********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response October 01, 2003 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for August 2003, worldwide: 1 W32.Bugbear.B@mm 2 W32.Blaster.Worm 3 W32.Sobig.F@mm 4 IRC Trojan 5 Trojan Horse 6 HTML.Redlof.A 7 W32.Klez.H@mm 8 W32.Welchia.Worm 9 W95.Hybris.Worm 10 W32.Spybot.Worm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Adware.Admagic File infector 09/26/03 Adware.CNS3721 File infector 10/01/03 Adware.ClearSearch File infector 09/23/03 Adware.CrushSearch File infector 09/30/03 Adware.Lop File infector 09/29/03 Adware.MainSearch File infector 09/23/03 Adware.MassFav File infector 09/23/03 Adware.Quadro File infector 09/29/03 Adware.ReferAd File infector 09/25/03 Adware.TSAdBot File infector 09/24/03 Adware.VirtualBouncer File infector 09/24/03 Adware.Winpup File infector 09/24/03 Adware.Winshow File infector 09/30/03 BAT.IRC.Flood File infector 09/25/03 Backdoor.IRC.Tastyred File infector 10/01/03 Backdoor.Mprox File infector 09/25/03 Backdoor.Roxy.B File infector 09/23/03 Backdoor.Semes File infector 09/26/03 Backdoor.Smother File infector 09/24/03 Backdoor.Translat File infector 09/24/03 Backdoor.Zombam.B File infector 09/26/03 Dialer.ConsulInfo File infector 09/24/03 Dialer.Girlshost File infector 09/30/03 Dialer.Global File infector 10/01/03 Dialer.Paycenter File infector 10/01/03 Dialer.SweetGirls_gb File infector 09/24/03 Dialer.Target File infector 09/30/03 Dialer.Winmuschi File infector 09/26/03 Franvir.Worm File infector 09/29/03 Hacktool.Angry File infector 09/25/03 Hacktool.BattlePong File infector 09/26/03 Hacktool.HTTPRat File infector 09/26/03 Hacktool.NetNuke File infector 09/26/03 Hacktool.SkSocket File infector 09/25/03 Hacktool.XalerDCOM File infector 09/26/03 JS.Seeker.K File infector 10/01/03 Joke.Hikaru File infector 09/24/03 Keypress.1215 (x1) File infector 09/26/03 Linux.Diesel File infector 09/29/03 Linux.Spork File infector 09/29/03 PWSteal.Lemir.F File infector 09/26/03 Remacc.DWRCS File infector 10/01/03 SR.2944 File infector 09/26/03 SecurityRisk.Aports File infector 09/25/03 SecurityRisk.Aports.dr File infector 09/25/03 Spyware.LoverSpy File infector 09/29/03 Spyware.Pcaudit File infector 09/24/03 Spyware.Perfect File infector 09/29/03 Trojan.Mumuboy.B File infector 09/29/03 Trojan.PWS.QQPass.E File infector 09/29/03 Trojan.Redro File infector 09/24/03 Trojan.Vardo File infector 09/29/03 VBS.Annod.D File infector 09/24/03 VBS.Bentex.A@mm File infector 09/30/03 VBS.Biscuit.A@mm File infector 09/26/03 VBS.Biscuit.B File infector 10/01/03 VBS.Bleeb File infector 09/26/03 VBS.Diehard.Trojan File infector 10/01/03 VBS.Nuasies.Worm File infector 09/26/03 VBS.Tante.A@mm File infector 10/01/03 W32.Arnger File infector 09/24/03 W32.Cicho.B@mm File infector 09/29/03 W32.Dahorse File infector 09/29/03 W32.Dumaru.M@mm File infector 09/24/03 W32.Galil.C@mm File infector 09/29/03 W32.Gnome@mm File infector 09/25/03 W32.HLLP.Explug File infector 09/24/03 W32.HLLP.Julk.B@mm File infector 09/29/03 W32.HLLP.Savno File infector 09/29/03 W32.HLLP.Spreda.B.spy File infector 09/30/03 W32.HLLW.Donk.B File infector 09/29/03 W32.HLLW.Erife@mm File infector 09/26/03 W32.HLLW.Fatee.B File infector 09/26/03 W32.HLLW.Fernando File infector 09/26/03 W32.HLLW.Gaobot.AG File infector 09/24/03 W32.HLLW.Gaobot.AN File infector 09/30/03 W32.HLLW.Gaobot.AO File infector 10/01/03 W32.HLLW.Infex.B@mm File infector 09/29/03 W32.HLLW.Infex@mm File infector 09/26/03 W32.HLLW.Irkaz File infector 09/29/03 W32.HLLW.LyndEgg File infector 09/24/03 W32.HLLW.Razac@mm File infector 09/26/03 W32.HLLW.Vicety File infector 09/26/03 W32.Hermon@mm File infector 09/26/03 W32.Israz.B@mm File infector 09/24/03 W32.Julk File infector 09/26/03 W32.Kermit@mm File infector 09/26/03 W32.Kimerel File infector 09/29/03 W32.Mintop@mm File infector 09/24/03 W32.Pywon.Worm File infector 09/25/03 W32.Randex.P File infector 09/25/03 W32.Renater@mm File infector 09/26/03 W32.SillyW.6006 File infector 09/29/03 W32.Smibag.Worm File infector 09/26/03 W32.Wabrex File infector 09/24/03 W32.Wullik@mm File infector 09/24/03 W32.Zezer.Worm File infector 10/01/03 W97M.Rochitz.B File infector 09/25/03 W97M.Tabi.Trojan File infector 09/30/03 XM.VNN File infector 09/29/03 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Adware.CNS3721 File infector 10/01/03 Backdoor.IRC.Tastyred File infector 10/01/03 Dialer.Global File infector 10/01/03 Dialer.Paycenter File infector 10/01/03 JS.Seeker.K File infector 10/01/03 Remacc.DWRCS File infector 10/01/03 VBS.Biscuit.B File infector 10/01/03 VBS.Diehard.Trojan File infector 10/01/03 VBS.Tante.A@mm File infector 10/01/03 W32.HLLW.Gaobot.AO File infector 10/01/03 W32.Zezer.Worm File infector 10/01/03 Adware.CrushSearch File infector 09/30/03 Adware.Winshow File infector 09/30/03 Dialer.Girlshost File infector 09/30/03 Dialer.Target File infector 09/30/03 VBS.Bentex.A@mm File infector 09/30/03 W32.HLLP.Spreda.B.spy File infector 09/30/03 W32.HLLW.Gaobot.AN File infector 09/30/03 W97M.Tabi.Trojan File infector 09/30/03 Adware.Lop File infector 09/29/03 Adware.Quadro File infector 09/29/03 Franvir.Worm File infector 09/29/03 Linux.Diesel File infector 09/29/03 Linux.Spork File infector 09/29/03 Spyware.LoverSpy File infector 09/29/03 Spyware.Perfect File infector 09/29/03 Trojan.Mumuboy.B File infector 09/29/03 Trojan.PWS.QQPass.E File infector 09/29/03 Trojan.Vardo File infector 09/29/03 W32.Cicho.B@mm File infector 09/29/03 W32.Dahorse File infector 09/29/03 W32.Galil.C@mm File infector 09/29/03 W32.HLLP.Julk.B@mm File infector 09/29/03 W32.HLLP.Savno File infector 09/29/03 W32.HLLW.Donk.B File infector 09/29/03 W32.HLLW.Infex.B@mm File infector 09/29/03 W32.HLLW.Irkaz File infector 09/29/03 W32.Kimerel File infector 09/29/03 W32.SillyW.6006 File infector 09/29/03 XM.VNN File infector 09/29/03 Adware.Admagic File infector 09/26/03 Backdoor.Semes File infector 09/26/03 Backdoor.Zombam.B File infector 09/26/03 Dialer.Winmuschi File infector 09/26/03 Hacktool.BattlePong File infector 09/26/03 Hacktool.HTTPRat File infector 09/26/03 Hacktool.NetNuke File infector 09/26/03 Hacktool.XalerDCOM File infector 09/26/03 Keypress.1215 (x1) File infector 09/26/03 PWSteal.Lemir.F File infector 09/26/03 SR.2944 File infector 09/26/03 VBS.Biscuit.A@mm File infector 09/26/03 VBS.Bleeb File infector 09/26/03 VBS.Nuasies.Worm File infector 09/26/03 W32.HLLW.Erife@mm File infector 09/26/03 W32.HLLW.Fatee.B File infector 09/26/03 W32.HLLW.Fernando File infector 09/26/03 W32.HLLW.Infex@mm File infector 09/26/03 W32.HLLW.Razac@mm File infector 09/26/03 W32.HLLW.Vicety File infector 09/26/03 W32.Hermon@mm File infector 09/26/03 W32.Julk File infector 09/26/03 W32.Kermit@mm File infector 09/26/03 W32.Renater@mm File infector 09/26/03 W32.Smibag.Worm File infector 09/26/03 Adware.ReferAd File infector 09/25/03 BAT.IRC.Flood File infector 09/25/03 Backdoor.Mprox File infector 09/25/03 Hacktool.Angry File infector 09/25/03 Hacktool.SkSocket File infector 09/25/03 SecurityRisk.Aports File infector 09/25/03 SecurityRisk.Aports.dr File infector 09/25/03 W32.Gnome@mm File infector 09/25/03 W32.Pywon.Worm File infector 09/25/03 W32.Randex.P File infector 09/25/03 W97M.Rochitz.B File infector 09/25/03 Adware.TSAdBot File infector 09/24/03 Adware.VirtualBouncer File infector 09/24/03 Adware.Winpup File infector 09/24/03 Backdoor.Smother File infector 09/24/03 Backdoor.Translat File infector 09/24/03 Dialer.ConsulInfo File infector 09/24/03 Dialer.SweetGirls_gb File infector 09/24/03 Joke.Hikaru File infector 09/24/03 Spyware.Pcaudit File infector 09/24/03 Trojan.Redro File infector 09/24/03 VBS.Annod.D File infector 09/24/03 W32.Arnger File infector 09/24/03 W32.Dumaru.M@mm File infector 09/24/03 W32.HLLP.Explug File infector 09/24/03 W32.HLLW.Gaobot.AG File infector 09/24/03 W32.HLLW.LyndEgg File infector 09/24/03 W32.Israz.B@mm File infector 09/24/03 W32.Mintop@mm File infector 09/24/03 W32.Wabrex File infector 09/24/03 W32.Wullik@mm File infector 09/24/03 Adware.ClearSearch File infector 09/23/03 Adware.MainSearch File infector 09/23/03 Adware.MassFav File infector 09/23/03 Backdoor.Roxy.B File infector 09/23/03 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Adware.MassFav to Adware.Massfav 09/26/03 Backdoor.Clt to W32.Cult 08/18/03 Backdoor.Fxdoor.Cli to Backdoor.Snowdoor.Cli 09/12/03 Backdoor.IRC.Lade to W32.Lade 08/26/03 Backdoor.SubSeven.2.15 to Backdoor.SubSeven215 07/29/03 