********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response October 07, 2004 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for July 2004, worldwide: 1 W32.Netsky.P@mm 2 W32.Netsky.P@mm!enc 3 Trojan Horse 4 W32.Beagle.X@mm 5 W32.HLLW.Gaobot.gen 6 W32.Erkez.B@mm 7 W32.Netsky.Z@mm 8 W32.Netsky.C@mm 9 W32.Netsky.D@mm 10 W32.Mydoom.A@mm.enc ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Adware.Aureate File infector 09/22/04 Adware.Begin2search File infector 10/05/04 Adware.BroadcastPC.B File infector 09/29/04 Adware.Flashtrack.B File infector 10/01/04 Adware.Huntbar.B File infector 10/07/04 Adware.JustFindIt File infector 09/23/04 Adware.Mirar File infector 09/18/04 Adware.SmartPops.B File infector 10/07/04 Adware.SuperSpider File infector 09/23/04 Adware.ZeroPopUp File infector 09/18/04 Backdoor.Nemog.D File infector 09/16/04 Backdoor.Roxe File infector 09/28/04 Backdoor.Rtkit.B File infector 10/01/04 Backdoor.Sdbot.AC File infector 10/01/04 Backdoor.Sokeven File infector 09/22/04 Bloodhound.Exploit.13 File infector 09/14/04 Bloodhound.Exploit.14 File infector 09/22/04 Bloodhound.Packed File infector 09/16/04 Bloodhound.Packed.1 File infector 09/16/04 Bloodhound.Packed.2 File infector 09/16/04 Bloodhound.Packed.3 File infector 09/16/04 Dialer.Sexplorer File infector 09/27/04 Dialer.Xdiver File infector 09/27/04 Downloader.Lunii File infector 10/04/04 Hacktool.IPCscan File infector 09/14/04 Hacktool.JPEGDownload File infector 09/24/04 Hacktool.JPEGShell File infector 09/26/04 Hacktool.JohntheRipper File infector 09/23/04 Heur1.SanPedro.AVQA File infector 09/16/04 Heur2.SanPedro.AVQA File infector 09/16/04 Heur3.SanPedro.AVQA File infector 09/16/04 Jeru.Plastique.2576 File infector 09/15/04 PWSteal.Bancos.M File infector 09/28/04 PWSteal.IBank File infector 09/17/04 PWSteal.Ldpinch.C File infector 10/04/04 PWSteal.Revcuss.A File infector 09/23/04 PWSteal.Revcuss.C File infector 09/23/04 PWSteal.Safewin File infector 09/29/04 PWSteal.Tarno.J File infector 09/29/04 Packed.Adware File infector 09/16/04 Packed.Dialer File infector 09/16/04 Packed.Hacktool File infector 09/16/04 Packed.Joke File infector 09/16/04 Packed.RemoteAccess File infector 09/16/04 Packed.SecurityRiskOff File infector 09/16/04 Packed.SecurityRiskOn File infector 09/16/04 Packed.Spyware File infector 09/16/04 Packed.Trackware File infector 09/16/04 Remacc.SpyAnywhere File infector 09/18/04 Spyware.ABCKeylogger File infector 09/27/04 Spyware.CWSAddClass File infector 09/24/04 Spyware.CometCursor File infector 09/17/04 Spyware.DsktopSurveil File infector 09/22/04 Spyware.KBGuardian File infector 09/20/04 Spyware.SpyAgent.B File infector 09/22/04 Spyware.SystemSpy File infector 09/16/04 Spyware.TinySpyAgent File infector 09/21/04 Trojan.AdRmove File infector 10/07/04 Trojan.Anits File infector 09/16/04 Trojan.Comxt File infector 10/07/04 Trojan.Darce File