© 1995-2000 Symantec Corporation
All rights reserved.
Legal Notices
The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.
The Symantec AntiVirus solution
includes the following line-up of currently available
products:
You can get the latest updates to
many of these products through any of the following
online services:
If you don’t have electronic
access, you can contact our Customer Service at (800)
441-7234 and order a disk set for $12 (to cover
shipping and handling only).
The latest virus definition set (dated February 4, 1998) is available for downloading from the SARC website and other online services. However, if you're using our latest Norton AntiVirus 4.0 products for Windows 95 or Windows NT, you can click the attached file, called LIVEUPDT.NLU, and launch LiveUpdate automatically! The February virus definition update also provides detection and repair for the recently reported XF.Paix.A virus. This protection extends across all Norton AntiVirus supported platforms, including DOS, Windows 3.1, Windows 95, Windows NT, and NetWare. Once again, Norton AntiVirus continues its pioneering tradition of high-level support for multiple platforms. XF.Paix.A has recently been detected in France, but poses a potential threat to users around the world. Unlike traditional Excel viruses, which use macros to infect, this new program uses formulas inside the data region of an Excel spreadsheet. The virus installs itself as an Add-In to Excel in a file called xlsheet.xla. The worksheet remains hidden and executes each time you open or change an existing file. Once the virus has executed, it inserts a new worksheet into the file. In addition, it randomly hides all toolbars, creates a new toolbar, hides all open workbooks, and renames the title bar to "Enfin la Paix" (peace at last). This virus affects PC-based systems only. Published early each month, the SARC AntiVirus News Update is a free electronic newsletter focused on the needs of SARC's customers. Read it to learn about the latest Symantec product enhancements, anti-virus technology, and the trends in virus workings. Each issue includes detailed information on common viruses, warnings about virus outbreaks, notifications of special virus definition releases, and LiveUpdate E-mail files. Whether you're technically minded or just curious, you'll get essential information on the virus threats of today and tomorrow in the SARC AntiVirus News Update. The Symantec AntiVirus Research Center announces Bloodhound Boot heuristic technology--the industry's most comprehensive protection against unknown boot viruses. The new product provides the same protection against boot viruses that Bloodhound for Files and Bloodhound- Macro technologies provide for file and macro viruses. Norton AntiVirus users can download and install the new technology by simply running the LiveUpdate feature. While the prevalence of macro viruses has grown exponentially in the last two years, boot-sector viruses still account for four out of the ten most common computer virus infections. In fact, boot- sector viruses are a leading cause of corruption on computers with the Microsoft Windows NT operating system. "The risk of infection and damage from viruses is significantly greater today than ever before," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit. "Boot- sector viruses, like file and macro viruses, can have a profound effect not only on system reliability but on user productivity. Our Bloodhound technology ensures that our customers are protected against today's known viruses as well as tomorrow's new ones." The Symantec Corporate Virus Solutions website has been completely updated. We invite you to visit this extremely useful site at: Be sure to check out our FREE CD offer in the Product Evaluation section. The CD contains full working versions of all our virus-fighting products. The Symantec AntiVirus Research Center (SARC) has developed a new Trojan Horse detection engine designed to address the growing threat of this type of malicious code. Trojan Horses are programs that may seem legitimate, but actually are designed to carry out malicious activities when activated, such as stealing passwords or destroying data. Once again, Symantec is able to update Norton AntiVirus users with this new engine easily and at no cost to the customer by using Symantec's exclusive LiveUpdate technology. Users of all Norton AntiVirus 4.0 products, including server and desktop solutions, need only click the LiveUpdate button in the software or download the update from the SARC Web site (www.symantec.com/avcenter) to be protected immediately. Those users who have scheduled LiveUpdate to run on a regular basis will receive the solution with the next automatic update. As with all virus definition and program updates from Symantec, this solution is free to all Norton AntiVirus users and is fully tested. Available with the February 1998 and all subsequent virus definition updates. PC Magazine chose Norton AntiVirus 2.0 for Windows 95 for the "Best of 1997" award in the Utility: AntiVirus category. Norton AntiVirus was chosen as the best anti-virus solution from all the products tested by PC Magazine during the last year. The award article appears in the Jan. 6, 1998 issue of PC Magazine. Visit www.symantec.com/nav for product information and trailware for all Norton AntiVirus products. Symantec gives you the tools to implement a telecommuting solution in your organization easily and inexpensively--right now! Take advantage of this unique opportunity and speak with industry experts to learn about the latest telecommuting trends. To view the agenda and register in a city near you, call 1-800-257-2478 or visit our website at: To view the calendar for all Symantec Events, Seminars, User Groups, and Trade Show events, check out this site: In each issue of the SARC AntiVirus News Update, we profile a few viruses known to be in free distribution among the general public ("in the wild"). However, this month we are covering a few virus hoaxes which are causing some unnecessary concern. For information on this and other virus hoaxes, see: Join the Crew is not a virus; it is a hoax, meant only to panic new or inexperienced computer users. The hoax message includes a "warning" in one of the following forms: Please ignore any messages regarding this supposed "virus" and do not pass the messages.