Backdoor.VB.ff to Backdoor.Himba 08/29/03 Bin.Auto.AWK to PS-MPC.335 08/18/03 Bin.Auto.BBF to PS-MPC.729 08/04/03 Boot.Face to Face (b) 07/31/03 Face (b) to Boot.Face 08/04/03 MBA.Remiform to MpB.Kynel.A 08/28/03 NOSTARDAMUS.1087 to Nostardamus.1087 07/23/03 NOSTARDAMUS.2188 to Nostardamus.2188 07/23/03 NOSTARDAMUS.2220 to Nostardamus.2220 07/23/03 Nostardamus.1087 to NOSTARDAMUS.1087 07/24/03 Nostardamus.2188 to NOSTARDAMUS.2188 07/24/03 Nostardamus.2255 to NOSTARDAMUS.2255 07/24/03 PS-MPC.335 to Bin.Auto.AWK 08/18/03 PS-MPC.729 to Bin.Auto.BBF 08/04/03 Proxy.Thunker to Backdoor.Thunker 09/25/03 Remote_Access.RAServer to Remacc.RAServer 09/24/03 Trojan.W32.KillNAV to Trojan.KillAV.B 09/08/03 VBS.Annod.D to VBS.Taber 09/25/03 VBS.Omni to VBS.Omsee.C 09/17/03 VBS.Quocus@mm.int to VBS.Quocus.int 08/07/03 VBS.Radnet to VBS.Omsee.D 09/17/03 W32.Babybear@mm.int to W32.Babybear.int 07/28/03 W32.Blare@mm to W32.Quaters.A@mm 09/05/03 W32.Cult to Backdoor.Clt 08/18/03 W32.Darby.Worm to W32.HLLW.Darby 08/29/03 W32.Fomur.B to W32.Fomur 08/25/03 W32.HLLP.Savno to W32.HLLP.Spreda.B 09/30/03 W32.HLLW.Egar to W32.Egar.int 07/30/03 W32.HLLW.Kabak to W32.HLLW.Kabak.Int 08/18/03 W32.HLLW.Kabak.Int to W32.HLLW.Kabak 08/08/03 W32.HLLW.Malicou to W32.HLLW.Nulut 08/26/03 W32.HLLW.Shydy.C to W32.HLLW.Shynet 08/28/03 W32.HLLW.Shynet to W32.HLLW.Shydy.C 08/28/03 W32.HLLW.Yodo to W32.HLLW.Yodidoo 09/02/03 W32.HLLW.Yodo.B to W32.HLLW.Yodi 09/02/03 W32.Hartco@mm to W32.HLLW.LovHart@mm 09/10/03 W32.Israz@mm to W32.Akosw@mm 07/24/03 W32.Julk to W32.HLLP.Julk@mm 09/29/03 W32.Kermit@mm to W32.Kerim@mm 09/26/03 W32.Nuf.A to W32.Nuffy.A 08/08/03 W32.Nuffy.A to W32.Nuf.A 08/18/03 W32.Squirm@mm to W32.Pandem.B.Worm 08/21/03 W97M.Omni to W97M.Omsee.C 09/17/03 W97M.Radnet to W97M.Omsee.D 09/17/03 W97M.Radnet.B to W97M.Omsee.E 09/17/03 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ W32.HLLP.Savno to W32.HLLP.Spreda.B 09/30/03 W32.Julk to W32.HLLP.Julk@mm 09/29/03 Adware.MassFav to Adware.Massfav 09/26/03 W32.Kermit@mm to W32.Kerim@mm 09/26/03 Proxy.Thunker to Backdoor.Thunker 09/25/03 VBS.Annod.D to VBS.Taber 09/25/03 Remote_Access.RAServer to Remacc.RAServer 09/24/03 VBS.Omni to VBS.Omsee.C 09/17/03 VBS.Radnet to VBS.Omsee.D 09/17/03 W97M.Omni to W97M.Omsee.C 09/17/03 W97M.Radnet to W97M.Omsee.D 09/17/03 W97M.Radnet.B to W97M.Omsee.E 09/17/03 Backdoor.Fxdoor.Cli to Backdoor.Snowdoor.Cli 09/12/03 W32.Hartco@mm to W32.HLLW.LovHart@mm 09/10/03 Trojan.W32.KillNAV to Trojan.KillAV.B 09/08/03 W32.Blare@mm to W32.Quaters.A@mm 09/05/03 W32.HLLW.Yodo to W32.HLLW.Yodidoo 09/02/03 W32.HLLW.Yodo.B to W32.HLLW.Yodi 09/02/03 Backdoor.VB.ff to Backdoor.Himba 08/29/03 W32.Darby.Worm to W32.HLLW.Darby 08/29/03 MBA.Remiform to MpB.Kynel.A 08/28/03 W32.HLLW.Shydy.C to W32.HLLW.Shynet 08/28/03 W32.HLLW.Shynet to W32.HLLW.Shydy.C 08/28/03 Backdoor.IRC.Lade to W32.Lade 08/26/03 W32.HLLW.Malicou to W32.HLLW.Nulut 08/26/03 W32.Fomur.B to W32.Fomur 08/25/03 W32.Squirm@mm to W32.Pandem.B.Worm 08/21/03 Backdoor.Clt to W32.Cult 08/18/03 Bin.Auto.AWK to PS-MPC.335 08/18/03 PS-MPC.335 to Bin.Auto.AWK 08/18/03 W32.Cult to Backdoor.Clt 08/18/03 W32.HLLW.Kabak to W32.HLLW.Kabak.Int 08/18/03 W32.Nuffy.A to W32.Nuf.A 08/18/03 W32.HLLW.Kabak.Int to W32.HLLW.Kabak 08/08/03 W32.Nuf.A to W32.Nuffy.A 08/08/03 VBS.Quocus@mm.int to VBS.Quocus.int 08/07/03 Bin.Auto.BBF to PS-MPC.729 08/04/03 Face (b) to Boot.Face 08/04/03 PS-MPC.729 to Bin.Auto.BBF 08/04/03 Boot.Face to Face (b) 07/31/03 W32.HLLW.Egar to W32.Egar.int 07/30/03 Backdoor.SubSeven.2.15 to Backdoor.SubSeven215 07/29/03 W32.Babybear@mm.int to W32.Babybear.int 07/28/03 Nostardamus.1087 to NOSTARDAMUS.1087 07/24/03 Nostardamus.2188 to NOSTARDAMUS.2188 07/24/03 Nostardamus.2255 to NOSTARDAMUS.2255 07/24/03 W32.Israz@mm to W32.Akosw@mm 07/24/03 NOSTARDAMUS.1087 to Nostardamus.1087 07/23/03 NOSTARDAMUS.2188 to Nostardamus.2188 07/23/03 NOSTARDAMUS.2220 to Nostardamus.2220 07/23/03 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Backdoor.EZBot File infector 09/04/03 Backdoor.IRC.Hatter File infector 08/28/03 Bloodhound.IU.01 File infector 08/28/03 Bloodhound.IU.02 File infector 08/28/03 Bloodhound.IU.03 File infector 08/28/03 Download.Aduent.Trojan File infector 09/04/03 EICAR Test String(new) File infector 08/28/03 Heavy.761 File infector 08/28/03 Heavy.761(1) File infector 08/28/03 Heavy.761(2) File infector 08/28/03 Heavy.761(3) File infector 08/28/03 Heavy.761(4) File infector 08/28/03 Heavy.761(5) File infector 08/28/03 IRC.Family.Gen File infector 09/23/03 Keypress.Peach (x) File infector 09/19/03 Trojan.Aduent File infector 09/04/03 Trojan.Norio File infector 09/04/03 W32.Opaserv.AE.Worm File infector 09/23/03 W95.Silcer File infector 09/08/03 Worm.Automat.AHB File infector 09/19/03 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ IRC.Family.Gen File infector 09/23/03 W32.Opaserv.AE.Worm File infector 09/23/03 Keypress.Peach (x) File infector 09/19/03 Worm.Automat.AHB File infector 09/19/03 W95.Silcer File infector 09/08/03 Backdoor.EZBot File infector 09/04/03 Download.Aduent.Trojan File infector 09/04/03 Trojan.Aduent File infector 09/04/03 Trojan.Norio File infector 09/04/03 Backdoor.IRC.Hatter File infector 08/28/03 Bloodhound.IU.01 File infector 08/28/03 Bloodhound.IU.02 File infector 08/28/03 Bloodhound.IU.03 File infector 08/28/03 EICAR Test String(new) File infector 08/28/03 Heavy.761 File infector 08/28/03 Heavy.761(1) File infector 08/28/03 Heavy.761(2) File infector 08/28/03 Heavy.761(3) File infector 08/28/03 Heavy.761(4) File infector 08/28/03 Heavy.761(5) File infector 08/28/03 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.