infector 09/28/04 Trojan.Download.Moo File infector 09/28/04 Trojan.Ducky File infector 09/29/04 Trojan.Ducky.B File infector 09/29/04 Trojan.Upchan File infector 09/22/04 Trojan.Webus.B File infector 10/06/04 VBS.Themis File infector 09/22/04 W32.Bagz.B@mm File infector 10/05/04 W32.Bagz@mm File infector 10/04/04 W32.Beagle.AR@mm File infector 09/28/04 W32.Brof File infector 09/30/04 W32.Cooperat@mm File infector 09/29/04 W32.Donk.S File infector 09/21/04 W32.Fili@mm File infector 10/06/04 W32.Gaobot.BJV File infector 09/20/04 W32.Gilp@mm File infector 10/06/04 W32.Hamet File infector 10/06/04 W32.Killis File infector 09/29/04 W32.Korgo.AB File infector 09/23/04 W32.Mexer.E@mm File infector 09/15/04 W32.Munstre File infector 09/16/04 W32.Mydoom.AB@mm File infector 09/16/04 W32.Mydoom.AC@mm File infector 09/28/04 W32.Mydoom.AD@mm File infector 10/04/04 W32.Mydoom.Y@mm File infector 09/16/04 W32.Niya File infector 09/22/04 W32.Noomy.A@mm File infector 09/27/04 W32.Nuss File infector 09/28/04 W32.Randex.BLD File infector 09/27/04 W32.Randin File infector 09/20/04 W32.Sndog@mm File infector 09/20/04 W32.Snone.A File infector 09/20/04 W32.Spybot.EAS File infector 09/30/04 W32.Squirrel File infector 10/06/04 W97M.Bablas.BX File infector 09/28/04 W97M.Class!int File infector 09/21/04 W97M.Kamal File infector 10/07/04 W97M.Prece.A File infector 10/05/04 W97M.Shore.K File infector 09/26/04 Worm.Automat.AHR File infector 09/16/04 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Adware.Huntbar.B File infector 10/07/04 Adware.SmartPops.B File infector 10/07/04 Trojan.AdRmove File infector 10/07/04 Trojan.Comxt File infector 10/07/04 W97M.Kamal File infector 10/07/04 Trojan.Webus.B File infector 10/06/04 W32.Fili@mm File infector 10/06/04 W32.Gilp@mm File infector 10/06/04 W32.Hamet File infector 10/06/04 W32.Squirrel File infector 10/06/04 Adware.Begin2search File infector 10/05/04 W32.Bagz.B@mm File infector 10/05/04 W97M.Prece.A File infector 10/05/04 Downloader.Lunii File infector 10/04/04 PWSteal.Ldpinch.C File infector 10/04/04 W32.Bagz@mm File infector 10/04/04 W32.Mydoom.AD@mm File infector 10/04/04 Adware.Flashtrack.B File infector 10/01/04 Backdoor.Rtkit.B File infector 10/01/04 Backdoor.Sdbot.AC File infector 10/01/04 W32.Brof File infector 09/30/04 W32.Spybot.EAS File infector 09/30/04 Adware.BroadcastPC.B File infector 09/29/04 PWSteal.Safewin File infector 09/29/04 PWSteal.Tarno.J File infector 09/29/04 Trojan.Ducky File infector 09/29/04 Trojan.Ducky.B File infector 09/29/04 W32.Cooperat@mm File infector 09/29/04 W32.Killis File infector 09/29/04 Backdoor.Roxe File infector 09/28/04 PWSteal.Bancos.M File infector 09/28/04 Trojan.Darce File infector 09/28/04 Trojan.Download.Moo File infector 09/28/04 W32.Beagle.AR@mm File infector 09/28/04 W32.Mydoom.AC@mm File infector 09/28/04 W32.Nuss File infector 09/28/04 W97M.Bablas.BX