********************************************************************** ** ** ** What's New in the NAV Virus Definitions Files WHATSNEW.TXT ** ** ** ** Symantec Security Response November 04, 2003 ** ** ** ********************************************************************** This document contains the following topics: * Virus Alerts * New Technologies * Changes Incorporated Into This Update * Additional Information ********************************************************************** ** Virus Alerts ** ********************************************************************** The ten most commonly reported viruses for October 2003, worldwide: 1 Download.Adware.Lop 2 Trojan.ByteVerify 3 Trojan Horse 4 W32.Bugbear.B@mm 5 W32.Swen.A@mm 6 IRC Trojan 7 HTML.Redlof.A 8 Download.Trojan 9 Trojan.Bootconf 10 W32.Klez.H@mm ********************************************************************** ** New Technologies ** ********************************************************************** DATE Technologies Added ---- ------------------ 08/02/01 * Engine Update 08/02/01 * All products that use the NAVEX 1.5 architecture (in other words, most major Symantec products released over the last 3 - 4 years) will receive the new functionality. * This enhanced technology provides improved script scanning as well as more proactive detection of unknown script-based threats. ********************************************************************** ** Changes Incorporated Into This Virus Definitions Update ** ********************************************************************** DATE ---- New virus definitions (sorted by Virus Name): Virus Name Infection Type Date added ---------- -------------- --------- Adware.Adpopup File infector 10/21/03 Adware.Ddpop File infector 10/21/03 Adware.ILookup File infector 11/04/03 Adware.Madfind File infector 10/30/03 Adware.NavHelper File infector 10/20/03 Adware.OpenSite File infector 10/24/03 Adware.PStrip File infector 10/27/03 Adware.PortalScan File infector 11/03/03 Adware.Quad File infector 10/23/03 Adware.TMKSoft.XPlugin File infector 10/27/03 Adware.iPend File infector 10/24/03 BAT.Datty File infector 10/19/03 BAT.Stall@mm File infector 10/19/03 BAT.Sulfurke File infector 10/19/03 Backdoor.Augudor File infector 11/03/03 Backdoor.Cmjspy.Gen File infector 10/23/03 Backdoor.DMSpammer File infector 10/29/03 Backdoor.Evilbot.C File infector 10/20/03 Backdoor.Frango File infector 10/20/03 Backdoor.Hogle File infector 10/29/03 Backdoor.IRC.Aladinz.E File infector 10/30/03 Backdoor.IRC.Bot.B File infector 10/28/03 Backdoor.Kutex File infector 10/27/03 Backdoor.Lixy.B File infector 10/20/03 Backdoor.Ontarg File infector 10/21/03 Backdoor.Ranck.C File infector 10/28/03 Backdoor.Ranky.D File infector 11/04/03 Backdoor.Remocy File infector 10/22/03 Dialer.CAPI-Anruf File infector 10/29/03 Dialer.Megateens File infector 10/27/03 Dialer.NewDial File infector 10/28/03 Dialer.TeleBizz File infector 10/29/03 Dialer.UKAmPorn File infector 10/27/03 Dialer.Uyemer File infector 10/20/03 Download.Magicon File infector 10/22/03 Downloader.Dluca.D File infector 10/29/03 Downloader.Tooncom File infector 10/27/03 Hacktool.Xdos File infector 11/03/03 IRC.Trojan.Fgt File infector 10/27/03 