********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response December 08, 2004 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for September 2004, worldwide: 1 Trojan Horse 2 Download.Trojan 3 W32.Netsky.P@mm 4 W32.HLLW.Gaobot.gen 5 W32.Spybot.Worm 6 W32.Mydoom.M@mm 7 W32.Beagle.X@mm 8 W32.Sasser.B.Worm 9 W32.Netsky.C@mm 10 W32.Netsky.D@mm ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Adware.CKWMin File infector 12/02/04 Adware.CWSAlfaSearch File infector 12/07/04 Adware.CWSMSConfd File infector 12/04/04 Adware.CWSMSConfd.B File infector 12/04/04 Adware.CashSaver File infector 12/06/04 Adware.Delta File infector 12/02/04 Adware.Drusearch File infector 12/07/04 Adware.EliteBar.B File infector 11/30/04 Adware.EliteBar.C File infector 12/01/04 Adware.Keenval.B File infector 12/02/04 Adware.Livechat File infector 12/04/04 Adware.Locator File infector 11/24/04 Adware.MediaTicket File infector 12/07/04 Adware.Medload File infector 12/07/04 Adware.Navihelper File infector 12/06/04 Adware.SQuery File infector 11/23/04 Adware.Sa File infector 12/02/04 Adware.SearchSeekFind File infector 11/25/04 Adware.Vtlbar File infector 12/06/04 Adware.WebBar File infector 12/01/04 Adware.WinLog File infector 12/03/04 Adware.WinTaskAd File infector 12/01/04 Backdoor.Berbew.L File infector 12/04/04 Backdoor.Berbew.M File infector 11/26/04 Backdoor.Manmatite File infector 12/08/04 Backdoor.NetJoe File infector 12/03/04 Backdoor.NetJoe!client File infector 12/03/04 Backdoor.Ranky.M File infector 11/27/04 Backdoor.Sdbot.AF File infector 12/04/04 Backdoor.Sdbot.AG File infector 12/04/04 Bloodhound.Packed File infector 12/02/04 Bloodhound.Packed.1 File infector 12/03/04 Bloodhound.Packed.2 File infector 12/03/04 Bloodhound.Packed.3 File infector 12/03/04 Dialer.Mostrar File infector 12/06/04 Dialer.NewDial.B File infector 11/27/04 Dialer.Postbas File infector 12/08/04 Dialer.Sa File infector 11/23/04 Dialer.Sexcyberkey File infector 12/04/04 Dialer.Sexprovider File infector 12/04/04 Dialer.Superzugang File infector 12/04/04 Hacktool.Rhtools File infector 12/03/04 Hacktool.SuperScan File infector 12/01/04 JS.Jabbit File infector 11/25/04 JS.Kidrash File infector 11/30/04 Joke.Bonus File infector 11/30/04 Joke.Remove File infector 12/08/04 Linux.Binom File infector 12/07/04 Ng.695 File infector 12/03/04 PWSteal.Tarno.K File infector 11/30/04 Packed.Adware File infector 12/02/04 Spyware.AceScreenSpy File infector 12/03/04 Spyware.Apropos.B File infector 12/03/04 Spyware.Bazookabar File infector 11/27/04 Spyware.CWSAddClass.B File infector 12/07/04 Spyware.InvisibleASpy File infector 12/01/04 Spyware.InvisibleKey.C File infector 12/04/04 Spyware.RealSpy File infector 11/30/04 Spyware.ScreenSpy.B File infector 12/02/04 Spyware.SpyBuddy.B File infector 11/24/04 Spyware.StealthKeySpy File infector 12/03/04 Spyware.SurfingSpy File infector 12/02/04 Spyware.TAFbar File infector 12/04/04 SymbOS.Skulls.B File infector 11/30/04 Trojan.Favadd File infector 11/24/04 Trojan.Frutca File infector 12/04/04 Trojan.MSS File infector 11/26/04 Trojan.MatrixScreen File infector 12/02/04 Trojan.Wlogo File infector 12/04/04 Unix.Rubyparadox File infector 12/02/04 Voyager.664 File infector 12/02/04 W32.Aidid File infector 12/01/04 W32.Atak.B@mm File infector 12/03/04 W32.Bandesh@mm File infector 12/07/04 W32.Beagle.AX@mm File infector 12/03/04 W32.Beagle@mm!enc File infector 12/03/04 W32.Bizac File infector 12/05/04 W32.Cran File infector 12/07/04 W32.Etu File infector 12/05/04 W32.Gaobot.BUU File infector 12/07/04 W32.Garroch@mm File infector 11/27/04 W32.Gavir File infector 12/01/04 W32.Inzae.A@mm File infector 12/02/04 W32.Labox File infector 12/07/04 W32.Maslan.A@mm File infector 12/06/04 W32.Mugly.A@mm File infector 12/02/04 W32.Mugly.B@mm File infector 11/30/04 W32.Mydoom.AL@mm File infector 12/06/04 W32.Myfip.K File infector 11/26/04 W32.Netsky.AG@mm File infector 12/02/04 W32.Netsky.Z@mm!enc File infector 12/03/04 W32.Nurby File infector 12/07/04 W32.Salga.A@mm File infector 11/27/04 W32.Setclo File infector 11/29/04 W32.Sunzi@mm File infector 12/01/04 W32.Varvar File infector 12/05/04 W32.Yanz.A@mm File infector 12/03/04 W97M.Cherrylove File infector 12/02/04 W97M.Cherrylove!int File infector 12/03/04 W97M.Remplace.int File infector 12/04/04 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Backdoor.Manmatite File infector 12/08/04 Dialer.Postbas File infector 12/08/04 Joke.Remove File infector 12/08/04 Adware.CWSAlfaSearch File infector 12/07/04 Adware.Drusearch File infector 12/07/04 Adware.MediaTicket File infector 12/07/04 Adware.Medload File infector 12/07/04 Linux.Binom File infector 12/07/04 Spyware.CWSAddClass.B File infector 12/07/04 W32.Bandesh@mm File infector 12/07/04 W32.Cran File infector 12/07/04 W32.Gaobot.BUU File infector 12/07/04 W32.Labox File infector 12/07/04 W32.Nurby File infector 12/07/04 Adware.CashSaver File infector 12/06/04 Adware.Navihelper File infector 12/06/04 Adware.Vtlbar File infector 12/06/04 Dialer.Mostrar File infector 12/06/04 W32.Maslan.A@mm File infector 12/06/04 W32.Mydoom.AL@mm File infector 12/06/04 W32.Bizac File infector 12/05/04 W32.Etu File infector 12/05/04 W32.Varvar File infector 12/05/04 Adware.CWSMSConfd File infector 12/04/04 Adware.CWSMSConfd.B File infector 12/04/04 Adware.Livechat File infector 12/04/04 Backdoor.Berbew.L File infector 12/04/04 Backdoor.Sdbot.AF File infector 12/04/04 Backdoor.Sdbot.AG File infector 12/04/04 Dialer.Sexcyberkey File infector 12/04/04 Dialer.Sexprovider File infector 12/04/04 Dialer.Superzugang File infector 