********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response May 05, 2004 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for April 2004, worldwide: 1 Trojan Horse 2 W32.HLLW.Gaobot.gen 3 W32.Netsky.P@mm 4 W32.Beagle.M@mm 5 W32.Netsky.D@mm 6 W32.Bugbear.B@mm 7 W32.Netsky.Y@mm 8 W32.Netsky.C@mm 9 VBS.Redlof.A 10 W32.Randex.gen ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- PWSteal.Tarno.E File infector 04/13/04 Adware.Look2Me File infector 04/13/04 Adware.Searchdot File infector 04/17/04 Adware.StartPage File infector 04/27/04 Adware.WorldSearch File infector 04/22/04 BAT.Bomgen File infector 04/20/04 BAT.Bomgen.B@mm File infector 04/22/04 BAT.Dohman File infector 04/16/04 Backdoor.Anyserv.B File infector 05/04/04 Backdoor.Berbew.C File infector 04/14/04 Backdoor.Carool File infector 05/04/04 Backdoor.Carufax.A File infector 04/19/04 Backdoor.Evivinc File infector 04/25/04 Backdoor.Graybird.I File infector 04/13/04 Backdoor.Hacarmy.B File infector 04/27/04 Backdoor.IRC.Aladinz.Q File infector 04/23/04 Backdoor.IRC.Zcrew.C File infector 04/15/04 Backdoor.Mipsiv File infector 04/27/04 Backdoor.NetCrack.B File infector 04/13/04 Backdoor.Padodor File infector 04/21/04 Backdoor.Sdbot.U File infector 04/23/04 Backdoor.Sdbot.Z File infector 04/29/04 Backdoor.Skobie.A File infector 04/15/04 Backdoor.Skobie.B File infector 04/15/04 Backdoor.Wasax File infector 04/14/04 Bloodhound.Exploit.9 File infector 04/21/04 Dialer.PornPaq.C File infector 04/14/04 Downloader.Dluca.E File infector 04/17/04 Hacktool.LsassSba File infector 04/27/04 Hacktool.Servu.Exploit File infector 04/20/04 Hacktool.THCIISLame File infector 04/26/04 Joke.Playball File infector 04/27/04 PWSteal.Tarno.G File infector 04/26/04 Spyware.Ardakey File infector 05/02/04 Spyware.BEverywhere File infector 04/25/04 Spyware.DesktopSpy File infector 05/02/04 Spyware.HomeKeyLogger File infector 05/02/04 Spyware.InternetSpy File infector 05/02/04 Spyware.Marketscore File infector 04/21/04 Trojan.Adwaheck File infector 05/02/04 Trojan.Mercurycas.A File infector 04/22/04 Trojan.Mitglieder.I File infector 04/13/04 Trojan.Mitglieder.J File infector 04/25/04 Trojan.Smey File infector 04/27/04 VBS.Bomgen File infector 04/20/04 VBS.Fanster File infector 04/14/04 VBS.Inor File infector 04/15/04 W32.Annil.C@mm File infector 04/22/04 W32.Arcam File infector 05/04/04 W32.Beagle.W@mm File infector 04/26/04 W32.Beagle.X@mm File infector 04/28/04 W32.Blaster.T.Worm File infector 04/21/04 W32.Bugbear.E@mm File infector 04/23/04 W32.Erkez.A@mm File infector 04/19/04 W32.Gaobot!inf File infector 04/29/04 W32.Gaobot.AAM File infector 04/13/04 W32.Gaobot.AAY File infector 04/15/04 W32.Gaobot.ADN File infector 04/21/04 W32.Gaobot.ADV File infector 04/22/04 W32.Gaobot.ADW File infector 04/23/04 W32.Gaobot.ADX File infector 04/24/04 W32.Gaobot.AFC File infector 04/29/04 W32.Gaobot.AFJ File infector 04/27/04 