****************************************************************************** ** ** ** What's New in the Symantec AntiVirus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response November 10, 2005 ** ** ** ****************************************************************************** This document contains the following topics: * Viruses and Blended Threats Alerts * Changes Incorporated Into This Risk Definitions Update * Additional Information ****************************************************************************** ** Viruses and Blended Threats Alerts ** ****************************************************************************** The ten most commonly reported threats for September 2005, worldwide: 1 Trojan Horse 2 W32.Spybot.Worm 3 Trojan.Elitebar 4 W32.Mytob.ED@mm 5 W32.Mytob.DF@mm 6 W32.Netsky.P@mm 7 Hacktool.Rootkit 8 Trojan.Tooso.L 9 W32.Esbot.C 10 Trojan.Tooso.Q ****************************************************************************** ** Changes Incorporated Into This Risk Definitions Update ** ****************************************************************************** New risk definitions (sorted by Risk Name): Risk Name Risk Type Date added --------- --------- ---------- Adware.Atlcontrol File infector 11/05/05 Adware.BocaiToolbar File infector 10/18/05 Adware.CoolSavings File infector 11/03/05 Adware.Coolpp File infector 11/07/05 Adware.Edea File infector 11/09/05 Adware.Hmtoolbar File infector 10/17/05 Adware.Psic File infector 11/04/05 Adware.Rewardnetwork File infector 11/04/05 Adware.SweetBar File infector 10/15/05 Adware.WebDir File infector 10/21/05 Backdoor.Bifrose.D File infector 10/26/05 Backdoor.Civcat File infector 10/31/05 Backdoor.Darkmoon.B File infector 10/21/05 Backdoor.Eparssa File infector 10/24/05 Backdoor.Haxdoor.G File infector 11/04/05 Backdoor.Hesive.dr File infector 10/21/05 Backdoor.Ranky.V File infector 11/02/05 Backdoor.Ryknos File infector 11/10/05 Backdoor.Sedepex File infector 10/31/05 Backdoor.Toob.A File infector 11/02/05 Backdoor.Zagaban File infector 11/03/05 Bloodhound.Exploit.45 File infector 11/08/05 Bloodhound.Exploit.49 File infector 10/14/05 Bloodhound.Exploit.50 File infector 10/24/05 Bloodhound.Exploit.51 File infector 10/24/05 Dialer.MicroDialer File infector 10/27/05 Dialer.Pagomaster File infector 11/05/05 JS.Spacehero File infector 10/14/05 KIX.Ixlam.A File infector 11/01/05 Linux.Plupii File infector 11/06/05 MSIL.Idonut File infector 10/14/05 Not.500 File infector 10/21/05 PWSteal.Tarno.O File infector 10/20/05 PWSteal.Tarno.P File infector 10/24/05 PWSteal.Wowcraft.B File infector 10/24/05 SecurityRisk.Aries File infector 11/07/05 SecurityRisk.Dropper File infector 10/18/05 SecurityRisk.HubSafe File infector 11/01/05 Spyware.Apropos.C File infector 10/21/05 Spyware.Sesui File infector 10/30/05 Spyware.WSLogger File infector 10/24/05 SymbOS.Cabir.V File infector 10/24/05 SymbOS.Cardtrp.D