********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response February 17, 2004 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for October 2003, worldwide: 1 Download.Adware.Lop 2 Trojan.ByteVerify 3 Trojan Horse 4 W32.Bugbear.B@mm 5 W32.Swen.A@mm 6 IRC Trojan 7 HTML.Redlof.A 8 Download.Trojan 9 Trojan.Bootconf 10 W32.Klez.H@mm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Adware.AdGoblin File infector 02/16/04 Adware.Buddylinks File infector 02/11/04 Adware.Envolo File infector 01/30/04 Adware.NDotNet File infector 02/05/04 Adware.PrecisionPop File infector 02/16/04 Adware.Purityscan.b File infector 02/03/04 Adware.SideSearch File infector 02/16/04 Adware.WhistleHelp File infector 02/09/04 Adware.ZestyFind File infector 02/16/04 Adware.eAnthology File infector 02/11/04 BAT.Wonger@mm File infector 01/29/04 Backdoor.Domwis File infector 02/06/04 Backdoor.IRC.Aladinz.J File infector 02/09/04 Backdoor.Jacktron.20 File infector 02/05/04 Backdoor.Lax File infector 02/16/04 Backdoor.Optix.04.E File infector 02/10/04 Backdoor.OptixPro.13.C File infector 02/06/04 Backdoor.Padonock File infector 02/13/04 Bin.Auto.CLZ File infector 02/04/04 Bloodhound.Exploit.5 File infector 02/06/04 Bloodhound.Exploit.6 File infector 02/16/04 Born.1037 File infector 02/02/04 Born.1038 File infector 02/02/04 Burn.743 File infector 02/02/04 Burn.759 File infector 02/02/04 Burn.773 File infector 02/02/04 Cybertech.225.b File infector 02/02/04 Cybertech.507 File infector 02/02/04 Dialer.HeissSex File infector 02/16/04 Dialer.UDIS File infector 02/16/04 Hacktool.PassReminder File infector 02/13/04 Hacktool.Sfind File infector 02/10/04 Hacktool.UdpFlood File infector 02/16/04 JS.Paula File infector 02/11/04 JS.Sinop File infector 01/29/04 Keylogger.Stawin File infector 01/29/04 PHP.Rabow File infector 01/29/04 PWSteal.Olbaid File infector 01/29/04 Trojan.Bansap File infector 02/12/04 Trojan.Conspy File infector 02/05/04 Trojan.Gutta File infector 02/10/04 Trojan.PWS.QQPass.F File infector 02/12/04 VBS.Bootconf.B File infector 02/10/04 VBS.Clex File infector 02/04/04 VBS.Laske@mm File infector 02/13/04 VBS.Nobelman File infector 02/11/04 VBS.Nohat@mm@int File infector 02/09/04 VBS.Samplo File infector 02/04/04 VBS.Shania File infector 02/02/04 W32.Alua@mm File infector 02/17/04 W32.Blaster.K.Worm File infector 02/04/04 W32.Dinfor.Worm File infector 02/06/04 W32.Doomhunter File infector 02/13/04 W32.Dumaru.AD@mm File infector 02/03/04 W32.Dumaru.AH@mm File infector 02/11/04 W32.Dumaru.dam File infector 02/11/04 W32.Evolmi.Worm File infector 02/04/04 W32.Fesber.Worm File infector 02/04/04 W32.Galil.F@mm File infector 02/03/04 W32.HLLO.Clatch File infector 02/04/04 W32.HLLO.Wiken File infector 02/04/04 W32.HLLP.Shodi File infector 02/12/04 W32.HLLP.Yero.Worm File infector 02/10/04 W32.HLLP.Yero.Worm.dr File infector 