12/04/04 Spyware.InvisibleKey.C File infector 12/04/04 Spyware.TAFbar File infector 12/04/04 Trojan.Frutca File infector 12/04/04 Trojan.Wlogo File infector 12/04/04 W97M.Remplace.int File infector 12/04/04 Adware.WinLog File infector 12/03/04 Backdoor.NetJoe File infector 12/03/04 Backdoor.NetJoe!client File infector 12/03/04 Bloodhound.Packed.1 File infector 12/03/04 Bloodhound.Packed.2 File infector 12/03/04 Bloodhound.Packed.3 File infector 12/03/04 Hacktool.Rhtools File infector 12/03/04 Ng.695 File infector 12/03/04 Spyware.AceScreenSpy File infector 12/03/04 Spyware.Apropos.B File infector 12/03/04 Spyware.StealthKeySpy File infector 12/03/04 W32.Atak.B@mm File infector 12/03/04 W32.Beagle.AX@mm File infector 12/03/04 W32.Beagle@mm!enc File infector 12/03/04 W32.Netsky.Z@mm!enc File infector 12/03/04 W32.Yanz.A@mm File infector 12/03/04 W97M.Cherrylove!int File infector 12/03/04 Adware.CKWMin File infector 12/02/04 Adware.Delta File infector 12/02/04 Adware.Keenval.B File infector 12/02/04 Adware.Sa File infector 12/02/04 Bloodhound.Packed File infector 12/02/04 Packed.Adware File infector 12/02/04 Spyware.ScreenSpy.B File infector 12/02/04 Spyware.SurfingSpy File infector 12/02/04 Trojan.MatrixScreen File infector 12/02/04 Unix.Rubyparadox File infector 12/02/04 Voyager.664 File infector 12/02/04 W32.Inzae.A@mm File infector 12/02/04 W32.Mugly.A@mm File infector 12/02/04 W32.Netsky.AG@mm File infector 12/02/04 W97M.Cherrylove File infector 12/02/04 Adware.EliteBar.C File infector 12/01/04 Adware.WebBar File infector 12/01/04 Adware.WinTaskAd File infector 12/01/04 Hacktool.SuperScan File infector 12/01/04 Spyware.InvisibleASpy File infector 12/01/04 W32.Aidid File infector 12/01/04 W32.Gavir File infector 12/01/04 W32.Sunzi@mm File infector 12/01/04 Adware.EliteBar.B File infector 11/30/04 JS.Kidrash File infector 11/30/04 Joke.Bonus File infector 11/30/04 PWSteal.Tarno.K File infector 11/30/04 Spyware.RealSpy File infector 11/30/04 SymbOS.Skulls.B File infector 11/30/04 W32.Mugly.B@mm File infector 11/30/04 W32.Setclo File infector 11/29/04 Backdoor.Ranky.M File infector 11/27/04 Dialer.NewDial.B File infector 11/27/04 Spyware.Bazookabar File infector 11/27/04 W32.Garroch@mm File infector 11/27/04 W32.Salga.A@mm File infector 11/27/04 Backdoor.Berbew.M File infector 11/26/04 Trojan.MSS File infector 11/26/04 W32.Myfip.K File infector 11/26/04 Adware.SearchSeekFind File infector 11/25/04 JS.Jabbit File infector 11/25/04 Adware.Locator File infector 11/24/04 Spyware.SpyBuddy.B File infector 11/24/04 Trojan.Favadd File infector 11/24/04 Adware.SQuery File infector 11/23/04 Dialer.Sa File infector 11/23/04 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Adware.EliteBar.C to W97M.Cherrylove!int 12/06/04 Adware.Slagent.B to Trojan.Simcss 