W32.Gaobot.AFW File infector 04/29/04 W32.Gaobot.ZW File infector 04/13/04 W32.Gaobot.ZX File infector 04/13/04 W32.Gaobot.ZY File infector 04/13/04 W32.HLLP.Shodi.B File infector 04/20/04 W32.HLLW.Donk.O File infector 04/18/04 W32.Maddis.B File infector 04/13/04 W32.Misodene@mm File infector 04/29/04 W32.Mydoom.I@mm File infector 04/15/04 W32.Mydoom.J@mm File infector 04/20/04 W32.Netad.Trojan File infector 05/04/04 W32.Netsky.AA@mm File infector 04/27/04 W32.Netsky.AB@mm File infector 04/28/04 W32.Netsky.AC@mm File infector 05/03/04 W32.Netsky.P@mm!enc File infector 05/05/04 W32.Netsky.W@mm File infector 04/16/04 W32.Netsky.X@mm File infector 04/20/04 W32.Netsky.Y@mm File infector 04/20/04 W32.Netsky.Z@mm File infector 04/21/04 W32.Opasa@mm File infector 04/20/04 W32.Randex.AAS File infector 04/22/04 W32.Randex.YR File infector 04/19/04 W32.Sasser.B.Worm File infector 05/01/04 W32.Sasser.C.Worm File infector 05/02/04 W32.Sasser.D File infector 05/03/04 W32.Sasser.Worm File infector 04/30/04 W32.Sasser.gen File infector 05/04/04 W32.Shodi.C File infector 04/25/04 W32.Slime File infector 04/23/04 W32.Spider.A@mm File infector 04/19/04 W32.Supova.Z@mm File infector 05/02/04 W32.Traxg@mm File infector 04/26/04 W97M.Evo File infector 04/19/04 W97M.Smey File infector 04/27/04 Worm.Automat.AHL File infector 04/19/04 X97M.Evo File infector 04/30/04 Yoyo.1271 File infector 04/15/04 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- W32.Netsky.P@mm!enc File infector 05/05/04 Backdoor.Anyserv.B File infector 05/04/04 Backdoor.Carool File infector 05/04/04 W32.Arcam File infector 05/04/04 W32.Netad.Trojan File infector 05/04/04 W32.Sasser.gen File infector 05/04/04 W32.Netsky.AC@mm File infector 05/03/04 W32.Sasser.D File infector 05/03/04 Spyware.Ardakey File infector 05/02/04 Spyware.DesktopSpy File infector 05/02/04 Spyware.HomeKeyLogger File infector 05/02/04 Spyware.InternetSpy File infector 05/02/04 Trojan.Adwaheck File infector 05/02/04 W32.Sasser.C.Worm File infector 05/02/04 W32.Supova.Z@mm File infector 05/02/04 W32.Sasser.B.Worm File infector 05/01/04 W32.Sasser.Worm File infector 04/30/04 X97M.Evo File infector 04/30/04 Backdoor.Sdbot.Z File infector 04/29/04 W32.Gaobot!inf File infector 04/29/04 W32.Gaobot.AFC File infector 04/29/04 W32.Gaobot.AFW File infector 04/29/04 W32.Misodene@mm File infector 04/29/04 W32.Beagle.X@mm File infector 04/28/04 W32.Netsky.AB@mm File infector 04/28/04 Adware.StartPage File infector 04/27/04 Backdoor.Hacarmy.B File infector 04/27/04 Backdoor.Mipsiv File infector 04/27/04 Hacktool.LsassSba File infector 04/27/04 Joke.Playball File infector 04/27/04 Trojan.Smey File infector 04/27/04 W32.Gaobot.AFJ File infector 04/27/04 W32.Netsky.AA@mm File infector 04/27/04 W97M.Smey File infector 04/27/04 Hacktool.THCIISLame File infector 04/26/04 PWSteal.Tarno.G File infector 04/26/04 W32.Beagle.W@mm File infector 04/26/04 W32.Traxg@mm File