File infector 09/28/04 Dialer.Sexplorer File infector 09/27/04 Dialer.Xdiver File infector 09/27/04 Spyware.ABCKeylogger File infector 09/27/04 W32.Noomy.A@mm File infector 09/27/04 W32.Randex.BLD File infector 09/27/04 Hacktool.JPEGShell File infector 09/26/04 W97M.Shore.K File infector 09/26/04 Hacktool.JPEGDownload File infector 09/24/04 Spyware.CWSAddClass File infector 09/24/04 Adware.JustFindIt File infector 09/23/04 Adware.SuperSpider File infector 09/23/04 Hacktool.JohntheRipper File infector 09/23/04 PWSteal.Revcuss.A File infector 09/23/04 PWSteal.Revcuss.C File infector 09/23/04 W32.Korgo.AB File infector 09/23/04 Adware.Aureate File infector 09/22/04 Backdoor.Sokeven File infector 09/22/04 Bloodhound.Exploit.14 File infector 09/22/04 Spyware.DsktopSurveil File infector 09/22/04 Spyware.SpyAgent.B File infector 09/22/04 Trojan.Upchan File infector 09/22/04 VBS.Themis File infector 09/22/04 W32.Niya File infector 09/22/04 Spyware.TinySpyAgent File infector 09/21/04 W32.Donk.S File infector 09/21/04 W97M.Class!int File infector 09/21/04 Spyware.KBGuardian File infector 09/20/04 W32.Gaobot.BJV File infector 09/20/04 W32.Randin File infector 09/20/04 W32.Sndog@mm File infector 09/20/04 W32.Snone.A File infector 09/20/04 Adware.Mirar File infector 09/18/04 Adware.ZeroPopUp File infector 09/18/04 Remacc.SpyAnywhere File infector 09/18/04 PWSteal.IBank File infector 09/17/04 Spyware.CometCursor File infector 09/17/04 Backdoor.Nemog.D File infector 09/16/04 Bloodhound.Packed File infector 09/16/04 Bloodhound.Packed.1 File infector 09/16/04 Bloodhound.Packed.2 File infector 09/16/04 Bloodhound.Packed.3 File infector 09/16/04 Heur1.SanPedro.AVQA File infector 09/16/04 Heur2.SanPedro.AVQA File infector 09/16/04 Heur3.SanPedro.AVQA File infector 09/16/04 Packed.Adware File infector 09/16/04 Packed.Dialer File infector 09/16/04 Packed.Hacktool File infector 09/16/04 Packed.Joke File infector 09/16/04 Packed.RemoteAccess File infector 09/16/04 Packed.SecurityRiskOff File infector 09/16/04 Packed.SecurityRiskOn File infector 09/16/04 Packed.Spyware File infector 09/16/04 Packed.Trackware File infector 09/16/04 Spyware.SystemSpy File infector 09/16/04 Trojan.Anits File infector 09/16/04 W32.Munstre File infector 09/16/04 W32.Mydoom.AB@mm File infector 09/16/04 W32.Mydoom.Y@mm File infector 09/16/04 Worm.Automat.AHR File infector 09/16/04 Jeru.Plastique.2576 File infector 09/15/04 W32.Mexer.E@mm File infector 09/15/04 Bloodhound.Exploit.13 File infector 09/14/04 Hacktool.IPCscan File infector 09/14/04 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ PWSteal.Tarno.E to PWSteal.Tarno.E 07/06/04 Adware Dropper to Adware.ClickDLoader 08/04/04 Adware.NetOptimize.B to Adware.NetOptimizer.B 08/19/04 Backdoor.Padodor to Backdoor.Berbew.D 04/21/04 Backdoor.Sdbot.U to Backdoor.Sdbot.Y 04/23/04 Backdoor.Skobie.A to Spyware.FamilyKeylog 05/02/04 