11/05/03 W32.HLLW.Blinkon.intd to W32.Blinkon.intd 12/02/03 W32.HLLW.Funair to W32.Funair 10/14/03 W32.HLLW.Gaobot.BD to W32.HLLW.Gaobot.BE 10/27/03 W32.HLLW.Gaobot.EZ to W32.HLLW.Gaobot.FB 01/05/04 W32.HLLW.Sakao to W32.Sakao 10/20/03 W32.HLLW.Torvil@mm to W32.HLLW.Torvel.B@mm 10/23/03 W32.HLLW.Wanado to W32.HLLW.Reur 10/28/03 W32.Jeremy.A to W32.Jermy.A 10/24/03 W32.Kalshi.A@mm to Trojan.Kalshi 10/10/03 W32.Klap to W32.Taplak 11/20/03 W32.Marque@mm to W32.Marque.Worm 10/27/03 W32.Mertian@mm to W32.Mertian.Worm 12/15/03 W32.Mimail.H@mm to W32.Mimail.I@mm 11/17/03 W32.NGVCK.4920 to W32.Doggie.BX 12/01/03 W32.Paylap@mm to W32.Mimail.H@mm 11/14/03 W32.Sahara.9728 to W32.Sahara 11/07/03 W32.Taplak to W32.HLLW.Taplak 11/26/03 W97M.Laroux.NW to X97M.Laroux.NW 11/20/03 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Trojan.Narat to Adware.Mpgcom 01/05/04 W32.HLLW.Gaobot.EZ to W32.HLLW.Gaobot.FB 01/05/04 W32.Gase to W32.Gase.intd 12/30/03 Backdoor.Hazzer to Trojan.Hazzer 12/18/03 W32.Mertian@mm to W32.Mertian.Worm 12/15/03 MHTML.Redir.Exploit to MHTMLRedir.Exploit 12/12/03 Backdoor.Togfer to Backdoor.Tofger 12/09/03 Backdoor.IRC.Microb to Backdoor.IRC.Microb 12/05/03 W32.HLLW.Blinkon.intd to W32.Blinkon.intd 12/02/03 Backdoor.DragonQQ to Backdoor.Dragonqq 12/01/03 Hacktool.DRM to Hacktool.Keygen.151552 12/01/03 W32.NGVCK.4920 to W32.Doggie.BX 12/01/03 W32.Taplak to W32.HLLW.Taplak 11/26/03 W32.Klap to W32.Taplak 11/20/03 W97M.Laroux.NW to X97M.Laroux.NW 11/20/03 W32.Mimail.H@mm to W32.Mimail.I@mm 11/17/03 W32.Paylap@mm to W32.Mimail.H@mm 11/14/03 W32.Sahara.9728 to W32.Sahara 11/07/03 W32.Gnomef.Worm to W32.Nomeg.Worm 11/05/03 Backdoor.Ranck to Backdoor.Ranky 11/01/03 Backdoor.Ranck.B to Backdoor.Ranky.B 11/01/03 Backdoor.Ranck.C to Backdoor.Ranky.C 11/01/03 Adware.Madfind to Backdoor.Madfind 10/31/03 IRC.Trojan.Fgt to W32.Petch 10/31/03 Trojan.Confi to VBS.Confi 10/29/03 W32.HLLW.Wanado to W32.HLLW.Reur 10/28/03 Adware.Quad to Dialer.Heysan 10/27/03 W32.HLLW.Gaobot.BD to W32.HLLW.Gaobot.BE 10/27/03 W32.Marque@mm to W32.Marque.Worm 10/27/03 Dialer.Starsfake to W32.Adclicker.G.Trojan 10/24/03 W32.Jeremy.A to W32.Jermy.A 10/24/03 W32.HLLW.Torvil@mm to W32.HLLW.Torvel.B@mm 10/23/03 Backdoor.Semes to Trojan.QQMess 10/22/03 W32.HLLW.Sakao to W32.Sakao 10/20/03 W32.ExitWin.A.Trojan to W32.Winex.A.Trojan 10/19/03 Adware.CNS3721 to Adware.Wengs 10/16/03 Trojan.Qhosts.B to Trojan.Bootconf 10/15/03 SecurityRisk.Privshell to Hacktool.Privshell 10/14/03 Trojan.Qhosts.A to Trojan.Qhosts.B 10/14/03 W32.HLLW.Funair to W32.Funair 10/14/03 Backdoor.Lorac to W32.Lorac 10/10/03 Trojan.Download.Swizz to Download.Adware.Lop 10/10/03 W32.Kalshi.A@mm to Trojan.Kalshi 10/10/03 Backdoor.FTPserver to Backdoor.Usirf 10/09/03 Backdoor.Gspot.20 to Backdoor.Spigot.C 10/09/03 Adware.ISTSvc to Adware.Istbar 10/08/03 Adware.Irdixa to Adware.Magicads 10/08/03 Remacc.DWRCS to Remacc.Dwremote 10/08/03 W32.CoolFool@mm to W32.Coolfool@mm 10/08/03 Backdoor.Avstral to Trojan.Myss.B 10/06/03 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Backdoor.Ciadoor.b File infector 11/24/03 Backdoor.Nitmo File infector 11/21/03 Backdoor.Regate File infector 12/01/03 Dialer.Dcon File infector 11/24/03 PWSteal.Blade.Trojan File infector 12/02/03 W32.Bolgi.Worm File infector 11/21/03 W32.HLLW.Bandie File infector 11/24/03 W32.HLLW.Freity@mm File infector 11/24/03 W32.HLLW.Gaobot.gen File infector 11/24/03 W32.HLLW.Minirow File infector 11/21/03 W32.HLLW.Secorm File infector 11/21/03 W32.HLLW.Xbotor File infector 11/24/03 W32.Headout File infector 11/24/03 W32.Notime File infector 11/24/03 W32.Randex.AT File infector 11/21/03 W32.Widare File infector 11/24/03 W32.ZomJoiner File infector 11/18/03 W95.Poson File infector 11/24/03 W97M.Mutalisk File infector 11/24/03 W97M.Opey.V File infector 11/21/03 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ PWSteal.Blade.Trojan File infector 12/02/03 Backdoor.Regate File infector 12/01/03 Backdoor.Ciadoor.b File infector 11/24/03 Dialer.Dcon File infector 11/24/03 W32.HLLW.Bandie File infector 11/24/03 W32.HLLW.Freity@mm File infector 11/24/03 W32.HLLW.Gaobot.gen File infector 11/24/03 W32.HLLW.Xbotor File infector 11/24/03 W32.Headout File infector 11/24/03 W32.Notime File infector 11/24/03 W32.Widare File infector 11/24/03 W95.Poson File infector 11/24/03 W97M.Mutalisk File infector 11/24/03 Backdoor.Nitmo File infector 11/21/03 W32.Bolgi.Worm File infector 11/21/03 W32.HLLW.Minirow File infector 11/21/03 W32.HLLW.Secorm File infector 11/21/03 W32.Randex.AT File infector 11/21/03 W97M.Opey.V File infector 11/21/03 W32.ZomJoiner File infector 11/18/03 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.