home *** CD-ROM | disk | FTP | other *** search
/ PC World 2000 July / PCWorld_2000-07_cd.bin / Software / Antiviry / nav32 / 0530i32.exe / whatsnew.txt < prev    next >
Text File  |  2000-05-30  |  19KB  |  349 lines

  1. **********************************************************************
  2. **                                                                  **
  3. **  What's New in the NAV Virus Definitions Files      WHATSNEW.TXT **
  4. **                                                                  **
  5. **  Symantec AntiVirus Research Center (SARC)          May 30 ,2000 **
  6. **                                                                  **
  7. **********************************************************************
  8. This document contains the following topics:
  9.  
  10.  * Virus Alerts
  11.  * New Technologies
  12.  * Changes Incorporated Into This Update
  13.  * Enabling Scanning Features
  14.  * Additional Information
  15.  
  16. **********************************************************************
  17. ** Virus Alerts                                                     **
  18. **********************************************************************
  19. VBS.LoveLetter, a new worm which has been wide-spread since May 4th,
  20. is detected by this definitions set.  
  21.  
  22. The ten most commonly reported viruses, worldwide:
  23.  
  24.     1  VBS.LoveLetter.A
  25.     2  WScript.KakWorm
  26.     3  VBS.Network
  27.     4  W95.CIH
  28.     5  Happy99.Worm
  29.     6  Worm.ExploreZip
  30.     7  W97M.ColdApe
  31.     8  W97M.Ethan
  32.     9  W97M.Melissa
  33.    10  WM.Cap
  34.  
  35. **********************************************************************
  36. ** New Technologies                                                 **
  37. **********************************************************************
  38.  
  39. DATE         Technologies Added
  40. ----         ------------------
  41. 8/19/98    * Excel heuristics which detect and repair new and unknown
  42.              macro viruses in Excel 95 & 97 documents.
  43.  
  44. 9/16/98    * Added repair for encrypted Excel 97 documents.
  45.  
  46. 10/21/98   * Heuristics to detect AOL Password Stealer Trojans.
  47.            * WORD Heuristics improvement to increase detection rate.
  48.  
  49. 12/17/98   * Macro Exclusion Engine to speed up the scanning for Word
  50.              and Excel documents.
  51.            * PowerPoint engine to scan PowerPoint related viruses.
  52.              To enable this technology please read "Enabling/Disabling
  53.              PowerPoint Scanning" section later in this document.
  54.  
  55. 02/18/99   * Detection and repair of macro viruses in Word and Excel
  56.              2000 documents.
  57.  
  58. 05/15/99   * Added repair for PowerPoint viruses.
  59.            * Improved heuristics to detect more WORD 97 related
  60.              viruses.
  61.  
  62. 06/10/99   * Menu repair technology for WORD macro viruses that change
  63.              command bar customizations in NORMAL.DOT.
  64.  
  65. 07/12/99   * Added support for scanning of Ichitaro 8/9 documents.
  66.              (Ichitaro is a Japanese word processing program).
  67.  
  68. 08/19/99   * Added detection and repair for embedded documents inside
  69.              PowerPoint 97.
  70.  
  71. 11/22/99   * Added detection and repair for Trojans embedded in OLE
  72.              files, such as Windows scrap files and MS Office
  73.              documents.
  74.            * Added detection for viruses which infect Microsoft
  75.              Project documents (P98M.Corner.A, for example).
  76.  
  77. 02/10/00   * Added support for scanning of UNIX executables.
  78.            * Added detection for infected Visio documents.
  79.  
  80. **********************************************************************
  81. ** Changes Incorporated Into This Virus Definitions Update          **
  82. **********************************************************************
  83. New virus definitions:
  84.  