12/02/04 Backdoor.Badcon to W32.Netsky.AE@mm!enc 10/26/04 Backdoor.Lasta to Trojan.Lasta 11/13/04 Dialer.Sa to Adware.Sa 11/29/04 Hacktool.Openerscript to MacOS.Renepo.B 10/22/04 JS.Trojan.WindowBomb.B to JS.WindowBomb.B 11/04/04 Js.Trojan.WindowBomb to JS.WindowBomb 11/04/04 MacOS.Renepo.A to SH.Renepo.A 10/25/04 MacOS.Renepo.B to SH.Renepo.B 10/25/04 PWSteal.IBank to PWSteal.Revcuss.B 09/23/04 PWSteal.Safewin to PWSteal.Focosenha 09/30/04 Spyware.NDotNet to Spyware.QuickSearch 10/21/04 Trojan.Download.Moo to Trojan.Moo 09/28/04 Trojan.Inzae to W32.Inzae.A@mm 11/22/04 Trojan.MSS to Trojan.MatrixScreen 11/30/04 Trojan.Simcss to Adware.Slagent.B 11/30/04 Trojan.Xilon to W32.Xilon.Trojan 10/26/04 W32.Badcon.A to Backdoor.Sdbot.AA 09/13/04 W32.Badcon.B to Backdoor.Sdbot.AB 09/15/04 W32.Bofra.A@mm to W32.Mydoom.AI@mm 11/17/04 W32.Bofra.B@mm to W32.Mydoom.AJ@mm 11/17/04 W32.Bofra.C@mm to W32.Mydoom.AK@mm 11/17/04 W32.Bofra.D@mm to W32.Mydoom.AH@mm 11/17/04 W32.Cerberus.A to W32.Orpheus.A 11/09/04 W32.Fili@mm to W32.Fili.A@mm 10/11/04 W32.HLLW.Zusha to W32.Zusha 09/14/04 W32.Hamet to W32.Auril 10/07/04 W32.Laorenshen.Trojan to Trojan.Laorenshen 10/19/04 W32.Mydoom.AH@mm to W32.Bofra.D@mm 11/17/04 W32.Mydoom.AI@mm to W32.Bofra.A@mm 11/17/04 W32.Mydoom.AJ@mm to W32.Bofra.B@mm 11/17/04 W32.Mydoom.AK@mm to W32.Bofra.C@mm 11/17/04 W32.Mydoom.AL@mm to W32.Atak.E@mm 12/07/04 W32.Netsky.AE@mm to W32.Buchon.A@mm 10/22/04 W32.Sophily to W32.Philis.C 10/18/04 W32.Subit.3331 to W32.Subit 09/24/04 W32.Sunzi@mm to W32.Yanz.A@mm 12/02/04 W32.Sykel to W32.Multex.B 09/14/04 W32.Syphilo to W32.Sophily 10/15/04 W32.Watsoon.A to Trojan.Watsoon.A 10/27/04 W32.Whiter.Trojan to Trojan.Whiter 11/09/04 W32.Xilon.Trojan to Trojan.Xilon 10/26/04 W32.Zusha to W32.Aizu 09/14/04 W97M.Cherrylove to W97M.Cherrylove!int 12/02/04 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ W32.Mydoom.AL@mm to W32.Atak.E@mm 12/07/04 Adware.EliteBar.C to W97M.Cherrylove!int 12/06/04 Adware.Slagent.B to Trojan.Simcss 12/02/04 W32.Sunzi@mm to W32.Yanz.A@mm 12/02/04 W97M.Cherrylove to W97M.Cherrylove!int 12/02/04 Trojan.MSS to Trojan.MatrixScreen 11/30/04 Trojan.Simcss to Adware.Slagent.B 11/30/04 Dialer.Sa to Adware.Sa 11/29/04 Trojan.Inzae to W32.Inzae.A@mm 11/22/04 W32.Bofra.A@mm to W32.Mydoom.AI@mm 11/17/04 W32.Bofra.B@mm to W32.Mydoom.AJ@mm 11/17/04 W32.Bofra.C@mm to W32.Mydoom.AK@mm 11/17/04 W32.Bofra.D@mm to W32.Mydoom.AH@mm 11/17/04 W32.Mydoom.AH@mm to W32.Bofra.D@mm 11/17/04 W32.Mydoom.AI@mm to W32.Bofra.A@mm 11/17/04 W32.Mydoom.AJ@mm to W32.Bofra.B@mm 11/17/04 W32.Mydoom.AK@mm to W32.Bofra.C@mm 11/17/04 Backdoor.Lasta to Trojan.Lasta 11/13/04 W32.Cerberus.A to W32.Orpheus.A 11/09/04 W32.Whiter.Trojan to Trojan.Whiter 11/09/04 JS.Trojan.WindowBomb.B to JS.WindowBomb.B 11/04/04 