Bin.Auto.CEV to Hypervisor.3141 09/06/04 EPOC.Cabir to SymbOS.Cabir 06/21/04 JS.Offiz to Trojan.Offiz 06/21/04 O97M.Tristate.Variant to O97M.Tristate.B 06/04/04 PWSteal.IBank to PWSteal.Revcuss.B 09/23/04 PWSteal.Safewin to PWSteal.Focosenha 09/30/04 PWSteal.Skobie to Spyware.SpyAgent 05/12/04 PWSteal.Skobie.B to Backdoor.Haxdoor.B 05/20/04 PWSteal.Skobie.C to W32.Gaobot.ALV 05/25/04 Trojan.Ascetic.A to W32.Erkez.B@mm (2) 06/14/04 Trojan.Download.Moo to Trojan.Moo 09/28/04 Trojan.Mits to W32.Mits.A@mm 07/25/04 Trojan.Simcss.B to Adware.Slagent 04/26/04 Trojan.Wingle to Trojan.Mitglieder.M 07/23/04 W32.Ainesey.A@mm (vbs) to W32.Ainesey.A@mm!vbs 06/30/04 W32.Badcon.A to Backdoor.Sdbot.AA 09/13/04 W32.Badcon.B to Backdoor.Sdbot.AB 09/15/04 W32.Beagle.AF@mm to W32.Mydoom.L@m 07/19/04 W32.Bobax.A to W32.Bobax.B 05/19/04 W32.Dumaru.AJ@mm to Backdoor.Nibu.F 05/18/04 W32.HLLW.Antinny.L to Trojan.Upbit 05/23/04 W32.HLLW.Gearbug@mm to W32.Bugbros.B@mm 04/26/04 W32.HLLW.Zusha to W32.Zusha 09/14/04 W32.Korgo.H to W32.Korgo.I 06/29/04 W32.Korgo.I to W32.Korgo.N 06/29/04 W32.Korgo.M to W32.Korgo.S 06/28/04 W32.Korgo.N to W32.Korgo.T 06/28/04 W32.Korgo.O to W32.Korgo.U 06/28/04 W32.Korgo.Q to W32.Korgo.V 06/28/04 W32.LovGate.Z@mm to W32.Lovgate.Z@mm 07/06/04 W32.Mintop@mm to W32.Bigfairy.C@mm 04/19/04 W32.Mota.A to W32.Mota.A@mm 07/06/04 W32.Mydoom.L@m to W32.Mydoom.L@mm 07/19/04 W32.Netsup@mm to W32.Netsup.A@mm 05/31/04 W32.Poco to W32.Korgo.Y 07/13/04 W32.Sober.H@mm to Trojan.Ascetic.A 06/12/04 W32.Subit.3331 to W32.Subit 09/24/04 W32.Sykel to W32.Multex.B 09/14/04 W32.Zusha to W32.Aizu 09/14/04 W97.Saver.H to W97M.Saver.H 05/07/04 W97M.Anumps.A (dr) to IRC.Anumps.A 07/06/04 WM.Not_a_virus to WM.Schupfl 06/21/04 Worm.Automat.AHP to W32.Gorm@mm 07/07/04 X97M.Ainesey.C to O97M.Ainesey.C 08/24/04 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ PWSteal.Safewin to PWSteal.Focosenha 09/30/04 Trojan.Download.Moo to Trojan.Moo 09/28/04 W32.Subit.3331 to W32.Subit 09/24/04 PWSteal.IBank to PWSteal.Revcuss.B 09/23/04 W32.Badcon.B to Backdoor.Sdbot.AB 09/15/04 W32.HLLW.Zusha to W32.Zusha 09/14/04 W32.Sykel to W32.Multex.B 09/14/04 W32.Zusha to W32.Aizu 09/14/04 W32.Badcon.A to Backdoor.Sdbot.AA 09/13/04 Bin.Auto.CEV to Hypervisor.3141 09/06/04 X97M.Ainesey.C to O97M.Ainesey.C 08/24/04 Adware.NetOptimize.B to Adware.NetOptimizer.B 08/19/04 Adware Dropper to Adware.ClickDLoader 08/04/04 Trojan.Mits to W32.Mits.A@mm 07/25/04 Trojan.Wingle to Trojan.Mitglieder.M 07/23/04 W32.Beagle.AF@mm to W32.Mydoom.L@m 07/19/04 W32.Mydoom.L@m to W32.Mydoom.L@mm 07/19/04 W32.Poco to W32.Korgo.Y 07/13/04 Worm.Automat.AHP to W32.Gorm@mm 07/07/04 PWSteal.Tarno.E to PWSteal.Tarno.E 07/06/04 W32.LovGate.Z@mm to W32.Lovgate.Z@mm 07/06/04 W32.Mota.A to W32.Mota.A@mm 07/06/04 W97M.Anumps.A (dr) to IRC.Anumps.A 07/06/04 W32.Ainesey.A@mm (vbs) to W32.Ainesey.A@mm!vbs 06/30/04 W32.Korgo.H