Spreading warnings about this hoax serves only to further propagate it. There is currently no virus that has the characteristics ascribed to "Returned or Unable to
Deliver." It is not a virus at all, but rather an alarming hoax being spread among computer users. The hoax message includes the following "warning":
Please do not pass on any messages regarding this supposed "virus." The best way to stop the
hoax from spreading is to ignore the warnings. Following is a list of the top reported viruses, as published in the Joe Wells' Wild List last
January: The viruses listed below activate or trigger in the upcoming months. Virus activations/triggers are not necessarily destructive. This information is provided for educational purposes only and is not intended to alarm. Detailed information on all of these viruses can be found on the SARC website. To be added to the subscription mailing list, please fill out the form available on the SARC website at: If you want to be removed from this mailing list, simply send an e-mail to listserv@lserver.symantec.com with the following on a line by itself in the body of the message: Address all correspondence to:
SARC AntiVirus News Update is
published monthly by Symantec Corporation.
Copyright © 1997 Symantec
Corporation. All rights reserved. No
Reprint without Permission in writing, in
advance.
Archives of these newsletters are
available for reading on the SARC WWW site
at:
Current AntiVirus Products
CompuServe:
GO SYMANTEC
America Online:
Keyword: SYMANTEC
Symantec World Wide Web site:
http://www.symantec.com
Symantec FTP:
ftp://ftp.symantec.com
BBS (28.8 baud):
(541) 484-6669 and (541) 984-5366
Keeping Up With SARC
Latest Virus Update Now Available
-----------------------
What Is the SARC AntiVirus News Update?
Combat New Boot-Sector Viruses with Bloodhound Boot Technology
New and Improved Website for MIS/IS Professionals
http://www.symantec.com/navcorp
Symantec Introduces New Trojan Horse Detection Technology
Symantec's Norton AntiVirus Chosen as Best AntiVirus Utility - PC Magazine
FREE Telecommuting Seminar
http://www.symantec.com/calendar/telecommute
http://www.symantec.com/calendar/index.html
In The Wild
http://www.symantec.com/avcenter/hoax.html
Join the Crew
Description:Aliases:
Hoax Infection length:
Hoax Area of infection:
Hoax Likelihood:
Hoax Region Reported:
Online Characteristics:
Hoax Target Platform:
Hoax Trigger Date:
Hoax
Form 1
If you ever get an e-mail titled "JOIN THE CREW", do not open it
because it will wipe everything on your hard disk. This is the
newest virus not many people know about it. So e-mail it to
everyone you know!!!!!!
Form 2
Please do not open up any mail that has this title. It will
erase your whole hard drive. This is a new e-mail virus and not
a lot of people know about it, just let everyone know, so they
won't be a victim. Please forward this e-mail to you friends!!!
Remember the title: JOIN THE CREW
Form 3
We have just had notice of an E:Mail virus doing the rounds.
Apparently the virus is so new most virus checkers do not
recognize it. If you receive an E:Mail titled 'JOIN THE CREW'
do not open it as it will:
1. Delete your hard-disk
2. Delete your E:Mail directories
3. The nastiest part is that before deleting your E:Mail
directories it copies the message/virus and forwards it to
everyone on your directory If your techies haven't already
warned you it might be worth letting your colleagues know.