Js.Trojan.WindowBomb to JS.WindowBomb 11/04/04 W32.Watsoon.A to Trojan.Watsoon.A 10/27/04 Backdoor.Badcon to W32.Netsky.AE@mm!enc 10/26/04 Trojan.Xilon to W32.Xilon.Trojan 10/26/04 W32.Xilon.Trojan to Trojan.Xilon 10/26/04 MacOS.Renepo.A to SH.Renepo.A 10/25/04 MacOS.Renepo.B to SH.Renepo.B 10/25/04 Hacktool.Openerscript to MacOS.Renepo.B 10/22/04 W32.Netsky.AE@mm to W32.Buchon.A@mm 10/22/04 Spyware.NDotNet to Spyware.QuickSearch 10/21/04 W32.Laorenshen.Trojan to Trojan.Laorenshen 10/19/04 W32.Sophily to W32.Philis.C 10/18/04 W32.Syphilo to W32.Sophily 10/15/04 W32.Fili@mm to W32.Fili.A@mm 10/11/04 W32.Hamet to W32.Auril 10/07/04 PWSteal.Safewin to PWSteal.Focosenha 09/30/04 Trojan.Download.Moo to Trojan.Moo 09/28/04 W32.Subit.3331 to W32.Subit 09/24/04 PWSteal.IBank to PWSteal.Revcuss.B 09/23/04 W32.Badcon.B to Backdoor.Sdbot.AB 09/15/04 W32.HLLW.Zusha to W32.Zusha 09/14/04 W32.Sykel to W32.Multex.B 09/14/04 W32.Zusha to W32.Aizu 09/14/04 W32.Badcon.A to Backdoor.Sdbot.AA 09/13/04 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Adware.CKWMin File infector 12/04/04 Adware.Navihelper File infector 12/06/04 Adware.WinLog File infector 12/04/04 Backdoor.NetJoe File infector 12/04/04 Backdoor.NetJoe!client File infector 12/04/04 Backdoor.Ranky.M File infector 12/04/04 Backdoor.Sdbot.AF File infector 12/04/04 Backdoor.Sdbot.AG File infector 12/04/04 Backdoor.Sdbot.AH File infector 12/04/04 Bloodhound.Packed File infector 12/04/04 Bloodhound.Packed.1 File infector 12/04/04 Bloodhound.Packed.2 File infector 12/04/04 Bloodhound.Packed.3 File infector 12/04/04 Dialer.Gxbill File infector 12/04/04 Dialer.NewDial.B File infector 12/04/04 Dialer.Sexcyberkey File infector 12/04/04 Dialer.Sexprovider File infector 12/04/04 Dialer.Superzugang File infector 12/04/04 Dialer.XLite File infector 12/04/04 W97M.Cherrylove!int File infector 12/06/04 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ Adware.Navihelper File infector 12/06/04 W97M.Cherrylove!int File infector 12/06/04 Adware.CKWMin File infector 12/04/04 Adware.WinLog File infector 12/04/04 Backdoor.NetJoe File infector 12/04/04 Backdoor.NetJoe!client File infector 12/04/04 Backdoor.Ranky.M File infector 12/04/04 Backdoor.Sdbot.AF File infector 12/04/04 Backdoor.Sdbot.AG File infector 12/04/04 Backdoor.Sdbot.AH File infector 12/04/04 Bloodhound.Packed File infector 12/04/04 Bloodhound.Packed.1 File infector 12/04/04 Bloodhound.Packed.2 File infector 12/04/04 Bloodhound.Packed.3 File infector 12/04/04 Dialer.Gxbill File infector 12/04/04 Dialer.NewDial.B File infector 12/04/04 Dialer.Sexcyberkey File infector 12/04/04 Dialer.Sexprovider File infector 12/04/04 Dialer.Superzugang File infector 12/04/04 Dialer.XLite File infector 12/04/04 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.