  85.         Virus Name                Infection Type          Week added
  86.         ----------                --------------          ----------
  87.         911BAT.Worm.B             File infector           05/04/00
  88.         Backdoor.Asylum           File infector           05/09/00
  89.         Backdoor.Eclypse          File infector           05/04/00
  90.         Backdoor.Fantasy          File infector           05/04/00
  91.         Backdoor.Frenzy           File infector           05/09/00
  92.         Backdoor.GDoor            File infector           05/30/00
  93.         Backdoor.Muie             File infector           05/09/00
  94.         backdoor.netbus.12        File infector           05/09/00
  95.         Backdoor.Ping.C           File infector           05/04/00
  96.         Backdoor.Poly             File infector           05/04/00
  97.         Backdoor.PolyDrop         File infector           05/04/00
  98.         Backdoor.Servidor         File infector           05/30/00
  99.         Backdoor.Wincrash         File infector           05/09/00
  100.         Bat.Winstart_II.511       File infector           05/30/00
  101.         Beard.Trojan              File infector           05/04/00
  102.         CLRC.554                  File infector           05/04/00
  103.         ConCon.Trojan             File infector           05/15/00
  104.         DrZip.512                 File infector           05/22/00
  105.         FEC(b)                    Boot infector           05/04/00
  106.         FEC.Dropper               File infector           05/04/00
  107.         GIP.Trojan                File infector           05/22/00
  108.         ICQ.PWS.Trojan            File infector           05/09/00
  109.         Intd.Leprosy.TheThing     File infector           05/04/00
  110.         IRC.Csr.Worm              File infector           05/04/00
  111.         JPEG.Trojan               File infector           05/30/00
  112.         Linux.DDoS.MStream        File infector           05/22/00
  113.         Maze.Trojan               File infector           05/30/00
  114.         Movie.Pif.Worm.B          File infector           05/09/00
  115.         Netsphere.Trojan          File infector           05/04/00
  116.         O97M.CyberNet.A           File infector           05/22/00
  117.         O97M.Hopper.U             File infector           05/04/00
  118.         PriceDoc.Trojan           File infector           05/30/00
  119.         PWS.Hooker.Trojan         File infector           05/04/00
  120.         PWSteal.LoveLetter        File infector           05/04/00
  121.         Solaris.DDoS.MStream      File infector           05/22/00
  122.         Stoned.HM (db)            Boot infector           05/09/00
  123.         Trojan.Ansibomb           File infector           05/30/00
  124.         Trojan.Bat.Format.FR      File infector           05/09/00
  125.         Trojan.Call911            File infector           05/04/00
  126.         Trojan.WinDac             File infector           05/04/00
  127.         Unix.LoveLetter           File infector           05/15/00
  128.         VBS.CoolNote              File infector           05/30/00
  129.         VBS.Fireburn.A            File infector           05/30/00
  130.         VBS.LoveLetter.(HTM)      File infector           05/05/00
  131.         VBS.LoveLetter.A          File infector           05/04/00
  132.         VBS.LoveLetter.A(1)       File infector           05/05/00
  133.         VBS.LoveLetter.B(1)       File infector           05/05/00
  134.         VBS.LoveLetter.C(1)       File infector           05/05/00
  135.         VBS.LoveLetter.E          File infector           05/08/00
  136.         VBS.LoveLetter.E(1)       File infector           05/08/00
  137.         VBS.LoveLetter.E(2)       File infector           05/08/00
  138.         VBS.LoveLetter.E(3)       File infector           05/08/00
  139.         VBS.LoveLetter.F          File infector           05/08/00
  140.         VBS.LoveLetter.F(1)       File infector           05/08/00
  141.         VBS.LoveLetter.F(2)       File infector           05/08/00
  142.         VBS.LoveLetter.F(3)       File infector           05/08/00
  143.         VBS.LoveLetter.G          File infector           05/08/00
  144.         VBS.LoveLetter.G(1)       File infector           05/08/00
  145.         VBS.LoveLetter.G(2)       File infector           05/08/00
  146.         VBS.LoveLetter.G(3)       File infector           05/08/00
  147.         VBS.LoveLetter.H          File infector           05/08/00
  148.         VBS.LoveLetter.I          File infector           05/08/00
  149.         VBS.LoveLetter.K          File infector           05/08/00
  150.         VBS.LoveLetter.L          File infector           05/08/00
  151.         VBS.LoveLetter.M          File infector           05/08/00
  152.         VBS.LoveLetter.N          File infector           05/08/00
  153.         VBS.LoveLetter.O          File infector           05/08/00
  154.         VBS.LoveLetter.P          File infector           05/08/00
  155.         VBS.LoveLetter.Q          File infector           05/08/00
  156.         VBS.LoveLetter.R          File infector           05/08/00
  157.         VBS.LoveLetter.S          File infector           05/08/00
  158.         VBS.LoveLetter.variant    File infector           05/05/00
  159.         VBS.Lowjo                 File infector           05/30/00
  160.         VBS.MP3Free.A             File infector           05/22/00
  161.         VBS.MP3Free.A(2)          File infector           05/15/00
  162.         VBS.NewLove.A             File infector           05/18/00
  163.         VBS.Scrambled             File infector           05/30/00
  164.         VCG.Belka                 File infector           05/22/00
  165.         W32.Android.Worm          File infector           05/22/00
  166.         W32.Blink.8192            File infector           05/15/00
  167.         W32.Cargo.B.Int           File infector           05/22/00
  168.         W32.Demo.Worm             File infector           05/22/00
  169.         W32.Dolly.14848.Mirc      File infector           05/15/00
  170.         W32.Headline.Worm.Int     File infector           05/04/00
  171.         W32.Hellfire.Mirc         File infector           05/22/00
  172.         W32.HLLO.ZMK.30030        File infector           05/22/00
  173.         W32.HLLP.Cramb            File infector           05/04/00
  174.         W32.HLLP.Cramb.B          File infector           05/22/00
  175.         W32.HLLP.Gotem.Int        File infector           05/15/00
  176.         W32.HLLP.Hetis.34304      File infector           05/04/00
  177.         W32.HLLP.This.16896       File infector           05/22/00
  178.         W32.Magic.1922            File infector           05/22/00
  179.         W32.Mypics.Worm.36352     File infector           05/09/00
  180.         W32.PrettyPark.O.Worm     File infector           05/04/00
  181.         W32.RainSong.3891         File infector           05/15/00
  182.         W32.Riccy.A               File infector           05/22/00
  183.         W32.Riccy.B               File infector           05/22/00
  184.         W32.Riccy.C               File infector           05/22/00
  185.         W32.Segax.Gen             File infector           05/30/00
  186.         W32.Silver.Mirc           File infector           05/22/00
  187.         W32.Southpark.Worm        File infector           05/15/00
  188.         W32.Tasmer.46395          File infector           05/15/00
  189.         W95.CIH.1103.Int          File infector           05/30/00
  190.         W95.CIH.1297.Int          File infector           05/30/00
  191.         W95.Grenp.2804            File infector           05/04/00
  192.         W95.Kala.7620             File infector           05/15/00
  193.         W95.Sab.753               File infector           05/04/00
  194.         W95.Shaitan.3550          File infector           05/22/00
  195.         W95.SillyWR.Gen           File infector           05/04/00
  196.         W95.ZOM                   File infector           05/22/00
  197.         W95.ZOM.Gen               File infector           05/30/00
  198.         W95.Zomb.432              File infector           05/22/00
  199.         W97M.Aquil                File infector           05/30/00
  200.         W97M.Bablas.W             File infector           05/30/00
  201.         W97M.Bablas.X             File infector           05/30/00
  202.         W97M.Balblas.Y            File infector           05/30/00
  203.         W97M.Blink.8192.A         File infector           05/15/00