infector 04/26/04 Backdoor.Evivinc File infector 04/25/04 Spyware.BEverywhere File infector 04/25/04 Trojan.Mitglieder.J File infector 04/25/04 W32.Shodi.C File infector 04/25/04 W32.Gaobot.ADX File infector 04/24/04 Backdoor.IRC.Aladinz.Q File infector 04/23/04 Backdoor.Sdbot.U File infector 04/23/04 W32.Bugbear.E@mm File infector 04/23/04 W32.Gaobot.ADW File infector 04/23/04 W32.Slime File infector 04/23/04 Adware.WorldSearch File infector 04/22/04 BAT.Bomgen.B@mm File infector 04/22/04 Trojan.Mercurycas.A File infector 04/22/04 W32.Annil.C@mm File infector 04/22/04 W32.Gaobot.ADV File infector 04/22/04 W32.Randex.AAS File infector 04/22/04 Backdoor.Padodor File infector 04/21/04 Bloodhound.Exploit.9 File infector 04/21/04 Spyware.Marketscore File infector 04/21/04 W32.Blaster.T.Worm File infector 04/21/04 W32.Gaobot.ADN File infector 04/21/04 W32.Netsky.Z@mm File infector 04/21/04 BAT.Bomgen File infector 04/20/04 Hacktool.Servu.Exploit File infector 04/20/04 VBS.Bomgen File infector 04/20/04 W32.HLLP.Shodi.B File infector 04/20/04 W32.Mydoom.J@mm File infector 04/20/04 W32.Netsky.X@mm File infector 04/20/04 W32.Netsky.Y@mm File infector 04/20/04 W32.Opasa@mm File infector 04/20/04 Backdoor.Carufax.A File infector 04/19/04 W32.Erkez.A@mm File infector 04/19/04 W32.Randex.YR File infector 04/19/04 W32.Spider.A@mm File infector 04/19/04 W97M.Evo File infector 04/19/04 Worm.Automat.AHL File infector 04/19/04 W32.HLLW.Donk.O File infector 04/18/04 Adware.Searchdot File infector 04/17/04 Downloader.Dluca.E File infector 04/17/04 BAT.Dohman File infector 04/16/04 W32.Netsky.W@mm File infector 04/16/04 Backdoor.IRC.Zcrew.C File infector 04/15/04 Backdoor.Skobie.A File infector 04/15/04 Backdoor.Skobie.B File infector 04/15/04 VBS.Inor File infector 04/15/04 W32.Gaobot.AAY File infector 04/15/04 W32.Mydoom.I@mm File infector 04/15/04 Yoyo.1271 File infector 04/15/04 Backdoor.Berbew.C File infector 04/14/04 Backdoor.Wasax File infector 04/14/04 Dialer.PornPaq.C File infector 04/14/04 VBS.Fanster File infector 04/14/04 PWSteal.Tarno.E File infector 04/13/04 Adware.Look2Me File infector 04/13/04 Backdoor.Graybird.I File infector 04/13/04 Backdoor.NetCrack.B File infector 04/13/04 Trojan.Mitglieder.I File infector 04/13/04 W32.Gaobot.AAM File infector 04/13/04 W32.Gaobot.ZW File infector 04/13/04 W32.Gaobot.ZX File infector 04/13/04 W32.Gaobot.ZY File infector 04/13/04 W32.Maddis.B File infector 04/13/04 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Adware.Look2Me to Backdoor.Firefly 04/16/04 Backdoor.Padodor to Backdoor.Berbew.D 04/21/04 Backdoor.Padok to Backdoor.Berbew.B 04/10/04 Backdoor.Sdbot.U to Backdoor.Sdbot.Y 04/23/04 Backdoor.Skobie.A to Backdoor.Sdbot.T 04/16/04 Backdoor.Skobie.A to Spyware.FamilyKeylog 05/02/04 Backdoor.Skobie.B to W32.Randex.XU 04/16/04 Backdoor.Wasax to Backdoor.Anyserv.B 04/14/04 Downloader.Qbot to Trojan.Etsur 03/12/04 