Symantec logo
United States
Antivirus Research Center

Advanced Search

Information for You

Shop Symantec


Resource Centers
--------Antivirus Research Center
Download Updates
Virus Encyclopedia
Virus Hoaxes
Reference Area
Submit Virus Samples

Service and Support

About Symantec


© 1995-2000 Symantec Corporation
All rights reserved.
Legal Notices
spacer Volume 2, Issue 12 - December 19, 1997

The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.

Highlights Table of Contents

Current AntiVirus Products

The Symantec AntiVirus solution includes the following line-up of currently available products:

  • DOS/Windows 3.1—NAV 3.0, revision 3.11
  • DOS/Windows 3.1—NAV 4.0, revision 4.00

  • Windows 95—NAV 95 1.0, revision 95.0b
  • Windows 95—NAV 95 2.0, revision 2.01
  • Windows 95—NAV 95 4.0, revision 4.00

  • Windows NT—NAV NT 2.0, revision 2.01
  • Windows NT—NAV NT 4.0 for Workstations, revision 4.00
  • Windows NT—NAV NT 4.0 for Servers, revision 4.00
  • Windows NT—NAV Internet E-mail Gateways 1.01, revision 1.00
  • Windows NT—NAV Firewalls 1.0, revision 1.00

  • Novell—NAV NetWare, revision 2.05
  • Novell—NAV NetWare, revision 4.00

  • Lotus—Norton AntiVirus for Lotus Notes

  • Netscape—NAV Internet, revision 1.00

  • Macintosh/Power Macintosh—SAM, revision 4.0.8
  • Macintosh/Power Macintosh—SAM, revision 4.51

You can get the latest updates to many of these products through any of the following online services:
America Online: Keyword: SYMANTEC
Symantec World Wide Web site:
Symantec FTP:
BBS (28.8 baud): (541) 484-6669 and (541) 984-5366

If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).

Feedback on SARC AntiVirus News Update

At SARC, we like to hear how we are doing from the people who are most important to us: our customers. We want to know what we are doing right, and what you think we could do better. We even created a special e-mail address where you can write to us:

Are you looking for a particular type of information? Drop us a line! Is the newsletter too long? Too short? Send us an e-mail! We want to hear it all....

Keeping Up With SARC

December Virus Update Now Available

The second virus definition set for December 1997 is available for downloading from the SARC website and other online services. However, if you're using our latest Norton AntiVirus 4.0 products for Windows 95 or Windows NT, you can click the attached file and launch LiveUpdate automatically!

Now a standard feature of this newsletter, the attached file is a LiveUpdate e-mail trigger. Although the file is only 38 bytes in size, it can call up your Norton AntiVirus product and activate LiveUpdate. This begins the process of downloading the latest virus definition sets.

Keeping your virus definitions current is one of the most important aspects of maintaining a virus-free working environment. Symantec makes it as easy as possible by providing the LiveUpdate e-mail feature in Norton AntiVirus 4.0 for Windows 95, Windows NT Workstation, and Windows NT Server.

Symantec Develops Electronic Encyclopedia of Computer Viruses

Symantec has introduced the world's largest collection of online information about computer viruses, with more than 11,000 comprehensive descriptions. The encyclopedia is a valuable resource for corporate MIS departments, small business owners, or anyone who uses the Internet and experiences frequent virus attacks. It is currently available online at Norton AntiVirus 4.0 customers can click the "Virus Encyclopedia Online" option in their Windows 95 Start menu to connect directly to the site.

"Computer viruses are a big mystery to a large number of people today," says Alex Haddox, product manager for the Symantec AntiVirus Research Center. "The virus encyclopedia, as well as the entire SARC site, provides a vast source of information about computer viruses and ways to combat them. Educating the public on the real threat of computer viruses is a strong component of the SARC charter."

In addition to descriptions of individual viruses, the encyclopedia gives detailed overviews of computer viruses in general, the different types of viruses, threats specific to the Macintosh platform, and various virus hoaxes. The encyclopedia also provides a direct connection to SARC, where Norton AntiVirus users can download their free virus definitions. SARC plans to update the encyclopedia every month as definitions and descriptions for new viruses are created.

Beta Test the Latest Virus Definitions from SARC

As the virus threat continues to increase at a phenomenal rate, providing virus definition updates only on a monthly basis will soon become insufficient. In a strategic move to give our customers the fastest, safest, and most reliable virus protection possible, the experts at SARC are quadrupling the number of updates each year.

In order to ensure the highest possible quality, we are first releasing these updates in beta form, while they are still under development. Beta testing ensures that our latest tools and procedures are properly established to deliver correct, consistent, and high quality products as quickly as possible to our customers.

We want your feedback on our beta software, but it is likely to contain bugs, and we don't provide support for products under development. If you would like to be a beta tester, we ask you not to contact Customer Service or Technical Support to report bugs or provide comments.

If you are interested in becoming part of the beta program, please visit the Virus Definitions Beta site at: (no longer available)

In The Wild

In each issue of the SARC AntiVirus News Update, we profile a few viruses known to be in free distribution among the general public ("in the wild"). However, this month we are covering a new virus hoax which is causing some unnecessary concern.