02/10/04 W32.HLLW.Anig File infector 01/29/04 W32.HLLW.Antinny.E File infector 02/17/04 W32.HLLW.Aozo File infector 02/04/04 W32.HLLW.Arelef@mm File infector 02/04/04 W32.HLLW.Chemsvy File infector 02/03/04 W32.HLLW.Cult.M@mm File infector 02/16/04 W32.HLLW.Deadhat File infector 02/09/04 W32.HLLW.Deadhat.B File infector 02/13/04 W32.HLLW.Doomjuice File infector 02/09/04 W32.HLLW.Doomjuice.B File infector 02/11/04 W32.HLLW.Gaobot.JB File infector 02/04/04 W32.HLLW.Gase.B@mm File infector 02/09/04 W32.HLLW.Hofox@mm File infector 02/04/04 W32.HLLW.Moega.AG File infector 02/10/04 W32.HLLW.Reven File infector 02/04/04 W32.HLLW.Rolog File infector 02/04/04 W32.Hostidel.Trojan.C File infector 02/04/04 W32.Kifer File infector 02/10/04 W32.Kifer.B File infector 02/16/04 W32.Mimail.T@mm File infector 02/05/04 W32.Mimail.U@mm File infector 02/16/04 W32.Mydoom.A@mm.enc File infector 02/03/04 W32.Netsky@mm File infector 02/16/04 W32.Rusty@mm File infector 02/16/04 W32.SillyIRC File infector 02/04/04 W32.Welchia.B.Worm File infector 02/11/04 W32.Welchia.C.Worm File infector 02/16/04 W32.Yenik.A.Worm File infector 02/10/04 W32.Zevity File infector 02/06/04 W97M.Chameleon.B File infector 02/06/04 W97M.Pesmas File infector 02/11/04 Worf.303 File infector 02/02/04 X97M.Doccopy.F File infector 01/30/04 X97M.Ellar.F File infector 02/16/04 X97M.Esab File infector 02/13/04 X97M.Seitty File infector 01/30/04 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- W32.Alua@mm File infector 02/17/04 W32.HLLW.Antinny.E File infector 02/17/04 Adware.AdGoblin File infector 02/16/04 Adware.PrecisionPop File infector 02/16/04 Adware.SideSearch File infector 02/16/04 Adware.ZestyFind File infector 02/16/04 Backdoor.Lax File infector 02/16/04 Bloodhound.Exploit.6 File infector 02/16/04 Dialer.HeissSex File infector 02/16/04 Dialer.UDIS File infector 02/16/04 Hacktool.UdpFlood File infector 02/16/04 W32.HLLW.Cult.M@mm File infector 02/16/04 W32.Kifer.B File infector 02/16/04 W32.Mimail.U@mm File infector 02/16/04 W32.Netsky@mm File infector 02/16/04 W32.Rusty@mm File infector 02/16/04 W32.Welchia.C.Worm File infector 02/16/04 X97M.Ellar.F File infector 02/16/04 Backdoor.Padonock File infector 02/13/04 Hacktool.PassReminder File infector 02/13/04 VBS.Laske@mm File infector 02/13/04 W32.Doomhunter File infector 02/13/04 W32.HLLW.Deadhat.B File infector 02/13/04 X97M.Esab File infector 02/13/04 Trojan.Bansap File infector 02/12/04 Trojan.PWS.QQPass.F File infector 02/12/04 W32.HLLP.Shodi File infector 02/12/04 Adware.Buddylinks File infector 02/11/04 Adware.eAnthology File infector 02/11/04 JS.Paula File infector 02/11/04 VBS.Nobelman File infector 02/11/04 W32.Dumaru.AH@mm File infector 02/11/04 W32.Dumaru.dam File infector 02/11/04 W32.HLLW.Doomjuice.B File infector 02/11/04 W32.Welchia.B.Worm File infector 02/11/04 W97M.Pesmas File infector 