Form 4
VIRUS WARNING !!!!!!!
If you receive an email titled "JOIN THE CREW" DO NOT open it.
It will erase everything on your hard drive. Forward this
letter out to as many people as you can. This is a new, very
malicious virus and not many people know about it. This
information was announced yesterday morning from IBM; please
share it with everyone that might access the internet. Once
again, pass this along to EVERYONE in your address book so that
this may be stopped. Also, do not open or even look at any mail
that says "RETURNED OR UNABLE TO DELIVER." This virus will
attach itself to your computer components and render them
useless. Immediately delete any mail items that say this. AOL
has said that this is a very dangerous virus and that there is
NO remedy for it at this time. Please practice cautionary
measures and forward this to all your online friends ASAP.
Description:Aliases:
Hoax Infection length:
Hoax Area of infection:
Hoax Likelihood:
Hoax Region Reported:
Online Characteristics:
Hoax Target Platform:
Hoax Trigger Date:
Hoax
There is a new virus going around in the last couple of days!!!
DO NOT open or even look at any mail that you get that says:
"Returned or Unable to Deliver" This virus will attach itself to
your computer components and render them useless. Immediately
delete any mail items that says this. AOL has said this is a
very dangerous virus, and there is NO remedy for it at this time,
Please Be Careful, And forward to all your on-line friends
A.S.A.P.
http://www.symantec.com/avcenter/vinfodb.html
Most Frequently Reported Viruses
1. WM.Concept.A
2. Form.A
3. AntiEXE.A
4. One_Half.3544
5. Empire.Monkey.B
6. Junkie.1027
7. Natas.4744
8. AntiCMOS.A
9. Parity_Boot.B
10. WM.Npad.A
11. Ripper
12. WM.Wazzu.A
13. NYB
14. WM.CAP.A
15. Sampo
16. Boot-437
17. Die_Hard
18. Stoned.Angelina.A
19. Stoned.No_INT.A
20. WelcomB
Virus Watch
--------------------------------------------
February
--------------------------------------------
EVERY SUNDAY -- Jerusalem.Sunday.A
1st -- WM.MDMA
1st -- Wm.Theatre:Tw
1st -- Wm.Twno.B
1st -- Wm.Twno.C
2nd -- Flip
5th -- Xm.Delta
10th -- WM.Helper
13th -- Dr&Et.1710
15th -- Wm.Theatre:Tw
15th -- Wm.Twno.D
18th -- Form
20th -- Wm.Outlaw
22nd -- 10_Past_3
24th -- Npox-963.A
25th -- Wm.Twno.D
28th -- Wm.Twno.B
28th -- Wm.Twno.C
--------------------------------------------
March
--------------------------------------------
EVERY SUNDAY -- Jerusalem.Sunday.A
EVERY SATURDAY -- Xuxa.1656
ANY DAY -- Exe_Bug.C
1st -- WM.MDMA
1st -- Wm.Theatre:Tw
1st -- Wm.Twno.B
1st -- Wm.Twno.C
2nd -- Flip
3rd -- Pieck.4444
5th -- Xm.Delta
6th -- Stoned.Michelangelo
10th -- WM.Helper
13th -- Dr&Et.1710
15th -- Maltese_Amoeba
15th -- Wm.Theatre:Tw
15th -- Wm.Twno.D
18th -- Form
20th -- Wm.Outlaw
22nd -- 10_Past_3
24th -- Npox-963.A
25th -- Wm.Twno.D
28th -- Wm.Twno.B
28th -- Wm.Twno.C
Subscribe and Unsubscribe
http://www.symantec.com/avcenter/newsletter.html
SIGNOFF SARC-L
Editor: Alex Haddox, Product Manager,
Symantec AntiVirus Research Center
Symantec Corporation
AntiVirus Research Center
attn.: AntiVirus News Update
2500 Broadway, Suite 200
Santa Monica, CA 90404
USA
http://www.symantec.com/avcenter/refa.html