For information on this and other virus hoaxes, see:
World Domination Hoax
Aliases: Yahoo!, PANTS/HAGIS, W0rld D0m1n4t10N
Infection length: Hoax
Area of infection: Hoax
Likelihood: Hoax
Region Reported: Hoax
Characteristics: Hoax
Target Platform: Hoax
Trigger Date: Hoax
World Domination is not a virus; it is a complete hoax.

On Monday, December 8 at 7:00 p.m. PST (-08:00 GMT), hackers broke into the popular Yahoo! Internet search engine site and placed a threatening message on the default page. According to the message, the Yahoo! site had been distributing a computer virus to all visitors for the past month, and unless convicted hacker Kevin Mitnick was released from prison, the virus would wreak havoc on the world. The message was posted to the "no frames" section of the home page, and only for 15 minutes, so exposure to visitors was kept to a minimum.

This message is a hoax, meant only to scare people and draw attention to the hackers. No virus was planted on the Yahoo! site or distributed to visitors.

The hoax message included the following "warning:"

     For the past month, anyone who has viewed Yahoo's page & used 
     their search engine, now has a logic bomb/worm implanted deep 
     within their computer.

     The worm part of this 'virus,' (in layman's terms) spreads 
     itself across internal networks that the infected machine is 

     Binary programs are also infected.

     On Christmas Day, 1997, the logic bomb part of this 'virus' 
     will become active, wreaking havoc upon the entire planet's 

     The virus can be stopped.

     But not by mortals.

     An antidote program has been written.

     This program is resting somewhere on a computer in the 
     southeastern hemisphere.

Please ignore any messages regarding this supposed "virus" and do not pass the messages on. Spreading warnings about this hoax serves only to further propagate it.

For information about other viruses found in general distribution, see the SARC website at:

Most Frequently Reported Viruses

Following is a list of the top reported viruses, as published in the Joe Wells Wild List this month:

1. WM.Concept.A
2. Form.A
3. One_Half.3544
4. AntiEXE.A
5. Junkie.1027
6. Empire.Monkey.B
7. AntiCMOS.A
8. Natas.4744
9. Parity_Boot.B
10. WM.Npad.A

11. WM.Wazzu.A
12. NYB
13. Ripper
14. Sampo
15. WM.CAP.A
16. Boot-437
17. Die_Hard
18. Stoned.Angelina.A
19. Stoned.No_INT.A
20. WelcomB

Virus Watch

The viruses listed below activate or trigger in the upcoming months. Virus activations/triggers are not necessarily destructive. This information is provided for educational purposes only and is not intended to alarm. Detailed information on all of these viruses can be found on the SARC website.

Every Sunday -- Jerusalem.Sunday.A 
Any day -- Jerusalem.1500 
Any day -- QRry 
1st -- WM.MDMA 
1st -- Wm.Stryx:De 
1st -- Wm.Theatre:Tw 
1st -- Wm.Twno.B 
1st -- Wm.Twno.C 
2nd -- Flip
5th -- Xm.Delta 
8th -- Chance 
10th -- WM.Helper 
13th -- Dr&Et.1710 
13th -- WM.Atom.A
15th -- Wm.Theatre:Tw 
15th -- Wm.Twno.D 
16th -- Little_Red.1465 
18th -- Form
20th -- Wm.Outlaw 
21st (year 2000) -- Istanbul.1349 
22nd -- 10_Past_3
24th -- Npox-963.A 
25th -- Cavaco
25th -- Sarampo.1371 
25th -- Wm.Twno.D 
28th -- Cpw.1527 
28th -- Wm.Twno.B 
28th -- Wm.Twno.C 

EVERY SUNDAY -- Jerusalem.Sunday.A 
1st -- WM.Friendly:De 
1st -- WM.MDMA 
1st -- Wm.Theatre:Tw 
1st -- Wm.Twno.B 
1st -- Wm.Twno.C 
2nd -- Flip
5th -- Barrotes
5th -- Joshi 
10th -- WM.Helper 
13th -- Dr&Et.1710 
15th -- WM.BigDaddy
15th -- Wm.Theatre:Tw 
15th -- Wm.Twno.D 
18th -- Form
20th -- Wm.Outlaw 
22nd -- 10_Past_3
24th -- Npox-963.A 
25th -- Wm.Twno.D 
28th -- Wm.Twno.B 
28th -- Wm.Twno.C 

Subscribe and Unsubscribe

To be added to the subscription mailing list, please fill out the form available on the SARC website at:

If you want to be removed from this mailing list, simply send an e-mail to with the following on a line by itself in the body of the message:


Editor: Alex Haddox, Product Manager, Symantec AntiVirus Research Center

Address all correspondence to:
Symantec Corporation
AntiVirus Research Center
attn.: AntiVirus News Update
2500 Broadway, Suite 200
Santa Monica, CA 90404

SARC AntiVirus News Update is published monthly by Symantec Corporation. Copyright © 1997 Symantec Corporation. All rights reserved. No Reprint without Permission in writing, in advance.

Archives of these newsletters are available for reading on the SARC WWW site at: