© 1995-2000 Symantec Corporation
All rights reserved.
Volume 3, Issue 7 - July 14, 1998
The Symantec AntiVirus Research Center (SARC) is committed to providing swift, global response to computer virus threats, proactively researching and developing technologies that eliminate such threats, and educating the public on safe computing practices.
Information on how to subscribe and unsubscribe to the electronic version of the SARC AntiVirus News Update is available at the end of this newsletter.
Keeping Up With SARC
Weekly Updates Offer Better Protection
If you use Norton AntiVirus (NAV) on a PC, you can get four times the protection with new weekly virus definition updates. You can access the fully-tested virus definitions every Thursday evening by downloading the Intelligent Updater directly from the website (www.sarc.com) or by using Symantec's exclusive automatic LiveUpdate feature.
The latest virus definition set (available July 9, 1998) is available for downloading from the SARC website and other online services. However, if you're using our latest Norton AntiVirus 4.0 products for Windows 95 or Windows NT, you can click the attached file, called LIVEUPDT.NLU, and launch LiveUpdate automatically!
Viruses In The News
In the past few weeks, several computer viruses have been mentioned in the worldwide media. You can find detailed write-ups for each of these viruses, which are listed below, on the SARC website at:http://www.sarc.com
IBM and Symantec Combine Forces on New AntiVirus Products
On May 19, IBM and Symantec Corporation announced that they will combine forces to deliver a single family of antivirus products, to be marketed under the Norton AntiVirus brand name.
Symantec will license IBM's immune system technology and patents. We will combine our own technology with IBM's to produce a range of products including new solutions for IBM platforms. As part of the agreement, IBM has also assigned its existing antivirus contracts to Symantec and will recommend Norton AntiVirus as the solution of choice for its corporate customers worldwide. In addition, IBM and Symantec intend to sell and market the Norton AntiVirus product line throughout the world.
In a related announcement, Intel said it is incorporating IBM's antivirus engine technology into its network management products featuring LANDesk Virus Protect functionality.
"Combining IBM's technology with Symantec's brand strength and heritage in the antivirus sector takes protection against virus infection to a new, higher level," said Phyllis Byrne, vice president of Distributed Systems Services for IBM. "We believe Symantec's current antivirus products are the best available and will only be strengthened with the addition of our technology. We are confident in recommending the Norton AntiVirus solution to our customers."
Symantec president and CEO Gordon Eubanks added: "Corporate organizations already recognize Symantec and the Norton brand as a solution they can trust to protect against the threat of virus attack. By working with IBM to further develop their immune system technology and incorporate it into a comprehensive range of Norton AntiVirus products, we will offer corporate customers the most comprehensive antivirus solution available."
Ed Ekstrom, vice president, Intel Small Business and Networking Group and general manager, Systems Management Division, said: "Combining IBM's leading antivirus scanning technology with our antivirus policy and management expertise provides our customers the best antivirus detection, management, and protection technology currently available. We will pursue the possibility of incorporating the virus detection software resulting from the IBM/Symantec alliance when it becomes available."
SARC Is First in Fight Against New Macintosh Viruses
SARC is the first organization to offer complete detection and repair for 11 new Macintosh-specific viruses discovered within the last few weeks, including the first polymorphic virus for the Macintosh. If you have Norton AntiVirus 5.0 for Macintosh, you need only click the LiveUpdate button to be protected immediately from these new threats. You can get the new definitions through the Automatic Update feature or by downloading the updates from Symantec's BBS, FTP site, or website at www.symantec.com or from our forums on AOL and CompuServe.
With these 11 new threats, the number of viruses written specifically for the Macintosh environment increased by 33 percent in the last month. SARC discovered these new viruses through its Seeker technology, a Web spider designed to scour the Internet and gather files for analysis. Seeker discovered four variants of the first known polymorphic virus for the Macintosh, named MDEF 9806, one of which periodically deletes all non-application files.
Symantec's researchers also found an additional variant on the previously announced AutoStart Worm, which replicates itself from computer to computer as a self-contained, stand-alone file, usually causing performance problems and corrupting other files. Researchers discovered five additional variants that infect the system file or spread from application to application. Not all of these new viruses are destructive, but they can all disrupt Macintosh operations.