  204.         W97M.Candle.B             File infector           05/30/00
  205.         W97M.Claud.B              File infector           05/30/00
  206.         W97M.Claudio.B            File infector           05/30/00
  207.         W97M.DogHack              File infector           05/30/00
  208.         W97M.Donkey               File infector           05/30/00
  209.         W97M.Eight941.G           File infector           05/09/00
  210.         W97M.Eight941.H           File infector           05/09/00
  211.         W97M.Eight941.I           File infector           05/15/00
  212.         W97M.Fly                  File infector           05/30/00
  213.         W97M.Groov.F              File infector           05/30/00
  214.         W97M.Heels.A              File infector           05/15/00
  215.         W97M.LCM                  File infector           05/04/00
  216.         W97M.LoveDrop             File infector           05/22/00
  217.         W97M.Lupi.C               File infector           05/04/00
  218.         W97M.Marker.BB            File infector           05/30/00
  219.         W97M.MARKER.CB            File infector           05/09/00
  220.         W97M.Marker.CR            File infector           05/09/00
  221.         W97M.MARKER.CS            File infector           05/15/00
  222.         W97M.Marker.CT            File infector           05/22/00
  223.         W97M.Marker.CU            File infector           05/30/00
  224.         W97M.Marker.Intend        File infector           05/30/00
  225.         W97M.Marker.S             File infector           05/22/00
  226.         W97M.Melissa.BG           File infector           05/26/00
  227.         W97M.Opey.D               File infector           05/30/00
  228.         W97M.OutlookWorm.Gen      File infector           05/26/00
  229.         W97M.Shab                 File infector           05/09/00
  230.         W97M.Shining.A            File infector           05/15/00
  231.         W97M.Sprite               File infector           05/22/00
  232.         W97M.Stand                File infector           05/30/00
  233.         W97M.Thus.T               File infector           05/04/00
  234.         W97M.Thus.U               File infector           05/04/00
  235.         W97M.Thus.V               File infector           05/22/00
  236.         W97M.Thus.W               File infector           05/30/00
  237.         W97M.Ucase                File infector           05/09/00
  238.         W97M.Verlor (dropped)     File infector           05/30/00
  239.         W97M.VMPCK1.DH            File infector           05/04/00
  240.         W97M.VMPCK1.DJ            File infector           05/09/00
  241.         W97M.Vortex               File infector           05/30/00
  242.         W97M.XYZ.A                File infector           05/04/00
  243.         Winfig.Trojan             File infector           05/04/00
  244.         X97M.Automat.AH           File infector           05/04/00
  245.         X97M.Automat.AJ           File infector           05/15/00
  246.         X97M.Automat.AK           File infector           05/15/00
  247.         X97M.Automat.AM           File infector           05/22/00
  248.         X97M.Divi.G               File infector           05/30/00
  249.         X97M.Laroux.KV            File infector           05/26/00
  250.         X97M.Laroux.KW            File infector           05/30/00
  251.         X97M.OutlookWorm.Gen      File infector           05/26/00
  252.         XM.Automat.AI             File infector           05/09/00
  253.         XM.Automat.AL             File infector           05/15/00
  254.         Zhit.1654                 File infector           05/04/00
  255.         Zombie.3592               File infector           05/22/00
  256.  
  257.  
  258. Name Changes:
  259.  
  260.         Old Virus Name            New Virus Name          Date changed
  261.         --------------            --------------          ------------
  262.         Backdoor.Psychward.b   to Backdoor.Psychward      05/15/00
  263.         VBS.NewLove.A2(gen 1)  to VBS.NewLove.A2(Gen 1)   05/22/00
  264.         W32.Inrar.B            to W32.Inrar.Gen           05/30/00
  265.         W32.Magic.7045.B       to W32.Magic.7045.Gen      05/22/00
  266.  
  267.  
  268. Deletions:
  269.  
