****************************************************************************** ** ** ** What's New in the Symantec AntiVirus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response January 12, 2006 ** ** ** ****************************************************************************** This document contains the following topics: * Viruses and Blended Threats Alerts * Changes Incorporated Into This Risk Definitions Update * Additional Information ****************************************************************************** ** Viruses and Blended Threats Alerts ** ****************************************************************************** The ten most commonly reported threats for September 2005, worldwide: 1 Trojan Horse 2 W32.Spybot.Worm 3 Trojan.Elitebar 4 W32.Mytob.ED@mm 5 W32.Mytob.DF@mm 6 W32.Netsky.P@mm 7 Hacktool.Rootkit 8 Trojan.Tooso.L 9 W32.Esbot.C 10 Trojan.Tooso.Q ****************************************************************************** ** Changes Incorporated Into This Risk Definitions Update ** ****************************************************************************** New risk definitions (sorted by Risk Name): Risk Name Date added --------- ---------- AdSpider 01/12/06 Adware.ClearX 12/22/05 Adware.DailyWinner 12/21/05 Adware.FCHelp 01/10/06 Adware.LampUpdate 12/21/05 Adware.Tbon 01/06/06 Adware.VCatch 01/12/06 Adware.Webentrance 12/20/05 Adware.Webprefix 01/11/06 Adware.Wnad 12/14/05 Adware.ZipClix 12/22/05 Backdoor.Dckane 12/27/05 Bloodhound.Exploit.55 12/20/05 Bloodhound.Exploit.56 12/28/05 Bloodhound.Exploit.57 01/10/06 Dialer.BaciamiStupido 12/24/05 Hacktool.SPHPBlog 12/15/05 Linux.Mare 12/24/05 PWSteal.Bankash.G 01/03/06 PWSteal.MSNBancos 12/14/05 PWSteal.Tarno.Q 12/19/05 Spyaxe 12/30/05 Spyware.Elgolf 01/05/06 Spyware.Hiwire 12/13/05 Spyware.SpyAll 01/05/06 Spyware.Supremespy 01/06/06 Spyware.Watcher 01/05/06 SpywareStrike 01/08/06 SymbOS.Cabir.W 12/15/05 SymbOS.Cardtrp.I 12/12/05 SymbOS.Cardtrp.J 12/12/05 SymbOS.Cardtrp.K 12/12/05 SymbOS.Cardtrp.L 12/12/05 SymbOS.Cardtrp.M 12/15/05 SymbOS.Cardtrp.N 12/15/05 SymbOS.Cardtrp.O 12/15/05 SymbOS.Cardtrp.P 12/15/05 SymbOS.Doomboot.R 12/15/05 SymbOS.Pbstealer.C 01/03/06 SymbOS.Skulls.O 12/13/05 SymbOS.Skulls.P 12/13/05 SymbOS.Skulls.Q 12/15/05 SymbOS.Skulls.R 12/15/05 Trackware.ActivShopper 01/06/06 Trackware.SmartShopper 12/15/05 Trojan.Beagooz.E 01/11/06 Trojan.Goldun.I 01/06/06 Trojan.Infticker 12/28/05 Trojan.Lodear.E 12/15/05 Trojan.Lodear.F 12/15/05 Trojan.Lodear.G 12/20/05 Trojan.Lodear.H 12/22/05 Trojan.Lodear.I 12/25/05 Trojan.Lodeight.A 12/20/05 Trojan.Mdropper.D 12/18/05 Trojan.Mitglieder.S 12/22/05 Trojan.Oxtic 12/14/05 Trojan.Satiloler.B 01/04/06 Trojan.Spamlia 12/29/05 Trojan.Swepdat 12/15/05 Trojan.Zlob.G 12/13/05 Trojan.Zlob.H 01/06/06 UnSpyPC 12/16/05 W32.Beagle.CX@mm 12/15/05 W32.Beagle.CY@mm 12/16/05 W32.Beagle.CZ@mm 12/20/05 W32.Beagle.DA@mm 12/22/05 W32.Beagle.DB@mm 12/22/05 W32.Cleevix 01/03/06 W32.Dabora.B@mm 12/30/05 W32.Dasher.A 12/15/05 W32.Dasher.B 12/15/05 W32.Dasher.C 12/16/05 W32.Dasher.D 12/19/05 W32.Denya 01/05/06 W32.Feebs 01/08/06 W32.Feebs.A 12/20/05 W32.Feebs.D@mm 01/11/06 W32.Feebs.E@mm 01/12/06 W32.Gelito 12/14/05 W32.Ider.A@mm 12/22/05 W32.Looksky.F@mm 01/05/06 W32.Looksky.G@mm 01/08/06 W32.Loxbot.C 01/05/06 W32.Loxbot.D 01/06/06 W32.Meadre@mm 12/15/05 W32.Mynuf 01/08/06 W32.Mytob.MX@mm 12/22/05 W32.Neshuta 12/27/05 W32.Otan 01/05/06 W32.Pozat 12/15/05 W32.Retomo 01/08/06 W32.Solgi 12/14/05 W32.Spybot.ACDM 12/22/05 W32.Uplot@mm 12/14/05 W32.Wisfc 12/21/05 W32.Xgtray 01/08/06 W32.Xoer 12/22/05 W97M.Ruleden 12/21/05 WinHound 12/20/05 New risk definitions (sorted by Date added): Risk Name Date added --------- ---------- AdSpider 01/12/06 Adware.VCatch 01/12/06 W32.Feebs.E@mm 01/12/06 Adware.Webprefix 01/11/06 Trojan.Beagooz.E 01/11/06 W32.Feebs.D@mm 01/11/06 Adware.FCHelp 01/10/06 Bloodhound.Exploit.57 01/10/06 SpywareStrike 01/08/06 W32.Feebs 01/08/06 W32.Looksky.G@mm 01/08/06 W32.Mynuf 01/08/06 W32.Retomo 01/08/06 W32.Xgtray 01/08/06 Adware.Tbon 01/06/06 Spyware.Supremespy 01/06/06 Trackware.ActivShopper 01/06/06 Trojan.Goldun.I 01/06/06 Trojan.Zlob.H 01/06/06 W32.Loxbot.D 01/06/06 Spyware.Elgolf 01/05/06 Spyware.SpyAll 01/05/06 Spyware.Watcher 01/05/06 W32.Denya 01/05/06 W32.Looksky.F@mm 01/05/06 W32.Loxbot.C 01/05/06 W32.Otan 01/05/06 Trojan.Satiloler.B 01/04/06 PWSteal.Bankash.G 01/03/06 SymbOS.Pbstealer.C 01/03/06 W32.Cleevix 01/03/06 Spyaxe 12/30/05 W32.Dabora.B@mm 12/30/05 Trojan.Spamlia 12/29/05 Bloodhound.Exploit.56 12/28/05 Trojan.Infticker 12/28/05 Backdoor.Dckane 12/27/05 W32.Neshuta 12/27/05 Trojan.Lodear.I 12/25/05 Dialer.BaciamiStupido 12/24/05 Linux.Mare 12/24/05 Adware.ClearX 12/22/05 Adware.ZipClix 12/22/05 Trojan.Lodear.H 12/22/05 Trojan.Mitglieder.S 12/22/05 W32.Beagle.DA@mm 12/22/05 W32.Beagle.DB@mm 12/22/05 W32.Ider.A@mm 12/22/05 W32.Mytob.MX@mm 12/22/05 W32.Spybot.ACDM 12/22/05 W32.Xoer 12/22/05 Adware.DailyWinner 12/21/05 Adware.LampUpdate 12/21/05 W32.Wisfc 12/21/05 W97M.Ruleden 12/21/05 Adware.Webentrance 12/20/05 Bloodhound.Exploit.55 12/20/05 Trojan.Lodear.G 12/20/05 Trojan.Lodeight.A 12/20/05 W32.Beagle.CZ@mm 12/20/05 W32.Feebs.A 12/20/05 WinHound 12/20/05 PWSteal.Tarno.Q 12/19/05 W32.Dasher.D 12/19/05 Trojan.Mdropper.D 12/18/05 UnSpyPC 12/16/05 W32.Beagle.CY@mm 12/16/05 W32.Dasher.C 12/16/05 Hacktool.SPHPBlog 12/15/05 SymbOS.Cabir.W 12/15/05 SymbOS.Cardtrp.M 12/15/05 SymbOS.Cardtrp.N 12/15/05 SymbOS.Cardtrp.O 12/15/05 SymbOS.Cardtrp.P 12/15/05 SymbOS.Doomboot.R 12/15/05 SymbOS.Skulls.Q 12/15/05 SymbOS.Skulls.R 12/15/05 