Symantec logo
United States
Antivirus Research Center


Advanced Search

Information for You

Shop Symantec

Products

Resource Centers
--------Antivirus Research Center
Download Updates
Virus Encyclopedia
Virus Hoaxes
Reference Area
Submit Virus Samples

Service and Support

About Symantec




Webmaster
Help

© 1995-2000 Symantec Corporation
All rights reserved.
Legal Notices
spacer Volume 2, Issue 7 - July 1, 1997

The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.

Highlights Table of Contents



Current AntiVirus Products

The Symantec AntiVirus solution includes the following line-up of currently available products:

  • DOS/Windows 3.1—NAV 3.0, revision 3.10
  • Windows 95—NAV 95 1.0, revision 95.0b
  • Windows 95—NAV 95 2.0, revision 2.01
  • Windows NT—NAV NT 2.0, revision 2.01
  • Novell—NAV NetWare, revision 2.04
  • Netscape—NAV Internet, revision 1.00
  • Macintosh/Power Macintosh—SAM, revision 4.0.8
  • Macintosh/Power Macintosh—SAM, revision 4.51

You can get the latest updates to many of these products through any of the following online services:
CompuServe: GO SYMANTEC
America Online: Keyword: SYMANTEC
Symantec World Wide Web site: http://www.symantec.com
Symantec FTP: ftp://ftp.symantec.com
BBS (28.8 baud): (541) 484-6669 and (541) 984-5366

If you don’t have electronic access, you can contact our Customer Service at (800) 441-7234 and order a disk set for $12 (to cover shipping and handling only).



Keeping Up With SARC

July Virus Update Now Available

How can you keep your software safe from the latest macro, file, and boot sector viruses? Just download 07NAV97.EXE from the SARC website or click your LiveUpdate button to obtain this support. Nearly 1,600 new virus definitions were added in the current month alone! This brings the total Norton AntiVirus list to nearly 12,000.

Intelligent Updater News

For your convenience, Intelligent Updater is now available in two forms. One is a single all-inclusive file, and the other is split into packages sized to fit on floppy disks. Either way, you get the same detection, repair, and support.



In The Wild

In each issue of the SARC AntiVirus News Update, we profile a few viruses known to be in free distribution among the general public ("in the wild"). You can access the complete Joe Wells Wild List on the SARC Web site at: http://www.symantec.com/avcenter/wild/wl.html

Boot-437
Aliases: None
Infection length: 512 Bytes
Area of infection: Boot Sectors
Likelihood: Common
Region Reported: Europe, U.S.A., India, Mexico, Asia, New Zealand, Japan
Characteristics: Wild, memory resident
Target Platform: DOS
Trigger Date: None

Description

Boot-437 is a virus that does nothing but replicate itself.


Stoned.Angelina.A
Aliases: Angelina
Infection length: 512 Bytes
Area of infection: Floppy boot sectors, master boot records
Likelihood: Common
Region Reported: Unknown
Characteristics: Wild, memory resident, encrypting, stealthing
Target Platform: DOS
Trigger Date: None

Description

Stoned.Angelina.A infects the DOS boot sector of floppy disks and the master boot record (MBR) of hard disks. The virus code is one sector in length, stored at side 0, track 0, sector 1. The original master boot record code is stored at side 0, track 0 sector 2. On floppy disks, Stoned.Angelina calculates the last sector of the root directory and uses this location to store a copy of the original DOS boot sector.

In addition to standard viral replication, Stoned.Angelina contains a block of code designed to hide (by means of redirection) any reads to the physical location side 0, track 0, sector 1 on both floppy disks and hard disks.