HTML.Bother.3180 to VBS.Bother.3180 02/13/04 HTML.Bother.3180.dr to VBS.Bother.3180.dr 02/13/04 HTML.Davinia.B.dam to VBS.Davinia.B.dam 02/13/04 HTML.Davinia.dam to VBS.Davinia.dam 02/13/04 HTML.Enel.3787 to VBS.Enel.3787 02/13/04 HTML.Enel.3787 (2) to VBS.Enel.3787 (2) 02/13/04 HTML.NoWarn.1921 to VBS.NoWarn.1921 02/13/04 HTML.NoWarn.1921 (2) to VBS.NoWarn.1921 (2) 02/13/04 HTML.Offline.1152 to VBS.Offline.1152 02/13/04 HTML.Panamas to VBS.Panamas 02/13/04 HTML.Prepend to VBS.Prepend 02/13/04 HTML.Prepender to VBS.Prepender 02/13/04 HTML.Pswform.trojan to VBS.Pswform.trojan 02/13/04 HTML.Reality to VBS.Reality 02/13/04 HTML.Reality.B to VBS.Reality.B 02/13/04 HTML.Reality.D to VBS.Reality.D 02/13/04 HTML.Redir.1152 to VBS.Redir.1152 02/13/04 HTML.Redlof.A to VBS.Redlof.A 02/13/04 HTML.Rumbile to VBS.Rumbile 02/13/04 HTML.StartMe to JS.StartMe 02/13/04 HTML.Tipsy.1969 to JS.Tipsy.1969 02/13/04 PWSteal.Tarno.E to PWSteal.Tarno.F 04/14/04 Trojan.Simcss.B to Adware.Slagent 04/26/04 VBS.Tunk.A to W32.Tunk.A (vbs) 04/09/04 W32.Alua@mm to W32.Beagle.B@mm 02/17/04 W32.Beagle.F@mm tr to W32.Beagle.F@mm(zip) 03/03/04 W32.Beagle.F@mm(zip) to W32.Beagle@mm!zip 03/03/04 W32.Beagle.W@mm to Trojan.Mitglieder.F 04/05/04 W32.Bugbear.E@mm to W32.Bugbear.C@mm 04/06/04 W32.Dumaru.AI@mm to Backdoor.Nibu.D 04/06/04 W32.Gaobot.AAM to W32.Netsky.V@mm 04/14/04 W32.Gaobot.gen!poly to W32.HLLW.Polybot 03/25/04 W32.HLLW.Gearbug@mm to W32.Bugbros.B@mm 04/26/04 W32.HLLW.Polybot to W32.Gaobot.gen!poly 03/23/04 W32.HLLW.Polybot.B to W32.Gaobot.SA 03/23/04 W32.Lovgate.N@mm to W32.HLLW.Lovgate.N@mm 03/18/04 W32.Mintop@mm to W32.Bigfairy.C@mm 04/19/04 W32.Netsky.Q@mm to W32.Netsky.P@mm 03/22/04 W32.Randex.QG to W32.Gaobot.VV 04/02/04 W32.Randex.XU to Trojan.Niska 04/18/04 W32.Rusty@mm to W32.Rusty@m 02/16/04 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.Skobie.A to Spyware.FamilyKeylog 05/02/04 Trojan.Simcss.B to Adware.Slagent 04/26/04 W32.HLLW.Gearbug@mm to W32.Bugbros.B@mm 04/26/04 Backdoor.Sdbot.U to Backdoor.Sdbot.Y 04/23/04 Backdoor.Padodor to Backdoor.Berbew.D 04/21/04 W32.Mintop@mm to W32.Bigfairy.C@mm 04/19/04 W32.Randex.XU to Trojan.Niska 04/18/04 Adware.Look2Me to Backdoor.Firefly 04/16/04 Backdoor.Skobie.A to Backdoor.Sdbot.T 04/16/04 Backdoor.Skobie.B to W32.Randex.XU 04/16/04 Backdoor.Wasax to Backdoor.Anyserv.B 04/14/04 PWSteal.Tarno.E to PWSteal.Tarno.F 04/14/04 W32.Gaobot.AAM to W32.Netsky.V@mm 04/14/04 Backdoor.Padok to Backdoor.Berbew.B 04/10/04 VBS.Tunk.A to W32.Tunk.A (vbs) 04/09/04 W32.Bugbear.E@mm to W32.Bugbear.C@mm 04/06/04 W32.Dumaru.AI@mm to Backdoor.Nibu.D 04/06/04 W32.Beagle.W@mm to Trojan.Mitglieder.F 04/05/04 W32.Randex.QG to W32.Gaobot.VV 04/02/04 W32.Gaobot.gen!poly to W32.HLLW.Polybot 03/25/04 W32.HLLW.Polybot to W32.Gaobot.gen!poly 03/23/04 W32.HLLW.Polybot.B to W32.Gaobot.SA 03/23/04 W32.Netsky.Q@mm to W32.Netsky.P@mm 03/22/04 W32.Lovgate.N@mm to W32.HLLW.Lovgate.N@mm 