Trackware.SmartShopper 12/15/05 Trojan.Lodear.E 12/15/05 Trojan.Lodear.F 12/15/05 Trojan.Swepdat 12/15/05 W32.Beagle.CX@mm 12/15/05 W32.Dasher.A 12/15/05 W32.Dasher.B 12/15/05 W32.Meadre@mm 12/15/05 W32.Pozat 12/15/05 Adware.Wnad 12/14/05 PWSteal.MSNBancos 12/14/05 Trojan.Oxtic 12/14/05 W32.Gelito 12/14/05 W32.Solgi 12/14/05 W32.Uplot@mm 12/14/05 Spyware.Hiwire 12/13/05 SymbOS.Skulls.O 12/13/05 SymbOS.Skulls.P 12/13/05 Trojan.Zlob.G 12/13/05 SymbOS.Cardtrp.I 12/12/05 SymbOS.Cardtrp.J 12/12/05 SymbOS.Cardtrp.K 12/12/05 SymbOS.Cardtrp.L 12/12/05 Name Changes (sorted by Old Risk Name): Old Risk Name New Risk Name Date changed ------------- ------------- ------------ Adware.BroadcastPC.B to Adware.Broadcastpc.b 08/25/05 Adware.Clickbank to Adware.FakeMessage 08/22/05 Adware.Tbon to Adware.DropSpam 01/06/06 Alaper.c.ow to Alaper.C.ow 06/07/05 Backdoor.FooBot to Backdoor.Foobot 11/17/05 Backdoor.Jupillites to Trojan.Jupillites 08/01/05 Backdoor.Muquest to Trojan.Muquest 11/15/05 Backdoor.Sdbot.AR to Backdoor.Sdbot.AR!dr 06/08/05 Backdoor.Suckit to Backdoor.Tuckist 11/17/05 Backdoor.Tdiserv to W32.Tdiserv.A 06/22/05 Bin.Auto.CJK to Warfair.2553 06/22/05 Dialer.Goin ; Go In Di to Dialer.Goin 11/10/05 FakeGina.Trojan to Trojan.Fakegina 12/07/05 HLLP.13804 to HLLP.Pepe 06/09/05 HLLP.Nolon to HLLP.Nolon.gen 07/08/05 Intended.Zorm.458 to Zorm.458 07/06/05 Intended.Zorm.464 to Zorm.464 07/06/05 Intended.Zorm.495 to Zorm.495 07/06/05 MSIL.Idonut to MSIL.Idonus 10/17/05 PWSteal.JGinko to PWSteal.Jginko 07/09/05 PWSteal.Ragnarok to PWSteal.Okarag 09/26/05 SecurityRisk.Aries to SecurityRisk.First4DRM 11/08/05 Spyware.Alexa to Trackware.Alexa 07/19/05 Spyware.BrowserAccel to Trackware.BrowserAccel 10/17/05 Spyware.FKWPKeylog to Hacktool.FKWPKeylog 08/18/05 Trojan.Axidon to W32.Kelvir.HI 08/24/05 Trojan.Cmapp to Trojan.cmapp 08/12/05 Trojan.Download.Spaxe to Trojan.Spaxe 12/08/05 Trojan.LodAV.A to Trojan.Lodav.A 11/03/05 Trojan.Lodear.D to Trojan.Lodav.B 11/07/05 Trojan.cmapp to Trojan.Cmapp 08/11/05 W32.Aimdes.D to W32.Spybot.ABDO 12/10/05 W32.Bobax!gen to W32.Bobax 10/24/05 W32.Bobax.AA to W32.Bobax.AA@mm 08/01/05 W32.Bobax.AA@mm to W32.Bobax.AA 08/01/05 W32.Desktophijack to Trojan.Alemod 10/11/05 W32.Esbot.D to W32.Esbot.D 09/19/05 W32.Falus.A to W32.Falsu.A 08/01/05 W32.Gavgent.A@mm to W32.Gavgent.A 07/21/05 W32.Ider.A@mm to W32.Feebs.B@mm 12/23/05 W32.Incef to W32.Falus.A 08/01/05 W32.Kelvir.FN to Trojan.Kirvo 07/18/05 W32.Lile.A@mm to W32.Lile.A 10/14/05 W32.Lodear.A@mm to Trojan.Lodear 11/02/05 W32.Looksky.B to Backdoor.Naninf.A 11/17/05 W32.Monikey to W32.Monikey@mm 11/03/05 W32.Mytob.EK@mm to W32.Mytob.EK@mm 06/22/05 W32.Mytob.FZ@mm to W32.Mytob.LZ@mm 11/21/05 W32.Xddtray to W32.Xddtray@mm 11/25/05 W32.Zotob.C to W32.Zotob.C@mm 08/16/05 Name Changes (sorted by Date changed): Old Risk Name New Risk Name Date changed ------------- ------------- ------------ Adware.Tbon to Adware.DropSpam 01/06/06 W32.Ider.A@mm to W32.Feebs.B@mm 12/23/05 W32.Aimdes.D to W32.Spybot.ABDO 12/10/05 Trojan.Download.Spaxe to Trojan.Spaxe 12/08/05 FakeGina.Trojan to Trojan.Fakegina 12/07/05 W32.Xddtray to W32.Xddtray@mm 11/25/05 W32.Mytob.FZ@mm to W32.Mytob.LZ@mm 11/21/05 Backdoor.FooBot to Backdoor.Foobot 11/17/05 Backdoor.Suckit to Backdoor.Tuckist 11/17/05 W32.Looksky.B to Backdoor.Naninf.A 11/17/05 Backdoor.Muquest to Trojan.Muquest 11/15/05 Dialer.Goin ; Go In Di to Dialer.Goin 11/10/05 SecurityRisk.Aries to SecurityRisk.First4DRM 11/08/05 Trojan.Lodear.D to Trojan.Lodav.B 11/07/05 Trojan.LodAV.A to Trojan.Lodav.A 11/03/05 W32.Monikey to W32.Monikey@mm 11/03/05 W32.Lodear.A@mm to Trojan.Lodear 11/02/05 W32.Bobax!gen to W32.Bobax 10/24/05 MSIL.Idonut to MSIL.Idonus 10/17/05 Spyware.BrowserAccel to Trackware.BrowserAccel 10/17/05 W32.Lile.A@mm to W32.Lile.A 10/14/05 W32.Desktophijack to Trojan.Alemod 10/11/05 PWSteal.Ragnarok to PWSteal.Okarag 09/26/05 W32.Esbot.D to W32.Esbot.D 09/19/05 Adware.BroadcastPC.B to Adware.Broadcastpc.b 08/25/05 Trojan.Axidon to W32.Kelvir.HI 08/24/05 Adware.Clickbank to Adware.FakeMessage 08/22/05 Spyware.FKWPKeylog to Hacktool.FKWPKeylog 08/18/05 W32.Zotob.C to W32.Zotob.C@mm 08/16/05 Trojan.Cmapp to Trojan.cmapp 08/12/05 Trojan.cmapp to Trojan.Cmapp 08/11/05 Backdoor.Jupillites to Trojan.Jupillites 08/01/05 W32.Bobax.AA to W32.Bobax.AA@mm 08/01/05 W32.Bobax.AA@mm to W32.Bobax.AA 08/01/05 W32.Falus.A to W32.Falsu.A 08/01/05 W32.Incef to W32.Falus.A 08/01/05 W32.Gavgent.A@mm to W32.Gavgent.A 07/21/05 Spyware.Alexa to Trackware.Alexa 07/19/05 W32.Kelvir.FN to Trojan.Kirvo 07/18/05 PWSteal.JGinko to PWSteal.Jginko 07/09/05 HLLP.Nolon to HLLP.Nolon.gen 07/08/05 Intended.Zorm.458 to Zorm.458 07/06/05 Intended.Zorm.464 to Zorm.464 07/06/05 Intended.Zorm.495 to Zorm.495 07/06/05 Backdoor.Tdiserv to W32.Tdiserv.A 06/22/05 Bin.Auto.CJK to Warfair.2553 06/22/05 W32.Mytob.EK@mm to W32.Mytob.EK@mm 06/22/05 HLLP.13804 to HLLP.Pepe 06/09/05 Backdoor.Sdbot.AR to Backdoor.Sdbot.AR!dr 06/08/05 Alaper.c.ow to Alaper.C.ow 06/07/05 Deletions (sorted by Risk Name): Risk Name Date removed --------- ------------ Adware.180Search 11/14/05 Adware.180Solutions 11/14/05 Adware.2Search 11/14/05 Adware.7000n 11/14/05 Adware.ABXToolbar 11/14/05 Adware.AFAEnhance 11/14/05 Adware.AUNPS 11/14/05 Adware.ActiveSearch 11/14/05 Adware.AdBars 11/14/05 Adware.AdBlaster 11/14/05 Adware.AdBlock 11/14/05 Adware.AdChannel19 11/14/05 Adware.GameSpyArcade 01/06/06 Adware.Tbon 01/06/06 Adware.ZestyFind 12/10/05 Hacktool.Pwdump 12/07/05 Hacktool.Spagent 11/30/05 Hacktool.Spymon 11/25/05 Spyware.Look2Me 12/12/05 