Contained within the virus code body is the following encrypted text, which is never displayed on the screen:

Greetings for ANGELINA!!!/by Garfield/Zielona Gora


For information on other viruses found in general distribution, see the SARC Web site at: http://www.symantec.com/avcenter/vinfodb.html



Most Frequently Reported Viruses

Following is a list of the top reported viruses, as published in Joe Wells’ Wild List last March: Following is a list of the top reported viruses, as published in Joe Wells' Wild List last May:
1. Form.A
2. WM.Concept.A
3. One_Half.3544
4. AntiEXE.A
5. Empire.Monkey.B
6. Junkie.1027
7. Parity_Boot.B
8. AntiCMOS.A
9. Ripper
10. Natas.4744
11. NYB
12. Die_Hard
13. Sampo
14. Boot-437
15. Stoned.Angelina.A
16. WM.Npad.A
17. Michelangelo.A
18. Stoned.No_INT.A
19. WM.Wazzu.A
20. Kampana.A



SARC Technology Update

With 222 new macro viruses included in July's update, it is clear to us at SARC that infections of this nature are continuing to spread. In response to the growing problem of macro viruses, SARC has developed "Family Detection." This new technology recognizes sets and subsets of the most common macro virus families and removes them.

Why is this important? Family Detection works for both existing viruses and new viruses. Combined with the "Macro Component" technology that detects and repairs "virus matings" (announced last month), NAV can now deliver a powerful one-two punch for automatically detecting macro viruses as they are created.

SARC has also recently detected 1320 new file viruses. Although not observed in the field, these viruses may one day pose a threat to computer users. They are a testament to both the growth of virus creation and SARC's ability to respond to that growth.



New virus detection summary

Macro Viruses 222
File Viruses 1320
Boot Viruses 31
File & Boot Viruses 14



Virus Watch

The viruses listed below activate or trigger in the upcoming months. Virus activations/triggers are not necessarily destructive. This information is provided for educational purposes only and is not intended to alarm. Detailed information on all of these viruses can be found on the SARC website.

--------------------------------------------
July
--------------------------------------------
EVERY SUNDAY -- Jerusalem.Sunday.A
ANY DAY -- Jerusalem.1500
 1st -- WM.MDMA
 1st -- Wm.Theatre:Tw
 1st -- Wm.Twno.B
 1st -- Wm.Twno.C
 2nd -- Flip
 4th -- Satria.A
 5th -- Xm.Delta
 9th -- Jeru.Suriv1.01.Argent
10th -- WM.Helper
13th -- Dr&Et.1710
15th -- Wm.Theatre:Tw
15th -- Wm.Twno.D
18th -- Form
20th -- Wm.Outlaw
22nd -- 10_Past_3
24th -- Npox-963.A
25th -- Wm.Twno.D
28th -- Wm.Twno.B
28th -- Wm.Twno.C

--------------------------------------------
August
--------------------------------------------
EVERY SUNDAY -- Jerusalem.Sunday.A
 1st -- WM.MDMA
 1st -- Wm.Theatre:Tw
 1st -- Wm.Twno.B
 1st -- Wm.Twno.C
 2nd -- Flip
 5th -- Xm.Delta
10th -- WM.Helper
13th -- Dr&Et.1710
15th -- Wm.Theatre:Tw
15th -- Wm.Twno.D
17th -- Jeru.Suriv1.01.Argent
18th -- Form
19th -- Russian_Flag
20th -- Wm.Outlaw
22nd -- 10_Past_3
22nd -- Hare
24th -- Npox-963.A
25th -- Wm.Twno.D
28th -- Wm.Twno.B
28th -- Wm.Twno.C

                          
                          


Editor: Alex Haddox, Product Manager, Symantec AntiVirus Research Center

Address all correspondence to:
Symantec Corporation
AntiVirus Research Center
attn.: AntiVirus News Update
2500 Broadway, Suite 200
Santa Monica, CA 90404
USA

SARC AntiVirus News Update is published monthly by Symantec Corporation. Copyright © 1997 Symantec Corporation. All rights reserved. No Reprint without Permission in writing, in advance.

Archives of these newsletters are available for reading on the SARC WWW site at:

http://www.symantec.com/avcenter/refa.html