02/11/04 Backdoor.Optix.04.E File infector 02/10/04 Hacktool.Sfind File infector 02/10/04 Trojan.Gutta File infector 02/10/04 VBS.Bootconf.B File infector 02/10/04 W32.HLLP.Yero.Worm File infector 02/10/04 W32.HLLP.Yero.Worm.dr File infector 02/10/04 W32.HLLW.Moega.AG File infector 02/10/04 W32.Kifer File infector 02/10/04 W32.Yenik.A.Worm File infector 02/10/04 Adware.WhistleHelp File infector 02/09/04 Backdoor.IRC.Aladinz.J File infector 02/09/04 VBS.Nohat@mm@int File infector 02/09/04 W32.HLLW.Deadhat File infector 02/09/04 W32.HLLW.Doomjuice File infector 02/09/04 W32.HLLW.Gase.B@mm File infector 02/09/04 Backdoor.Domwis File infector 02/06/04 Backdoor.OptixPro.13.C File infector 02/06/04 Bloodhound.Exploit.5 File infector 02/06/04 W32.Dinfor.Worm File infector 02/06/04 W32.Zevity File infector 02/06/04 W97M.Chameleon.B File infector 02/06/04 Adware.NDotNet File infector 02/05/04 Backdoor.Jacktron.20 File infector 02/05/04 Trojan.Conspy File infector 02/05/04 W32.Mimail.T@mm File infector 02/05/04 Bin.Auto.CLZ File infector 02/04/04 VBS.Clex File infector 02/04/04 VBS.Samplo File infector 02/04/04 W32.Blaster.K.Worm File infector 02/04/04 W32.Evolmi.Worm File infector 02/04/04 W32.Fesber.Worm File infector 02/04/04 W32.HLLO.Clatch File infector 02/04/04 W32.HLLO.Wiken File infector 02/04/04 W32.HLLW.Aozo File infector 02/04/04 W32.HLLW.Arelef@mm File infector 02/04/04 W32.HLLW.Gaobot.JB File infector 02/04/04 W32.HLLW.Hofox@mm File infector 02/04/04 W32.HLLW.Reven File infector 02/04/04 W32.HLLW.Rolog File infector 02/04/04 W32.Hostidel.Trojan.C File infector 02/04/04 W32.SillyIRC File infector 02/04/04 Adware.Purityscan.b File infector 02/03/04 W32.Dumaru.AD@mm File infector 02/03/04 W32.Galil.F@mm File infector 02/03/04 W32.HLLW.Chemsvy File infector 02/03/04 W32.Mydoom.A@mm.enc File infector 02/03/04 Born.1037 File infector 02/02/04 Born.1038 File infector 02/02/04 Burn.743 File infector 02/02/04 Burn.759 File infector 02/02/04 Burn.773 File infector 02/02/04 Cybertech.225.b File infector 02/02/04 Cybertech.507 File infector 02/02/04 VBS.Shania File infector 02/02/04 Worf.303 File infector 02/02/04 Adware.Envolo File infector 01/30/04 X97M.Doccopy.F File infector 01/30/04 X97M.Seitty File infector 01/30/04 BAT.Wonger@mm File infector 01/29/04 JS.Sinop File infector 01/29/04 Keylogger.Stawin File infector 01/29/04 PHP.Rabow File infector 01/29/04 PWSteal.Olbaid File infector 01/29/04 W32.HLLW.Anig File infector 01/29/04 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.IRC.Microb to Backdoor.IRC.Microb 12/05/03 Backdoor.Fxdoor to Tcl.Sendrak 01/18/04 Backdoor.Hazzer to Trojan.Hazzer 12/18/03 Backdoor.Lolok.B to W97M.Tebit 01/22/04 Backdoor.NetTrash to W32.HLLW.Nettrash 01/14/04 Backdoor.Togfer to Backdoor.Tofger 12/09/03 HTML.Bother.3180 to VBS.Bother.3180 02/13/04 HTML.Bother.3180.dr to VBS.Bother.3180.dr 02/13/04 HTML.Davinia.B.dam to VBS.Davinia.B.dam 02/13/04 HTML.Davinia.dam to VBS.Davinia.dam 02/13/04 HTML.Enel.3787 to VBS.Enel.3787 02/13/04 HTML.Enel.3787 (2) to VBS.Enel.3787 (2) 02/13/04 HTML.NoWarn.1921 to VBS.NoWarn.1921 02/13/04 HTML.NoWarn.1921 (2) to VBS.NoWarn.1921 (2) 02/13/04 HTML.Offline.1152 to VBS.Offline.1152 02/13/04 HTML.Panamas to VBS.Panamas 02/13/04 HTML.Prepend to VBS.Prepend 02/13/04 HTML.Prepender to VBS.Prepender 02/13/04 HTML.Pswform.trojan to VBS.Pswform.trojan 02/13/04 HTML.Reality to VBS.Reality 02/13/04 HTML.Reality.B to VBS.Reality.B 02/13/04 HTML.Reality.D to VBS.Reality.D 02/13/04 HTML.Redir.1152 to VBS.Redir.1152 02/13/04 HTML.Redlof.A to VBS.Redlof.A 02/13/04 HTML.Rumbile to VBS.Rumbile 02/13/04 HTML.StartMe to JS.StartMe 02/13/04 HTML.Tipsy.1969 to JS.Tipsy.1969 02/13/04 Hacktool.X-Scan to Hacktool.XScan 01/19/04 MHTML.Redir.Exploit to MHTMLRedir.Exploit 12/12/03 PWSteal.Leox to W32.HLLW.Leox 01/19/04 PWSteal.RTCW to Backdoor.NetTrash 01/13/04 Trojan.Conspy to Adware.Conspy 02/11/04 Trojan.Dalfer to Joke.Apeldorn 01/12/04 Trojan.Dalfer.B to Adware.Smartsearch 01/12/04 Trojan.Dalfer.C to W32.Spybot.WI 01/18/04 Trojan.Dalfer.C to W97M.Twopey.E 01/15/04 Trojan.Narat to Adware.Mpgcom 01/05/04 VBS.Nohat@mm@int to VBS.Nohat@mm.int 02/11/04 W32.Alua@mm to W32.Beagle.B@mm 02/17/04 W32.Gase to W32.Gase.intd 12/30/03 W32.HLLW.Gaobot.EZ to W32.HLLW.Gaobot.FB 01/05/04 W32.HLLW.Rolog to W32.Letin 02/05/04 W32.Mertian@mm to W32.Mertian.Worm 12/15/03 W32.Mimail.R@mm to W32.Mimail.S@mm 01/29/04 W32.Novarg.A@mm to W32.Mydoom.A@mm 02/04/04 W32.Rusty@mm to W32.Rusty@m 02/16/04 W32.Yenik.A.Worm to W32.Yenik.A@mm 02/10/04 W97M.Chameleon.B to W97M.Chameleon.I 02/12/04 W97M.Gedza to O97M.Gedza 01/22/04 X97M.Gedza to VBS.Vaper@mm 01/22/04 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ W32.Alua@mm to W32.Beagle.B@mm 02/17/04 W32.Rusty@mm to W32.Rusty@m 02/16/04 HTML.Bother.3180 to VBS.Bother.3180 02/13/04 HTML.Bother.3180.dr to VBS.Bother.3180.dr 02/13/04 HTML.Davinia.B.dam to VBS.Davinia.B.dam 02/13/04 HTML.Davinia.dam to VBS.Davinia.dam 02/13/04 HTML.Enel.3787 to VBS.Enel.3787 02/13/04 HTML.Enel.3787 (2) to VBS.Enel.3787 (2) 02/13/04 HTML.NoWarn.1921 to VBS.NoWarn.1921 02/13/04 HTML.NoWarn.1921 (2) to VBS.NoWarn.1921 (2) 02/13/04 HTML.Offline.1152 to VBS.Offline.1152 02/13/04 HTML.Panamas to VBS.Panamas 02/13/04 HTML.Prepend to VBS.Prepend 02/13/04 HTML.Prepender to VBS.Prepender 02/13/04 HTML.Pswform.trojan to VBS.Pswform.trojan 02/13/04 HTML.Reality to VBS.Reality 02/13/04 HTML.Reality.B to VBS.Reality.B 02/13/04 HTML.Reality.D to VBS.Reality.D 02/13/04 HTML.Redir.1152 to VBS.Redir.1152 02/13/04 HTML.Redlof.A to VBS.Redlof.A 02/13/04 HTML.Rumbile to VBS.Rumbile 02/13/04 HTML.StartMe to JS.StartMe 02/13/04 HTML.Tipsy.1969 to JS.Tipsy.1969 02/13/04 W97M.Chameleon.B