File infector 11/09/05 SymbOS.Cardtrp.E File infector 11/09/05 SymbOS.Doomboot.M File infector 11/09/05 SymbOS.Doomboot.N File infector 11/09/05 Trojan.Bankem File infector 11/03/05 Trojan.Edea File infector 11/07/05 Trojan.Elzio.A File infector 10/24/05 Trojan.Finfanse File infector 10/25/05 Trojan.Gamqowi File infector 10/20/05 Trojan.Goldun.G File infector 10/27/05 Trojan.Heoms File infector 11/09/05 Trojan.LodAV.A File infector 11/02/05 Trojan.Lodear.B File infector 11/02/05 Trojan.Lodear.C File infector 11/03/05 Trojan.Lodear.D File infector 11/03/05 Trojan.Popper File infector 10/24/05 Trojan.Proup File infector 11/07/05 Trojan.Totmau File infector 11/04/05 Trojan.Tracker File infector 11/03/05 Trojan.Zlob.D File infector 10/25/05 W32.Beagle.CN@mm File infector 11/02/05 W32.Beagle.CO@mm File infector 11/03/05 W32.Botter.A@mm File infector 10/20/05 W32.Dabora.A@mm File infector 10/17/05 W32.Fanbot.A@mm File infector 10/17/05 W32.Fluzer File infector 11/09/05 W32.Incub File infector 11/09/05 W32.Katomic File infector 11/09/05 W32.Lodear.A@mm File infector 11/01/05 W32.Looksky.A@mm File infector 10/25/05 W32.Looksky.B File infector 10/25/05 W32.Loxbot.A File infector 10/17/05 W32.Loxbot.B File infector 10/31/05 W32.Magflag.B File infector 11/01/05 W32.Miti@mm File infector 11/06/05 W32.Mocbot.A File infector 10/24/05 W32.Monikey File infector 11/02/05 W32.Mydoom.FP@mm File infector 10/25/05 W32.Mytob.KP@mm File infector 10/14/05 W32.Mytob.KR@mm File infector 10/16/05 W32.Mytob.KU@mm File infector 10/16/05 W32.Mytob.KV@mm File infector 10/16/05 W32.Mytob.LD@mm File infector 10/17/05 W32.Mytob.LE@mm File infector 10/18/05 W32.Mytob.LM@mm File infector 10/31/05 W32.Mytob.LO@mm File infector 11/02/05 W32.Rontokbro.K@mm File infector 10/25/05 W32.Spybot.YQW File infector 10/16/05 W32.Spybot.YXX File infector 10/20/05 W32.Spybot.ZIF File infector 11/01/05 W32.Vig.C File infector 11/01/05 W32.Winain File infector 11/09/05 W32.Wurz@mm File infector 11/06/05 W32.Yak File infector 11/09/05 W97M.Adren!vbs File infector 11/10/05 W97M.Exedrop File infector 10/25/05 W97M.Marg!int File infector 11/09/05 W97M.Nometz.B File infector 10/25/05 New risk definitions (sorted by Date added): Risk Name Risk Type Date added --------- --------- ---------- Backdoor.Ryknos File infector 11/10/05 W97M.Adren!vbs File infector 11/10/05 Adware.Edea File infector 11/09/05 SymbOS.Cardtrp.D File infector 11/09/05 SymbOS.Cardtrp.E File infector 11/09/05 SymbOS.Doomboot.M File infector 11/09/05 SymbOS.Doomboot.N File infector 11/09/05 Trojan.Heoms File infector 11/09/05 W32.Fluzer File infector 11/09/05 W32.Incub File infector 11/09/05 W32.Katomic File infector 11/09/05 W32.Winain File infector 11/09/05 W32.Yak File infector 11/09/05 W97M.Marg!int File infector 11/09/05 Bloodhound.Exploit.45 File infector 11/08/05 Adware.Coolpp File infector 11/07/05 SecurityRisk.Aries File infector 11/07/05 