  270.         Virus Name                Infection Type          Date removed
  271.         ----------                --------------          ------------
  272.         Joshi Dropper             Boot infector           05/04/00
  273.         Narcosis (d)              File infector           05/04/00
  274.         X97M.Automat.AJ           File infector           05/22/00
  275.         XM.Automat.AL             File infector           05/22/00
  276.  
  277.  
  278. **********************************************************************
  279. **  Enabling Scanning Features                                      **
  280. **********************************************************************
  281.  
  282. Several scanning features can be enabled through the use of an INF 
  283. configuration file.  For NAV for Windows 95/NT version 4.x and later, 
  284. or NAV for OS/2, this configuration file should be called NAVEX15.INF
  285. and should be placed in the directory where NAV is installed (i.e.,
  286. C:\Program Files\Norton AntiVirus).  For NAV for Netware version 4.x,
  287. the file should be called NAVEX15.INF and should be placed in the 
  288. directory where NAV 4.x is installed (i.e., sys:system\navnlm). For
  289. NAV for Windows 95/NT version 2.0, NAV 4.x for Windows 3.1/DOS,
  290. NAVIEG 1.x, or NAVFW 1.x, the file should be named NAVEX.INF and
  291. should be placed in the directory where NAV is installed (i.e., C:\NAV).
  292. If this configuration file does not exist, create one in the appropriate
  293. directory if you want to change the default settings.
  294.  
  295. To enable a scanning feature for a particular component, one or more 
  296. entries need to be added to the configuration file under the correct
  297. section.  For each platform there is a corresponding section that is used 
  298. in the INF file.  Below is a table of section names and platforms.
  299.  
  300. Section Name    Platform
  301. ------------    --------
  302. NAVW32          Windows 95/98/NT
  303. NAVAP           Windows 95/98/NT Auto-Protect
  304. NAVDX           DOS
  305. NAVNLM          Netware
  306. NAVWIN          Windows 3.1
  307. NAVOS2          OS/2
  308. NAVAIX          AIX
  309. NAVSOL          Solaris
  310.  
  311. Entries are case insensitive.  Below is a description of possible 
  312. entries.
  313.  
  314. 1. Files can be excluded from scans by the NAVEX engine.  To exclude a
  315. specific file from the NAVEX engine scan, add an entry with the full
  316. path and file name.  This is case insensitive.  No wildcards are allowed.
  317. To exclude multiple files, add a separate entry for each file.  To exclude
  318. a file, add an entry like the one below where <PATH> is the full path
  319. and file name.
  320.         ExcludeFile = <PATH>
  321.  
  322. 2. Files within a directory can be excluded from scans by the NAVEX engine.
  323. To exclude all files within a directory, add an entry with the full 
  324. directory path.  This is case insensitive.  No wildcards are allowed.  This
  325. does not exclude files located in subdirectories of the specified 
  326. directory.  To exclude multiple directories, add a separate entry for each
  327. directory. To exclude a directory, add an entry like the one below where
  328. <DIRECTORY> is the full path.
  329.         ExcludeDirectory = <DIRECTORY>
  330.  
  331. The following example of an INF configuration file excludes two files, 
  332. NOSCAN.EXE and BIGFILE.DOC, from NAVEX scans for the Windows 95/98/NT 
  333. scanner.  It excludes the D:\PRIVATE directory from Windows 95/98/NT 
  334. Auto-Protect.
  335.  
  336. [NAVW32]
  337. ExcludeFile = C:\PROGRAM FILES\NOSCAN.EXE
  338. ExcludeFile = C:\TEMP\BIGFILE.DOC
  339.  
  340. [NAVAP]
  341. ExcludeDirectory = D:\PRIVATE
  342.  
  343. **********************************************************************
  344. **    Additional Information                                        **
  345. **********************************************************************
  346.  
  347. Additional information regarding this virus definitions update can be
  348. found in UPDATE.TXT and TECHNOTE.TXT.
  349.