03/18/04 Downloader.Qbot to Trojan.Etsur 03/12/04 W32.Beagle.F@mm tr to W32.Beagle.F@mm(zip) 03/03/04 W32.Beagle.F@mm(zip) to W32.Beagle@mm!zip 03/03/04 W32.Alua@mm to W32.Beagle.B@mm 02/17/04 W32.Rusty@mm to W32.Rusty@m 02/16/04 HTML.Bother.3180 to VBS.Bother.3180 02/13/04 HTML.Bother.3180.dr to VBS.Bother.3180.dr 02/13/04 HTML.Davinia.B.dam to VBS.Davinia.B.dam 02/13/04 HTML.Davinia.dam to VBS.Davinia.dam 02/13/04 HTML.Enel.3787 to VBS.Enel.3787 02/13/04 HTML.Enel.3787 (2) to VBS.Enel.3787 (2) 02/13/04 HTML.NoWarn.1921 to VBS.NoWarn.1921 02/13/04 HTML.NoWarn.1921 (2) to VBS.NoWarn.1921 (2) 02/13/04 HTML.Offline.1152 to VBS.Offline.1152 02/13/04 HTML.Panamas to VBS.Panamas 02/13/04 HTML.Prepend to VBS.Prepend 02/13/04 HTML.Prepender to VBS.Prepender 02/13/04 HTML.Pswform.trojan to VBS.Pswform.trojan 02/13/04 HTML.Reality to VBS.Reality 02/13/04 HTML.Reality.B to VBS.Reality.B 02/13/04 HTML.Reality.D to VBS.Reality.D 02/13/04 HTML.Redir.1152 to VBS.Redir.1152 02/13/04 HTML.Redlof.A to VBS.Redlof.A 02/13/04 HTML.Rumbile to VBS.Rumbile 02/13/04 HTML.StartMe to JS.StartMe 02/13/04 HTML.Tipsy.1969 to JS.Tipsy.1969 02/13/04 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Adware.BlazeFind File infector 03/25/04 Adware.Chinet File infector 04/17/04 Adware.ClickAlchemy File infector 03/25/04 Adware.Look2Me File infector 04/15/04 Adware.Topotun File infector 03/25/04 Backdoor.Anyserv.B File infector 04/21/04 Backdoor.Cazno File infector 03/25/04 Backdoor.Cazno.Kit File infector 03/25/04 Backdoor.Danton File infector 03/25/04 Backdoor.IRC.Aladinz.N File infector 03/25/04 Backdoor.IRC.MyPoo File infector 03/25/04 Backdoor.IRC.MyPoo.Kit File infector 03/25/04 Backdoor.IRC.Spybuzz File infector 03/25/04 Backdoor.R3C.B File infector 03/25/04 Trojan.FlagTest File infector 03/27/04 VBS.Fanster File infector 04/14/04 W32.Gaobot!inf File infector 05/03/04 W32.Gaobot.SN File infector 03/26/04 Worm.Automat.AHK File infector 04/09/04 Worm.Automat.AHL File infector 04/19/04 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ W32.Gaobot!inf File infector 05/03/04 Backdoor.Anyserv.B File infector 04/21/04 Worm.Automat.AHL File infector 04/19/04 Adware.Chinet File infector 04/17/04 Adware.Look2Me File infector 04/15/04 VBS.Fanster File infector 04/14/04 Worm.Automat.AHK File infector 04/09/04 Trojan.FlagTest File infector 03/27/04 W32.Gaobot.SN File infector 03/26/04 Adware.BlazeFind File infector 03/25/04 Adware.ClickAlchemy File infector 03/25/04 Adware.Topotun File infector 03/25/04 Backdoor.Cazno File infector 03/25/04 Backdoor.Cazno.Kit File infector 03/25/04 Backdoor.Danton File infector 03/25/04 Backdoor.IRC.Aladinz.N File infector 03/25/04 Backdoor.IRC.MyPoo File infector 03/25/04 Backdoor.IRC.MyPoo.Kit File infector 03/25/04 Backdoor.IRC.Spybuzz File infector 03/25/04 Backdoor.R3C.B File infector 03/25/04 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.