Trojan.Edea File infector 11/07/05 Trojan.Proup File infector 11/07/05 Linux.Plupii File infector 11/06/05 W32.Miti@mm File infector 11/06/05 W32.Wurz@mm File infector 11/06/05 Adware.Atlcontrol File infector 11/05/05 Dialer.Pagomaster File infector 11/05/05 Adware.Psic File infector 11/04/05 Adware.Rewardnetwork File infector 11/04/05 Backdoor.Haxdoor.G File infector 11/04/05 Trojan.Totmau File infector 11/04/05 Adware.CoolSavings File infector 11/03/05 Backdoor.Zagaban File infector 11/03/05 Trojan.Bankem File infector 11/03/05 Trojan.Lodear.C File infector 11/03/05 Trojan.Lodear.D File infector 11/03/05 Trojan.Tracker File infector 11/03/05 W32.Beagle.CO@mm File infector 11/03/05 Backdoor.Ranky.V File infector 11/02/05 Backdoor.Toob.A File infector 11/02/05 Trojan.LodAV.A File infector 11/02/05 Trojan.Lodear.B File infector 11/02/05 W32.Beagle.CN@mm File infector 11/02/05 W32.Monikey File infector 11/02/05 W32.Mytob.LO@mm File infector 11/02/05 KIX.Ixlam.A File infector 11/01/05 SecurityRisk.HubSafe File infector 11/01/05 W32.Lodear.A@mm File infector 11/01/05 W32.Magflag.B File infector 11/01/05 W32.Spybot.ZIF File infector 11/01/05 W32.Vig.C File infector 11/01/05 Backdoor.Civcat File infector 10/31/05 Backdoor.Sedepex File infector 10/31/05 W32.Loxbot.B File infector 10/31/05 W32.Mytob.LM@mm File infector 10/31/05 Spyware.Sesui File infector 10/30/05 Dialer.MicroDialer File infector 10/27/05 Trojan.Goldun.G File infector 10/27/05 Backdoor.Bifrose.D File infector 10/26/05 Trojan.Finfanse File infector 10/25/05 Trojan.Zlob.D File infector 10/25/05 W32.Looksky.A@mm File infector 10/25/05 W32.Looksky.B File infector 10/25/05 W32.Mydoom.FP@mm File infector 10/25/05 W32.Rontokbro.K@mm File infector 10/25/05 W97M.Exedrop File infector 10/25/05 W97M.Nometz.B File infector 10/25/05 Backdoor.Eparssa File infector 10/24/05 Bloodhound.Exploit.50 File infector 10/24/05 Bloodhound.Exploit.51 File infector 10/24/05 PWSteal.Tarno.P File infector 10/24/05 PWSteal.Wowcraft.B File infector 10/24/05 Spyware.WSLogger File infector 10/24/05 SymbOS.Cabir.V File infector 10/24/05 Trojan.Elzio.A File infector 10/24/05 Trojan.Popper File infector 10/24/05 W32.Mocbot.A File infector 10/24/05 Adware.WebDir File infector 10/21/05 Backdoor.Darkmoon.B File infector 10/21/05 Backdoor.Hesive.dr File infector 10/21/05 Not.500 File infector 10/21/05 Spyware.Apropos.C File infector 10/21/05 PWSteal.Tarno.O File infector 10/20/05 Trojan.Gamqowi File infector 10/20/05 W32.Botter.A@mm File infector 10/20/05 W32.Spybot.YXX File infector 10/20/05 Adware.BocaiToolbar File infector 10/18/05 SecurityRisk.Dropper File infector 10/18/05 W32.Mytob.LE@mm File infector 10/18/05 Adware.Hmtoolbar File infector 10/17/05 W32.Dabora.A@mm File infector 10/17/05 W32.Fanbot.A@mm File infector 10/17/05 W32.Loxbot.A File infector 10/17/05 W32.Mytob.LD@mm File infector 10/17/05 W32.Mytob.KR@mm File infector 10/16/05 W32.Mytob.KU@mm File infector 10/16/05 W32.Mytob.KV@mm File infector 10/16/05 W32.Spybot.YQW File infector 10/16/05 Adware.SweetBar File infector 10/15/05 Bloodhound.Exploit.49 File infector 10/14/05 JS.Spacehero File infector 10/14/05 MSIL.Idonut File infector 10/14/05 W32.Mytob.KP@mm File infector 10/14/05 Name Changes (sorted by Old Risk Name): Old Risk Name New Risk Name Date changed ------------- ------------- ------------ Adware.BroadcastPC.B to Adware.Broadcastpc.b 08/25/05 Adware.Clickbank to Adware.FakeMessage 08/22/05 Alaper.c.ow to Alaper.C.ow 06/07/05 Backdoor.Jupillites to Trojan.Jupillites 08/01/05 Backdoor.Omed to Backdoor.SmokeDown 06/03/05 Backdoor.Omed.B to Backdoor.SmokeDown.B 06/03/05 Backdoor.Sdbot.AR to Backdoor.Sdbot.AR!dr 06/08/05 Backdoor.Tdiserv to W32.Tdiserv.A 06/22/05 Bin.Auto.CJK to Warfair.2553 06/22/05 HLLP.13804 to HLLP.Pepe 06/09/05 HLLP.Nolon to HLLP.Nolon.gen 07/08/05 Intended.Zorm.458 to Zorm.458 07/06/05 Intended.Zorm.464 to Zorm.464 07/06/05 Intended.Zorm.495 to Zorm.495 07/06/05 Ksenia.5000.a to Ksenia.5000.A 06/07/05 MSIL.Idonut to MSIL.Idonus 10/17/05 PWSteal.JGinko to PWSteal.Jginko 07/09/05 PWSteal.Ragnarok to PWSteal.Okarag 09/26/05 SME.Heurist.941 to SME.Heurist 06/06/05 SecurityRisk.Aries to SecurityRisk.First4DRM 11/08/05 Spyware.Alexa to Trackware.Alexa 07/19/05 Spyware.BrowserAccel to Trackware.BrowserAccel 10/17/05 Spyware.FKWPKeylog to Hacktool.FKWPKeylog 08/18/05 Spyware.SearchNugget to Adware.SearchNugget 06/01/05 Trivial.42.p to Trivial.42.P 06/07/05 Trivial.ow.21.a to Trivial.ow.21.A 06/07/05 Trojan.Axidon to W32.Kelvir.HI 08/24/05 Trojan.Cmapp to Trojan.cmapp 08/12/05 Trojan.LodAV.A to Trojan.Lodav.A 11/03/05 Trojan.Lodear.D to Trojan.Lodav.B 11/07/05 Trojan.Redop to Trojan.Gpcoder.B 05/31/05 Trojan.Rona to Trojan.Hotword.B 05/31/05 Trojan.cmapp to Trojan.Cmapp 08/11/05 VBS.Minceme to W97M.Minceme!src 06/07/05 Vienna.353.a to Vienna.353.A 06/07/05 W32.Bobax!gen to W32.Bobax 10/24/05 W32.Bobax.AA to W32.Bobax.AA@mm 08/01/05 W32.Bobax.AA@mm to W32.Bobax.AA 08/01/05 W32.Bobax.Z to W32.Bobax.Z@mm 06/03/05 W32.Desktophijack to Trojan.Alemod 10/11/05 W32.Esbot.D to W32.Esbot.D 09/19/05 W32.Falus.A to W32.Falsu.A 08/01/05 W32.Gavgent.A@mm to W32.Gavgent.A 07/21/05 W32.Incef to W32.Falus.A 08/01/05 W32.Kelvir.FN to Trojan.Kirvo 07/18/05 W32.Lile.A@mm to W32.Lile.A 10/14/05 W32.Lodear.A@mm to Trojan.Lodear 11/02/05 W32.Monikey to W32.Monikey@mm 11/03/05 W32.Mytob.EK@mm to W32.Mytob.EK@mm 06/22/05 W32.Zotob.C to W32.Zotob.C@mm 08/16/05 Name Changes (sorted by Date changed): Old Risk Name New Risk Name Date changed ------------- ------------- ------------ SecurityRisk.Aries to SecurityRisk.First4DRM 11/08/05 Trojan.Lodear.D to Trojan.Lodav.B 11/07/05 Trojan.LodAV.A to Trojan.Lodav.A 11/03/05 W32.Monikey to W32.Monikey@mm 11/03/05 W32.Lodear.A@mm to Trojan.Lodear 11/02/05 W32.Bobax!gen to W32.Bobax 10/24/05 MSIL.Idonut to MSIL.Idonus 