to W32.Korgo.I 06/29/04 W32.Korgo.I to W32.Korgo.N 06/29/04 W32.Korgo.M to W32.Korgo.S 06/28/04 W32.Korgo.N to W32.Korgo.T 06/28/04 W32.Korgo.O to W32.Korgo.U 06/28/04 W32.Korgo.Q to W32.Korgo.V 06/28/04 EPOC.Cabir to SymbOS.Cabir 06/21/04 JS.Offiz to Trojan.Offiz 06/21/04 WM.Not_a_virus to WM.Schupfl 06/21/04 Trojan.Ascetic.A to W32.Erkez.B@mm (2) 06/14/04 W32.Sober.H@mm to Trojan.Ascetic.A 06/12/04 O97M.Tristate.Variant to O97M.Tristate.B 06/04/04 W32.Netsup@mm to W32.Netsup.A@mm 05/31/04 PWSteal.Skobie.C to W32.Gaobot.ALV 05/25/04 W32.HLLW.Antinny.L to Trojan.Upbit 05/23/04 PWSteal.Skobie.B to Backdoor.Haxdoor.B 05/20/04 W32.Bobax.A to W32.Bobax.B 05/19/04 W32.Dumaru.AJ@mm to Backdoor.Nibu.F 05/18/04 PWSteal.Skobie to Spyware.SpyAgent 05/12/04 W97.Saver.H to W97M.Saver.H 05/07/04 Backdoor.Skobie.A to Spyware.FamilyKeylog 05/02/04 Trojan.Simcss.B to Adware.Slagent 04/26/04 W32.HLLW.Gearbug@mm to W32.Bugbros.B@mm 04/26/04 Backdoor.Sdbot.U to Backdoor.Sdbot.Y 04/23/04 Backdoor.Padodor to Backdoor.Berbew.D 04/21/04 W32.Mintop@mm to W32.Bigfairy.C@mm 04/19/04 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Adware.MyWebSearch File infector 09/22/04 Bloodhound.Exploit.13 File infector 09/14/04 Bloodhound.Packed File infector 09/16/04 Bloodhound.Packed.1 File infector 09/16/04 Bloodhound.Packed.2 File infector 09/16/04 Bloodhound.Packed.3 File infector 09/16/04 Heur1.SanPedro.AVQA File infector 09/16/04 Heur2.SanPedro.AVQA File infector 09/16/04 Heur3.SanPedro.AVQA File infector 09/16/04 Packed.Adware File infector 09/16/04 Packed.Dialer File infector 09/16/04 Packed.Hacktool File infector 09/16/04 Packed.Joke File infector 09/16/04 Packed.RemoteAccess File infector 09/16/04 Packed.SecurityRiskOff File infector 09/16/04 Packed.SecurityRiskOn File infector 09/16/04 Packed.Spyware File infector 09/16/04 Packed.Trackware File infector 09/16/04 Spyware.SideStep File infector 09/22/04 W32.Randex.BLD File infector 09/28/04 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ W32.Randex.BLD File infector 09/28/04 Adware.MyWebSearch File infector 09/22/04 Spyware.SideStep File infector 09/22/04 Bloodhound.Packed File infector 09/16/04 Bloodhound.Packed.1 File infector 09/16/04 Bloodhound.Packed.2 File infector 09/16/04 Bloodhound.Packed.3 File infector 09/16/04 Heur1.SanPedro.AVQA File infector 09/16/04 Heur2.SanPedro.AVQA File infector 09/16/04 Heur3.SanPedro.AVQA File infector 09/16/04 Packed.Adware File infector 09/16/04 Packed.Dialer File infector 09/16/04 Packed.Hacktool File infector 09/16/04 Packed.Joke File infector 09/16/04 Packed.RemoteAccess File infector 09/16/04 Packed.SecurityRiskOff File infector 09/16/04 Packed.SecurityRiskOn File infector 09/16/04 Packed.Spyware File infector 09/16/04 Packed.Trackware File infector 09/16/04 Bloodhound.Exploit.13 File infector 09/14/04 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.