Trojan.Farknew 12/07/05 Deletions (sorted by Date removed): Risk Name Date removed --------- ------------ Adware.GameSpyArcade 01/06/06 Adware.Tbon 01/06/06 Spyware.Look2Me 12/12/05 Adware.ZestyFind 12/10/05 Hacktool.Pwdump 12/07/05 Trojan.Farknew 12/07/05 Hacktool.Spagent 11/30/05 Hacktool.Spymon 11/25/05 Adware.180Search 11/14/05 Adware.180Solutions 11/14/05 Adware.2Search 11/14/05 Adware.7000n 11/14/05 Adware.ABXToolbar 11/14/05 Adware.AFAEnhance 11/14/05 Adware.AUNPS 11/14/05 Adware.ActiveSearch 11/14/05 Adware.AdBars 11/14/05 Adware.AdBlaster 11/14/05 Adware.AdBlock 11/14/05 Adware.AdChannel19 11/14/05 Remediation Added: Risk Name Date added --------- ---------- Adware.HMToolbar 12/05/05 Adware.SpySheriff 12/05/05 Adware.Inetex 12/05/05 Spyware.Ashlt 12/05/05 Spyware.Netrat 12/05/05 SecurityRisk.LowZones 12/02/05 WinFixer 12/02/05 Dialer.Palazzo 12/02/05 Adware.WebMisc 12/01/05 Adware.Downreceive 11/30/05 Adware.PigSearch 11/30/05 Spyware.Farsighter 11/30/05 Spyware.Spagent 11/30/05 Spyware.Spy4PC 11/30/05 Adware.Director 11/30/05 Adware.Redir 11/30/05 Adware.Links 11/29/05 Adware.MoneyGainer 11/26/05 Spyware.Marketscore 11/26/05 Adware.Borlan 11/25/05 Adware.IEhlpr 11/25/05 Adware.LittleHelper 11/23/05 Adware.WebDir 11/23/05 W32.Sober.X@mm 11/23/05 Adware.Henbang 11/17/05 Adware.Webext 11/16/05 Spyware.SA_PCSpy 11/16/05 Spyware.Snoop 11/16/05 Adware.Idocha 11/11/05 SpyWare.Spyarsenallog 11/11/05 Backdoor.Ryknos 11/10/05 Adware.TopAv 11/09/05 SecurityRisk.First4DRM 11/08/05 SecurityRisk.Aries 11/08/05 Adware.BocaiToolbar 11/03/05 Adware.SweetBar 11/03/05 SecurityRisk.HubSafe 11/03/05 Spyware.EmailSpy 11/03/05 Spyware.HSLABLogger 11/01/05 Spyware.IamBigBrother 11/01/05 Spyware.Intraspy 10/28/05 Adware.EnergyPlugin 10/27/05 Dialer.MicroDialer 10/27/05 Spyware.WSLogger 10/26/05 Trackware.Webhancer 10/26/05 Hacktool.XScan 10/25/05 Adware.MDSSearchboost 10/25/05 Adware.PLook 10/25/05 Adware.SideBySide 10/25/05 Adware.UMaxsearch 10/25/05 Remediation Deleted: Risk Name Date removed --------- ------------ Hacktool.Spagent 11/30/05 SecurityRisk.Aries 11/08/05 Spyware.HSLABLogger 10/29/05 Spyware.IamBigBrother 10/29/05 Spyware.Webhancer 10/26/05 Adware.SearchCashbar 10/24/05 Backdoor.Subseven.22a 10/24/05 Spyware.NetVisor 10/24/05 Spyware_PCParent 10/24/05 Spyware_SaveKeys 10/24/05 Adware.GreenIo 10/24/05 Adware.Instdollars 10/24/05 Adware.Metasearch 10/24/05 Adware.Searchbarcash 10/24/05 Backdoor.Subseven.22.a 10/24/05 Spyware.NetVizor 10/24/05 Spyware.PCParent 10/24/05 Spyware.SaveKeys 10/24/05 Spyware.BrowserAccel 10/17/05 Adware.EraserAll 10/12/05 Dialer.Palazzo 10/07/05 Trojan.ISTsvc 10/07/05 Remediation Modified: Risk Name Date modified --------- ------------- Adware.Metasearch 10/25/05 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.