10/17/05 Spyware.BrowserAccel to Trackware.BrowserAccel 10/17/05 W32.Lile.A@mm to W32.Lile.A 10/14/05 W32.Desktophijack to Trojan.Alemod 10/11/05 PWSteal.Ragnarok to PWSteal.Okarag 09/26/05 W32.Esbot.D to W32.Esbot.D 09/19/05 Adware.BroadcastPC.B to Adware.Broadcastpc.b 08/25/05 Trojan.Axidon to W32.Kelvir.HI 08/24/05 Adware.Clickbank to Adware.FakeMessage 08/22/05 Spyware.FKWPKeylog to Hacktool.FKWPKeylog 08/18/05 W32.Zotob.C to W32.Zotob.C@mm 08/16/05 Trojan.Cmapp to Trojan.cmapp 08/12/05 Trojan.cmapp to Trojan.Cmapp 08/11/05 Backdoor.Jupillites to Trojan.Jupillites 08/01/05 W32.Bobax.AA to W32.Bobax.AA@mm 08/01/05 W32.Bobax.AA@mm to W32.Bobax.AA 08/01/05 W32.Falus.A to W32.Falsu.A 08/01/05 W32.Incef to W32.Falus.A 08/01/05 W32.Gavgent.A@mm to W32.Gavgent.A 07/21/05 Spyware.Alexa to Trackware.Alexa 07/19/05 W32.Kelvir.FN to Trojan.Kirvo 07/18/05 PWSteal.JGinko to PWSteal.Jginko 07/09/05 HLLP.Nolon to HLLP.Nolon.gen 07/08/05 Intended.Zorm.458 to Zorm.458 07/06/05 Intended.Zorm.464 to Zorm.464 07/06/05 Intended.Zorm.495 to Zorm.495 07/06/05 Backdoor.Tdiserv to W32.Tdiserv.A 06/22/05 Bin.Auto.CJK to Warfair.2553 06/22/05 W32.Mytob.EK@mm to W32.Mytob.EK@mm 06/22/05 HLLP.13804 to HLLP.Pepe 06/09/05 Backdoor.Sdbot.AR to Backdoor.Sdbot.AR!dr 06/08/05 Alaper.c.ow to Alaper.C.ow 06/07/05 Ksenia.5000.a to Ksenia.5000.A 06/07/05 Trivial.42.p to Trivial.42.P 06/07/05 Trivial.ow.21.a to Trivial.ow.21.A 06/07/05 VBS.Minceme to W97M.Minceme!src 06/07/05 Vienna.353.a to Vienna.353.A 06/07/05 SME.Heurist.941 to SME.Heurist 06/06/05 Backdoor.Omed to Backdoor.SmokeDown 06/03/05 Backdoor.Omed.B to Backdoor.SmokeDown.B 06/03/05 W32.Bobax.Z to W32.Bobax.Z@mm 06/03/05 Spyware.SearchNugget to Adware.SearchNugget 06/01/05 Trojan.Redop to Trojan.Gpcoder.B 05/31/05 Trojan.Rona to Trojan.Hotword.B 05/31/05 Deletions (sorted by Risk Name): Risk Name Risk Type Date removed --------- --------- ------------ Adware.Broadcastpc.b File infector 09/27/05 Adware.BrowserVillage File infector 08/12/05 Adware.CWSSystime File infector 09/28/05 Adware.EliteBar File infector 08/30/05 Adware.MyLinker File infector 09/22/05 Adware.SuperSpider File infector 09/06/05 Adware.WindowEnhancer File infector 09/29/05 Adware.eAnthology File infector 11/01/05 Bloodhound.Exploit.45 File infector 10/13/05 Dialer.NetVision File infector 09/22/05 Infector.889 (d) File infector 09/13/05 Infector.889 (x)(d) File infector 09/13/05 Spyware.ActiveLogger File infector 10/12/05 Trojan.CWSConyc File infector 09/16/05 Trojan.Edea File infector 11/09/05 Trojan.ISTsvc File infector 09/11/05 Trojan.Idocha File infector 08/18/05 W32.Drivrec.A File infector 10/04/05 W32.Kassbot.C File infector 08/17/05 W32.Mytob.KV@mm File infector 10/26/05 Deletions (sorted by Date removed): Risk Name Risk Type Date removed --------- --------- ------------ Trojan.Edea File infector 11/09/05 Adware.eAnthology File infector 11/01/05 W32.Mytob.KV@mm