JS.Downloader.Trojan File infector 10/28/03 JS.Fortnight.D File infector 10/24/03 Joke.Geschenk File infector 10/20/03 Joke.JepRus File infector 10/20/03 Joke.Removal File infector 11/04/03 Littover.2688 File infector 10/27/03 PWSteal.Bancos.C File infector 10/27/03 PWSteal.Ldpinch File infector 11/04/03 PWSteal.Tarno File infector 10/31/03 SecurityRisk.ScanToy File infector 10/27/03 Spyware.Look2Me File infector 10/20/03 Spyware.Manan File infector 10/27/03 Spyware.Spytech File infector 11/04/03 Trojan.Confi File infector 10/24/03 Trojan.Loome File infector 10/20/03 Trojan.Obsorb File infector 10/29/03 Trojan.Retsam File infector 10/27/03 VBS.Bootconf File infector 11/03/03 VBS.Downloader.Trojan File infector 10/21/03 VBS.Noex.Trojan File infector 10/31/03 W32.Gnomef.Worm File infector 10/29/03 W32.HLLP.Zodiak File infector 10/20/03 W32.HLLW.Franriv File infector 10/29/03 W32.HLLW.Gaobot.BB File infector 10/23/03 W32.HLLW.Gaobot.BC File infector 10/24/03 W32.HLLW.Gaobot.BD File infector 10/27/03 W32.HLLW.Gaobot.BF File infector 10/27/03 W32.HLLW.Gaobot.BH File infector 10/28/03 W32.HLLW.Gaobot.BI File infector 10/28/03 W32.HLLW.Gaobot.BM File infector 10/29/03 W32.HLLW.Gaobot.BT File infector 10/31/03 W32.HLLW.Gaobot.BV File infector 10/31/03 W32.HLLW.Gaobot.BZ File infector 11/01/03 W32.HLLW.Lerok File infector 10/31/03 W32.HLLW.Reckus File infector 10/27/03 W32.HLLW.Repeatld File infector 10/20/03 W32.HLLW.Theug File infector 10/27/03 W32.Jeremy.A File infector 10/24/03 W32.Kwbot.R.Worm File infector 10/24/03 W32.Kwbot.Y.Worm File infector 10/31/03 W32.Kwbot.Z.Worm File infector 10/31/03 W32.Mafeg File infector 10/20/03 W32.Mafeg.B File infector 11/01/03 W32.Marque@mm File infector 10/24/03 W32.Mimail.C@mm File infector 10/31/03 W32.Mimail.D@mm File infector 11/01/03 W32.Mimail.E@mm File infector 11/03/03 W32.Mimail.Gen File infector 11/04/03 W32.Opaserv.dam File infector 10/29/03 W32.Petch.B File infector 11/03/03 W32.Randex.R File infector 10/27/03 W32.Randex.S File infector 10/29/03 W32.Randex.T File infector 10/31/03 W32.Sober@mm File infector 10/24/03 W32.Sober@mm.enc File infector 10/28/03 W32.Wintoo.B.Worm File infector 10/24/03 W32.Wintoo.dam File infector 11/04/03 W32.Yaha.AE@mm File infector 10/23/03 W97M.Bank.A File infector 10/21/03 W97M.Yber.A File infector 10/21/03 X97M.Sysbin File infector 10/24/03 New virus definitions (sorted by Date added): Virus Name Infection Type Date added ---------- -------------- ---------- Adware.ILookup File infector 11/04/03 Backdoor.Ranky.D File infector 11/04/03 Joke.Removal File infector 11/04/03 PWSteal.Ldpinch File infector 11/04/03 Spyware.Spytech File infector 11/04/03 W32.Mimail.Gen File infector 11/04/03 W32.Wintoo.dam File infector 11/04/03 Adware.PortalScan File infector 11/03/03 Backdoor.Augudor File infector 11/03/03 Hacktool.Xdos File infector 11/03/03 VBS.Bootconf File infector 11/03/03 W32.Mimail.E@mm File infector 11/03/03 W32.Petch.B File infector 11/03/03 W32.HLLW.Gaobot.BZ File infector 11/01/03 W32.Mafeg.B File infector 11/01/03 W32.Mimail.D@mm File infector 11/01/03 PWSteal.Tarno File infector 10/31/03 VBS.Noex.Trojan File infector 10/31/03 W32.HLLW.Gaobot.BT File infector 10/31/03 W32.HLLW.Gaobot.BV File