to W97M.Chameleon.I 02/12/04 Trojan.Conspy to Adware.Conspy 02/11/04 VBS.Nohat@mm@int to VBS.Nohat@mm.int 02/11/04 W32.Yenik.A.Worm to W32.Yenik.A@mm 02/10/04 W32.HLLW.Rolog to W32.Letin 02/05/04 W32.Novarg.A@mm to W32.Mydoom.A@mm 02/04/04 W32.Mimail.R@mm to W32.Mimail.S@mm 01/29/04 Backdoor.Lolok.B to W97M.Tebit 01/22/04 W97M.Gedza to O97M.Gedza 01/22/04 X97M.Gedza to VBS.Vaper@mm 01/22/04 Hacktool.X-Scan to Hacktool.XScan 01/19/04 PWSteal.Leox to W32.HLLW.Leox 01/19/04 Backdoor.Fxdoor to Tcl.Sendrak 01/18/04 Trojan.Dalfer.C to W32.Spybot.WI 01/18/04 Trojan.Dalfer.C to W97M.Twopey.E 01/15/04 Backdoor.NetTrash to W32.HLLW.Nettrash 01/14/04 PWSteal.RTCW to Backdoor.NetTrash 01/13/04 Trojan.Dalfer to Joke.Apeldorn 01/12/04 Trojan.Dalfer.B to Adware.Smartsearch 01/12/04 Trojan.Narat to Adware.Mpgcom 01/05/04 W32.HLLW.Gaobot.EZ to W32.HLLW.Gaobot.FB 01/05/04 W32.Gase to W32.Gase.intd 12/30/03 Backdoor.Hazzer to Trojan.Hazzer 12/18/03 W32.Mertian@mm to W32.Mertian.Worm 12/15/03 MHTML.Redir.Exploit to MHTMLRedir.Exploit 12/12/03 Backdoor.Togfer to Backdoor.Tofger 12/09/03 Backdoor.IRC.Microb to Backdoor.IRC.Microb 12/05/03 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Backdoor.Aphexdoor File infector 01/28/04 Backdoor.Ciadoor.b File infector 11/24/03 Backdoor.Regate File infector 12/01/03 Dialer.Dcon File infector 11/24/03 HTML.Davinia File infector 02/13/04 HTML.Davinia.B File infector 02/13/04 HTML.Press File infector 02/13/04 PWSteal.Blade.Trojan File infector 12/02/03 Trojan.Bookmarker.E File infector 01/28/04 Trojan.Xombe File infector 01/09/04 W32.HLLW.Bandie File infector 11/24/03 W32.HLLW.Freity@mm File infector 11/24/03 W32.HLLW.Gaobot.HY File infector 01/28/04 W32.HLLW.Gaobot.gen File infector 11/24/03 W32.HLLW.Xbotor File infector 11/24/03 W32.Headout File infector 11/24/03 W32.IRCBot.C File infector 01/28/04 W32.Mydoom.B@mm File infector 01/28/04 W32.Titog.L.Worm File infector 01/09/04 Wimp.1430 File infector 01/28/04 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ HTML.Davinia File infector 02/13/04 HTML.Davinia.B File infector 02/13/04 HTML.Press File infector 02/13/04 Backdoor.Aphexdoor File infector 01/28/04 Trojan.Bookmarker.E File infector 01/28/04 W32.HLLW.Gaobot.HY File infector 01/28/04 W32.IRCBot.C File infector 01/28/04 W32.Mydoom.B@mm File infector 01/28/04 Wimp.1430 File infector 01/28/04 Trojan.Xombe File infector 01/09/04 W32.Titog.L.Worm File infector 01/09/04 PWSteal.Blade.Trojan File infector 12/02/03 Backdoor.Regate File infector 12/01/03 Backdoor.Ciadoor.b File infector 11/24/03 Dialer.Dcon File infector 11/24/03 W32.HLLW.Bandie File infector 11/24/03 W32.HLLW.Freity@mm File infector 11/24/03 W32.HLLW.Gaobot.gen File infector 11/24/03 W32.HLLW.Xbotor File infector 11/24/03 W32.Headout File infector 11/24/03 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.