File infector 10/26/05 Bloodhound.Exploit.45 File infector 10/13/05 Spyware.ActiveLogger File infector 10/12/05 W32.Drivrec.A File infector 10/04/05 Adware.WindowEnhancer File infector 09/29/05 Adware.CWSSystime File infector 09/28/05 Adware.Broadcastpc.b File infector 09/27/05 Adware.MyLinker File infector 09/22/05 Dialer.NetVision File infector 09/22/05 Trojan.CWSConyc File infector 09/16/05 Infector.889 (d) File infector 09/13/05 Infector.889 (x)(d) File infector 09/13/05 Trojan.ISTsvc File infector 09/11/05 Adware.SuperSpider File infector 09/06/05 Adware.EliteBar File infector 08/30/05 Trojan.Idocha File infector 08/18/05 W32.Kassbot.C File infector 08/17/05 Adware.BrowserVillage File infector 08/12/05 Remediation Added: Risk Name Date added --------- ---------- Adware.TopAv 11/09/05 SecurityRisk.First4DRM 11/08/05 SecurityRisk.Aries 11/08/05 Adware.BocaiToolbar 11/03/05 Adware.SweetBar 11/03/05 SecurityRisk.HubSafe 11/03/05 Spyware.EmailSpy 11/03/05 Spyware.HSLABLogger 11/01/05 Spyware.IamBigBrother 11/01/05 Spyware.Intraspy 10/28/05 Adware.EnergyPlugin 10/27/05 Dialer.MicroDialer 10/27/05 Spyware.WSLogger 10/26/05 Trackware.Webhancer 10/26/05 Hacktool.XScan 10/25/05 Adware.MDSSearchboost 10/25/05 Adware.PLook 10/25/05 Adware.SideBySide 10/25/05 Adware.UMaxsearch 10/25/05 Adware.ZenoSearch 10/25/05 Adware.GreenIo 10/24/05 Adware.Instdollars 10/24/05 Adware.Metasearch 10/24/05 Adware.Searchbarcash 10/24/05 Backdoor.Subseven.22.a 10/24/05 Spyware.NetVizor 10/24/05 Spyware.PCParent 10/24/05 Spyware.SaveKeys 10/24/05 Adware.SearchCashbar 10/24/05 Backdoor.Subseven.22a 10/24/05 Spyware.NetVisor 10/24/05 Spyware_PCParent 10/24/05 Spyware_SaveKeys 10/24/05 Trackware.BrowserAccel 10/17/05 Adware.Weblookup 10/14/05 Adware.LiveChat 10/14/05 Adware.180Search 10/05/05 Adware.180Solutions 10/05/05 Adware.2Search 10/05/05 Adware.7000n 10/05/05 Adware.ABXToolbar 10/05/05 Adware.ActiveSearch 10/05/05 Adware.AdBars 10/05/05 Adware.AdBlaster 10/05/05 Adware.AdBlock 10/05/05 Adware.AdDestroyer 10/05/05 Adware.AdGoblin 10/05/05 Adware.Adlogix 10/05/05 Adware.AdRoar 10/05/05 Adware.AdServerNow 10/05/05 Remediation Deleted: Risk Name Date removed --------- ------------ SecurityRisk.Aries 11/08/05 Spyware.HSLABLogger 10/29/05 Spyware.IamBigBrother 10/29/05 Spyware.Webhancer 10/26/05 Adware.SearchCashbar 10/24/05 Backdoor.Subseven.22a 10/24/05 Spyware.NetVisor 10/24/05 Spyware_PCParent 10/24/05 Spyware_SaveKeys 10/24/05 Adware.GreenIo 10/24/05 Adware.Instdollars 10/24/05 Adware.Metasearch 10/24/05 Adware.Searchbarcash 10/24/05 Backdoor.Subseven.22.a 10/24/05 Spyware.NetVizor 10/24/05 Spyware.PCParent 10/24/05 Spyware.SaveKeys 10/24/05 Spyware.BrowserAccel 10/17/05 Adware.EraserAll 10/12/05 Dialer.Palazzo 10/07/05 Trojan.ISTsvc 10/07/05 Remediation Modified: Risk Name Date modified --------- ------------- Adware.Metasearch 10/25/05 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.