infector 10/31/03 W32.HLLW.Lerok File infector 10/31/03 W32.Kwbot.Y.Worm File infector 10/31/03 W32.Kwbot.Z.Worm File infector 10/31/03 W32.Mimail.C@mm File infector 10/31/03 W32.Randex.T File infector 10/31/03 Adware.Madfind File infector 10/30/03 Backdoor.IRC.Aladinz.E File infector 10/30/03 Backdoor.DMSpammer File infector 10/29/03 Backdoor.Hogle File infector 10/29/03 Dialer.CAPI-Anruf File infector 10/29/03 Dialer.TeleBizz File infector 10/29/03 Downloader.Dluca.D File infector 10/29/03 Trojan.Obsorb File infector 10/29/03 W32.Gnomef.Worm File infector 10/29/03 W32.HLLW.Franriv File infector 10/29/03 W32.HLLW.Gaobot.BM File infector 10/29/03 W32.Opaserv.dam File infector 10/29/03 W32.Randex.S File infector 10/29/03 Backdoor.IRC.Bot.B File infector 10/28/03 Backdoor.Ranck.C File infector 10/28/03 Dialer.NewDial File infector 10/28/03 JS.Downloader.Trojan File infector 10/28/03 W32.HLLW.Gaobot.BH File infector 10/28/03 W32.HLLW.Gaobot.BI File infector 10/28/03 W32.Sober@mm.enc File infector 10/28/03 Adware.PStrip File infector 10/27/03 Adware.TMKSoft.XPlugin File infector 10/27/03 Backdoor.Kutex File infector 10/27/03 Dialer.Megateens File infector 10/27/03 Dialer.UKAmPorn File infector 10/27/03 Downloader.Tooncom File infector 10/27/03 IRC.Trojan.Fgt File infector 10/27/03 Littover.2688 File infector 10/27/03 PWSteal.Bancos.C File infector 10/27/03 SecurityRisk.ScanToy File infector 10/27/03 Spyware.Manan File infector 10/27/03 Trojan.Retsam File infector 10/27/03 W32.HLLW.Gaobot.BD File infector 10/27/03 W32.HLLW.Gaobot.BF File infector 10/27/03 W32.HLLW.Reckus File infector 10/27/03 W32.HLLW.Theug File infector 10/27/03 W32.Randex.R File infector 10/27/03 Adware.OpenSite File infector 10/24/03 Adware.iPend File infector 10/24/03 JS.Fortnight.D File infector 10/24/03 Trojan.Confi File infector 10/24/03 W32.HLLW.Gaobot.BC File infector 10/24/03 W32.Jeremy.A File infector 10/24/03 W32.Kwbot.R.Worm File infector 10/24/03 W32.Marque@mm File infector 10/24/03 W32.Sober@mm File infector 10/24/03 W32.Wintoo.B.Worm File infector 10/24/03 X97M.Sysbin File infector 10/24/03 Adware.Quad File infector 10/23/03 Backdoor.Cmjspy.Gen File infector 10/23/03 W32.HLLW.Gaobot.BB File infector 10/23/03 W32.Yaha.AE@mm File infector 10/23/03 Backdoor.Remocy File infector 10/22/03 Download.Magicon File infector 10/22/03 Adware.Adpopup File infector 10/21/03 Adware.Ddpop File infector 10/21/03 Backdoor.Ontarg File infector 10/21/03 VBS.Downloader.Trojan File infector 10/21/03 W97M.Bank.A File infector 10/21/03 W97M.Yber.A File infector 10/21/03 Adware.NavHelper File infector 10/20/03 Backdoor.Evilbot.C File infector 10/20/03 Backdoor.Frango File infector 10/20/03 Backdoor.Lixy.B File infector 10/20/03 Dialer.Uyemer File infector 10/20/03 Joke.Geschenk File infector 10/20/03 Joke.JepRus File infector 10/20/03 Spyware.Look2Me File infector 10/20/03 Trojan.Loome File infector 10/20/03 W32.HLLP.Zodiak File infector 10/20/03 W32.HLLW.Repeatld File infector 10/20/03 W32.Mafeg File infector 10/20/03 BAT.Datty File infector 10/19/03 BAT.Stall@mm File infector 10/19/03 BAT.Sulfurke File infector 10/19/03 Name Changes (sorted by Old Virus Name): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Adware.CNS3721 to Adware.Wengs 10/16/03 Adware.ISTSvc to Adware.Istbar 10/08/03 Adware.Irdixa to Adware.Magicads 10/08/03 Adware.Madfind to Backdoor.Madfind 10/31/03 Adware.MassFav to Adware.Massfav 09/26/03 Adware.Quad to Dialer.Heysan 10/27/03 Backdoor.Avstral to Trojan.Myss.B 10/06/03 Backdoor.FTPserver to Backdoor.Usirf 10/09/03 Backdoor.Fxdoor.Cli to Backdoor.Snowdoor.Cli 09/12/03 Backdoor.Gspot.20 to Backdoor.Spigot.C 10/09/03 Backdoor.Lorac to W32.Lorac 10/10/03 Backdoor.Ranck to Backdoor.Ranky 11/01/03 Backdoor.Ranck.B to Backdoor.Ranky.B 11/01/03 Backdoor.Ranck.C to Backdoor.Ranky.C 11/01/03 Backdoor.Semes to Trojan.QQMess 10/22/03 Backdoor.VB.ff to Backdoor.Himba 08/29/03 Dialer.Starsfake to W32.Adclicker.G.Trojan 10/24/03 IRC.Trojan.Fgt to W32.Petch 10/31/03 Proxy.Thunker to Backdoor.Thunker 09/25/03 Remacc.DWRCS to Remacc.Dwremote 10/08/03 Remote_Access.RAServer to Remacc.RAServer 09/24/03 SecurityRisk.Privshell to Hacktool.Privshell 10/14/03 Trojan.Confi to VBS.Confi 10/29/03 Trojan.Download.Swizz to Download.Adware.Lop 10/10/03 Trojan.Qhosts.A to Trojan.Qhosts.B 10/14/03 Trojan.Qhosts.B to Trojan.Bootconf 10/15/03 Trojan.W32.KillNAV to Trojan.KillAV.B 09/08/03 VBS.Annod.D to VBS.Taber 09/25/03 VBS.Omni to VBS.Omsee.C 09/17/03 VBS.Radnet to VBS.Omsee.D 09/17/03 W32.Blare@mm to W32.Quaters.A@mm 09/05/03 W32.CoolFool@mm to W32.Coolfool@mm 10/08/03 W32.ExitWin.A.Trojan to W32.Winex.A.Trojan 10/19/03 W32.HLLP.Savno to W32.HLLP.Spreda.B 09/30/03 W32.HLLW.Funair to W32.Funair 10/14/03 W32.HLLW.Gaobot.BD to W32.HLLW.Gaobot.BE 10/27/03 W32.HLLW.Sakao to W32.Sakao 10/20/03 W32.HLLW.Torvil@mm to W32.HLLW.Torvel.B@mm 10/23/03 W32.HLLW.Wanado to W32.HLLW.Reur 10/28/03 W32.HLLW.Yodo to W32.HLLW.Yodidoo 09/02/03 W32.HLLW.Yodo.B to W32.HLLW.Yodi 09/02/03 W32.Hartco@mm to W32.HLLW.LovHart@mm 09/10/03 W32.Jeremy.A to W32.Jermy.A 10/24/03 W32.Julk to W32.HLLP.Julk@mm 09/29/03 W32.Kalshi.A@mm to Trojan.Kalshi 10/10/03 W32.Kermit@mm to W32.Kerim@mm 09/26/03 W32.Marque@mm to W32.Marque.Worm 10/27/03 W97M.Omni to W97M.Omsee.C 09/17/03 W97M.Radnet to W97M.Omsee.D 09/17/03 W97M.Radnet.B to W97M.Omsee.E 09/17/03 Name Changes (sorted by Date changed): Old Virus Name New Virus Name Date changed -------------- -------------- ------------ Backdoor.Ranck to Backdoor.Ranky 11/01/03 Backdoor.Ranck.B to Backdoor.Ranky.B 11/01/03 Backdoor.Ranck.C to Backdoor.Ranky.C 11/01/03 Adware.Madfind to Backdoor.Madfind 10/31/03 IRC.Trojan.Fgt to W32.Petch 10/31/03 Trojan.Confi to VBS.Confi 10/29/03 W32.HLLW.Wanado to W32.HLLW.Reur 10/28/03 Adware.Quad to Dialer.Heysan 10/27/03 W32.HLLW.Gaobot.BD to W32.HLLW.Gaobot.BE 10/27/03 W32.Marque@mm to W32.Marque.Worm 10/27/03 Dialer.Starsfake to W32.Adclicker.G.Trojan 10/24/03 W32.Jeremy.A to W32.Jermy.A 10/24/03 W32.HLLW.Torvil@mm to W32.HLLW.Torvel.B@mm 10/23/03 Backdoor.Semes to Trojan.QQMess 10/22/03 W32.HLLW.Sakao to W32.Sakao 10/20/03 W32.ExitWin.A.Trojan to W32.Winex.A.Trojan 10/19/03 Adware.CNS3721 to Adware.Wengs 10/16/03 Trojan.Qhosts.B to Trojan.Bootconf 10/15/03 SecurityRisk.Privshell to Hacktool.Privshell 10/14/03 Trojan.Qhosts.A to Trojan.Qhosts.B 10/14/03 W32.HLLW.Funair to W32.Funair 10/14/03 Backdoor.Lorac to W32.Lorac 10/10/03 Trojan.Download.Swizz to Download.Adware.Lop 10/10/03 W32.Kalshi.A@mm to Trojan.Kalshi 10/10/03 Backdoor.FTPserver to Backdoor.Usirf 10/09/03 Backdoor.Gspot.20 to Backdoor.Spigot.C 10/09/03 Adware.ISTSvc to Adware.Istbar 10/08/03 Adware.Irdixa to Adware.Magicads 10/08/03 Remacc.DWRCS to Remacc.Dwremote 10/08/03 W32.CoolFool@mm to W32.Coolfool@mm 10/08/03 Backdoor.Avstral to Trojan.Myss.B 10/06/03 W32.HLLP.Savno to W32.HLLP.Spreda.B 09/30/03 W32.Julk to W32.HLLP.Julk@mm 09/29/03 Adware.MassFav to Adware.Massfav 09/26/03 W32.Kermit@mm to W32.Kerim@mm 09/26/03 Proxy.Thunker to Backdoor.Thunker 09/25/03 VBS.Annod.D to VBS.Taber 09/25/03 Remote_Access.RAServer to Remacc.RAServer 09/24/03 VBS.Omni to VBS.Omsee.C 09/17/03 VBS.Radnet to VBS.Omsee.D 09/17/03 W97M.Omni to W97M.Omsee.C 09/17/03 W97M.Radnet to W97M.Omsee.D 09/17/03 W97M.Radnet.B to W97M.Omsee.E 09/17/03 Backdoor.Fxdoor.Cli to Backdoor.Snowdoor.Cli 09/12/03 W32.Hartco@mm to W32.HLLW.LovHart@mm 09/10/03 Trojan.W32.KillNAV to Trojan.KillAV.B 09/08/03 W32.Blare@mm to W32.Quaters.A@mm 09/05/03 W32.HLLW.Yodo to W32.HLLW.Yodidoo 09/02/03 W32.HLLW.Yodo.B to W32.HLLW.Yodi 09/02/03 Backdoor.VB.ff to Backdoor.Himba 08/29/03 Deletions (sorted by Virus Name): Virus Name Infection Type Date removed ---------- -------------- ------------ Backdoor.EZBot File infector 09/04/03 Backdoor.IRC.Hatter File infector 08/28/03 Bloodhound.IU.01 File infector 08/28/03 Bloodhound.IU.02 File infector 08/28/03 Bloodhound.IU.03 File infector 08/28/03 Download.Aduent.Trojan File infector 09/04/03 EICAR Test String(new) File infector 08/28/03 Heavy.761 File infector 08/28/03 Heavy.761(1) File infector 08/28/03 Heavy.761(2) File infector 08/28/03 IRC.Family.Gen File infector 09/23/03 Joke.JepRus File infector 10/21/03 Keypress.Peach (x) File infector 09/19/03 Trojan.Aduent File infector 09/04/03 Trojan.Norio File infector 09/04/03 W32.HLLW.Boa File infector 10/19/03 W32.HLLW.Gaobot.AQ File infector 10/10/03 W32.Opaserv.AE.Worm File infector 09/23/03 W95.Silcer File infector 09/08/03 Worm.Automat.AHB File infector 09/19/03 Deletions (sorted by Date removed): Virus Name Infection Type Date removed ---------- -------------- ------------ Joke.JepRus File infector 10/21/03 W32.HLLW.Boa File infector 10/19/03 W32.HLLW.Gaobot.AQ File infector 10/10/03 IRC.Family.Gen File infector 09/23/03 W32.Opaserv.AE.Worm File infector 09/23/03 Keypress.Peach (x) File infector 09/19/03 Worm.Automat.AHB File infector 09/19/03 W95.Silcer File infector 09/08/03 Backdoor.EZBot File infector 09/04/03 Download.Aduent.Trojan File infector 09/04/03 Trojan.Aduent File infector 09/04/03 Trojan.Norio File infector 09/04/03 Backdoor.IRC.Hatter File infector 08/28/03 Bloodhound.IU.01 File infector 08/28/03 Bloodhound.IU.02 File infector 08/28/03 Bloodhound.IU.03 File infector 08/28/03 EICAR Test String(new) File infector 08/28/03 Heavy.761 File infector 08/28/03 Heavy.761(1) File infector 08/28/03 Heavy.761(2) File infector 08/28/03 ********************************************************************** ** Additional Information ** ********************************************************************** Additional information regarding this virus definitions update can be found in UPDATE.TXT and TECHNOTE.TXT.