"It is highly unusual to see so many new viruses in such a short period of time written specifically for the Macintosh platform," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit. "We had previously seen an average of one new Macintosh virus every six months to a year. We are starting to see an upward trend in the growth of Macintosh-specific viruses that you need to be aware of and make sure you are protected against. While we do not know of any users who have been infected by these new viruses, Symantec is committed to providing comprehensive and timely solutions to all potential threats."
As soon as you update the virus definitions on your system, Norton AntiVirus and Symantec AntiVirus for Macintosh will be able to detect all of these viruses. You will be automatically protected from these new threats when the AutoProtect or Intercept feature is on.
However, if the AutoProtect feature is off and you suspect a virus infection, the safest response is to reboot your computer from a bootable CD and scan with Norton AntiVirus. You can also reinstall a fresh version of Norton AntiVirus from the CD or original disks, reboot without extensions or shift-boot to prevent the background application from running, and then run a scan using the new version of Norton AntiVirus. If AutoProtect is off and you launch Norton AntiVirus on an infected system, it may become infected as well.
Most Frequently Reported Viruses
Following is a list of the top reported viruses, as published in the Joe Wells' Wild List last June:
1. WM/Concept.A 2. Form.A 3. AntiEXE.A 4. One_Half.3544 5. Junkie.1027.A 6. Empire.Monkey.B 7. AntiCMOS.A 8. Parity_Boot.B 9. WM/CAP.A 10. WM/Npad.A
Norton AntiVirus 5.0 for Windows 95/98 and Windows NT Workstation
Beta 1 versions of Norton AntiVirus 5.0 for Windows 95/98 and Windows NT Workstation are available for public testing. If you are interested in becoming a beta site, you can download the programs from:http://shop.symantec.com/trialware/index.html#nav
IBM and SARC Announce Technology Merger
Symantec and IBM recently announced a joint venture to co-develop virus technologies and an immune system for Cyberspace. These systems are designed to protect corporations and end-users alike by providing extremely rapid virus solutions for both new and existing viruses. For the first time, Symantec included a virus detection technology developed by IBM in the Norton AntiVirus product line the week of June 18. We have added most of IBM's virus detection database entries in order to dramatically improve detection rates in Norton AntiVirus. The most notable new features in Norton AntiVirus are a slightly larger definition package and the detection of thousands of previously undetected viruses.
The viruses listed below activate or trigger in the upcoming months. Virus activations/triggers are not necessarily destructive. This information is provided for educational purposes only and is not intended to alarm. Detailed information on all of these viruses can be found on the SARC website.
-------------------------------------------- July -------------------------------------------- EVERY SUNDAY -- Jerusalem.Sunday.A ANY DAY -- Jerusalem.1500 1st -- WM.MDMA 1st -- Wm.Theatre:Tw 1st -- Wm.Twno.B 1st -- Wm.Twno.C 2nd -- Flip 4th -- Satria.A 5th -- Xm.Delta 9th -- Jeru.Suriv1.01.Argent 10th -- WM.Helper 13th -- Dr&Et.1710 15th -- Wm.Theatre:Tw 15th -- Wm.Twno.D 18th -- Form 20th -- Wm.Outlaw 22nd -- 10_Past_3 24th -- Npox-963.A 25th -- Wm.Twno.D 28th -- Wm.Twno.B 28th -- Wm.Twno.C -------------------------------------------- August -------------------------------------------- EVERY SUNDAY -- Jerusalem.Sunday.A 1st -- WM.MDMA 1st -- Wm.Theatre:Tw 1st -- Wm.Twno.B 1st -- Wm.Twno.C 2nd -- Flip 5th -- Xm.Delta 10th -- WM.Helper 13th -- Dr&Et.1710 15th -- Wm.Theatre:Tw 15th -- Wm.Twno.D 17th -- Jeru.Suriv1.01.Argent 18th -- Form 19th -- Russian_Flag 20th -- Wm.Outlaw 22nd -- 10_Past_3 22nd -- Hare 24th -- Npox-963.A 25th -- Wm.Twno.D 28th -- Wm.Twno.B 28th -- Wm.Twno.C
Subscribe and Unsubscribe
To be added to the subscription mailing list, please fill out the form available on the SARC website at:
If you want to be removed from this mailing list, simply send an e-mail to firstname.lastname@example.org with the following on a line by itself in the body of the message: