============================================================================ PC Viruses in the Wild - June 15, 1994 ============================================================================ This is a cooperative listing of viruses reported as being in the wild by 16 virus information professionals. The basis for these reports are virus incidents where a sample was received, and positively identified by the participant. Rumors and unverified reports have been excluded. The list should not be considered a list of "currently common" viruses however. No provision is made for commonness. A currency basis for the list has been set. Reports date from September of 1992 to the present. This data indicates only "which" viruses have been found in the wild. ============================================================================ The section below gives the names of participants, along with their organization, antivirus product (if any), and geographic location. Key Participant Organization Product Location ============================================================================ As Alan Solomon S&S Int'l Toolkit UK Dc Dave Chess IBM IBM AntiVirus USA Ek Eugene Kaspersky KAMI AVP Russia Fb Fernando Bonsembiante Virus Report None Argentina Fs Fridrik Skulason Frisk Int'l F-Prot Iceland Gj Glenn Jordan Datawatch VirexPC USA Jw Joe Wells Symantec NAV USA Pd Paul Ducklin CSIR Virus Lab None So Africa Pp Padgett Peterson Hobbyist DiskSecure USA Rf Richard Ford Virus Bulletin None UK Rh Richard Head Jade Corp Scan Vakzin Japan Rr Roger Riordan CYBEC VET Australia Sg Shimon Gruper EliaShim ViruSafe Israel Vb Vesselin Bontchev U of Hamburg None Germany Ws Wolfgang Stiller Stiller Research Integ Master USA Yr Yuval Rakavi BRM Untouchable Israel ============================================================================ The first chart is based on two or more participants reporting a virus. Therefore, these viruses are probably more geographically scattered. CARO Name of Virus AsDcEkFbFsGjJwPdPpRfRhRrSgVbWsYr Alias(es) ============================================================================ 3-Tunes..................| . . . . . x x . . . . . . . . . | 1784 AntiCMOS.................| . x . . . . x . . . . . . . . . | AntiEXE..................| . . . . x . x . . . . . . x . x | D3,Newbug Athens...................| . . . . x . x . . . . . . . . . | Trajector Barrotes.A...............| x . . . . . x x . . . . . . . . | Barrotos Boot-437.................| . . . . . . x . . . . . . . . x | Brasil...................| . . . . . . x . x . . . . . . . | Butterfly................| . . . . . . x . . . . . . x . x | Cascade.1701.A...........| x x . x x . . . . x x . x x . . | 1701 Cascade.1704.A...........| x x x . x . x . . . . . x . . x | 1704 Changsha.................| . . . . . . x . . . x x . . . . | Centry Chinese Fish.............| x x . . x x x x . . . x . . . x | Fish Boot CPW.1527.................| . . . . . . x . x . . . . . . . | Mediera,Mierda Dark_Avenger.1800.A......| x x . x x x x . . x x x . . x x | Eddie Dark_Avenger.2100.SI.A...| x . . . . . x . . . . . . . . . | V2100 Datalock.920.............| x x . . . . x . . . . . x . . x | V920 Dir-II.A.................| x x x x x . x x . x x x x x x x | Creeping Death Disk_Killer.A............| x . x . . . x . x x . . x . . . | Ogre Even_Beeper..............| x x . . . . . . . . . . . . . . | EXE_Bug.A................| x . . . . . x x . x . . x . x . | CMOS Killer EXE_Bug.C................| . . . . . . . x . . . . x . x . | Fichv.2_1................| x . . . x . . . . . . . x . . x | 905,CHV 2.1 Filler...................| . . . . . x x . . . . . . . . . | Flip.2153.A..............| x x . x x . x . . x x . x . . . | Omicron Flip.2343................| x . . . x . . . . . . . . . . . | Omicron 2 Form.....................| x x . x x x x . x x x . x x x x | Form 18 Freddy_2.................| . . . . x . x . . . . . . . . . | Frodo.Frodo.A............| x x . x x . x . . . x x x . . x | 4096,100 Year Ginger...................| . . . . . . x . . . . x . . . . | Gingerbread Green Caterpillar........| x x . . x x x . . x x x x . x x | Find,1591,1575 Helloween.1376...........| x . . . . . x . . x x x . . x x | 1376 Jerusalem.1244...........| x x . . . . . . . . . . . . . . | 1244 Jerusalem.1808.Standard..| x x . x x x x x x x x . x . x x | 1808,Israeli Jerusalem.Anticad.4096.B.| x . . . x . . . . . . . x . . . | Invader Jerusalem.Fu_Manchu......| x . . . . . x . . . . . x . . . | 2080,2086 Jerusalem.Mummy.2_1......| x . . . x . . x . . x . x . . . | PC Mummy Jerusalem.Sunday.A.......| . . . . . . . x . . x . . . . x | Sunday Jerusalem.Zerotime.Austr.| x x . . . . . . . . . x x . x x | Slow Joshi.A..................| x x . . x x x . x x x x x . x . | Kampana.3700:Boot........| x x . x x x x . . x x . . . x . | AntiTel,Telecom Keypress.1232.A..........| x x . . . . . x . x x x x . x x | Turku,Twins Liberty..................| . x . . x . x . . x x . . . x x | Mystic,Magic Little_Red...............| . . . . . x x . . . . . . . . . | Maltese Amoeba...........| x x . . x . x . x x . . x . x x | Grain of Sand Music_Bug................| . . . . x x . . x . . . . . x . | Necros...................| x . . . . . x . . . . . . . . . | Gnose,Irish3 NJH-LBC..................| x . . . . . . . . . . . . . . x | Korea Boot No_Frills.Dudley.........| x . . . . . . . . . . x . . . . | Oi Dudley No_Frills.No_Frills......| . . . . . . x . . . . x . . . . | Nomenklatura.............| x x . . . . . . . . . . . . . . | Nomen November_17th.855.A......| x x . . x . x . . . . . . . . . | V855 NPox.963.A...............| . . . . x . x . . . . . . . . x | Evil Genius Ontario.1024.............| . x . . . . . . . . . x x . . . | SBC,1024 Parity_Boot.B............| x . . . . . x x . x x . . x . . | Generic 1 Ping_Pong.B..............| x x . x . . . . . x . . x . x . | Italian Predator.2448............| . . . . x . x . . . . . . . . . | 2448 Print_Screen.............| x x . . . . x . . . . . . . . x | India,PrnSn Quit.A...................| x x . . . . . . . . . . . . . . | 555,Dutch Quox.....................| . x . . x . x . . . . . . . . . | Stealth 2 Ripper...................| x x . . x . x . . . . . . . . . | Jack the Ripper Screaming_Fist.696.......| x x . . . x x . . . . . . . x . | Fist 2,Scream 2 Sleepwalker..............| . . . . . . x . . . . x . . . . | SMEG.Pathogen............| x . . . . . . . . x . . . . . . | Stealth.B................| . x . . . . x . x x . . . . . . | STB Stoned.16................| x x . . . . x . . . . . . . . x | Brunswick Stoned.Azusa.............| x x . . x . x x x . x x x . x . | Hong Kong Stoned.Empire.Monkey.B...| x x . . x x x . x x . x . x x . | Monkey 2 Stoned.Empire.Monkey.A...| . . . . . . x . . . . x . . . . | Monkey Stoned.Flame.............| . . . . . . x . . . . x . x . . | Stoned(3C) Stoned.June_4th..........| x . . . . x x . . . x x . x x x | Bloody!,Beijing Stoned.Lzr...............| . . . . x . x . . . . . . . . x | Stoned.Whit Stoned.Manitoba..........| . . . . x . x . . . . . . . . . | Stonehenge Stoned.Michelangelo......| x x x x x x x x x x x x x x x . | Stoned.NoINT.............| x x . . x x x x . x . x . . x . | Stoned Stoned.NOP...............| . . . . . . x . . . . . . . x . | NOP Stoned.Standard.B........| x . x x x x x x x x x x x x x . | New Zealand Stoned.Swedish_Disaster..| x . . . . x . . . . . . . . . . | Stoned.W-Boot............| . . . . . . x . . . . x . . . x | W-Boot Stardot.789..............| . x . . . . x . . . . . . . . . | 805 SVC.3103.................| x . x . . . x . . . x . x . . . | SVC 5.0 Swiss_Phoenix............| . . . . . . x . . . . . . . . x | Tequila..................| x x . . x . x x . x x . x x x x | Tremor...................| . . . . x . . . . x . . . x x . | V-Sign...................| x x . . x x x . . x x x x . x . | Cansu,Sigalit Vacsina.TP-05............| x x . . x x x . . x x . . . x . | RCE-1206 Vacsina.TP-16............| x x . . x . . . . . . . . . . . | RCE-1339 Vienna.648.Reboot........| x x x . . . . . . . . . . . . . | DOS-62 WXYC.....................| . x . . . . x . . . . . . . . . | Yankee Doodle.TP-39......| x . . . x . . . . . . . . . . . | RCE-2772 Yankee Doodle.TP-44.A....| x . x . x . x . . x x . . x . x | RCE-2885 Yankee Doodle.XPEH.4928..| . . . . x . . . . . . . . . . x | Micropox Yeke.1076................| . x . . . . x . . . . . . . . . | ============================================================================ Total for first list: 92 Viruses ============================================================================ The second chart is based on a single participant noting more than one infection site and may signify limited regional virus outbreaks. CARO Name of Virus AsDcEkFbFsGjJwPdPpRfRhRrSgVbWsYr Alias(es) ============================================================================ 10_Past_3.748............| . . . . . . . x . . . . . . . . | BootEXE..................| . . . . . . . . . x . . . . . . | BFD-451 Brain....................| . . . . . . . . x . . . . . . . | Pakistani Cascade.1701.G...........| . . . . . . . . . . . . . x . . | 1701 Chill_Touch..............| . . . . . . x . . . . . . . . . | Coffeeshop:MtE_090.......| . . . . . . . x . . . . . . . . | Darth_Vader.3.A..........| . . . . . . . . . . . . . . x . | Datalock.828.............| . . . . . . . . . . . . . . . x | Den_Zuko.A...............| x . . . . . . . . . . . . . . . | Den Zuk DosHunter................| . x . . . . . . . . . . . . . . | Emmie.3097...............| . . . . . . . . . . . . . . . x | EXE_Engine...............| . . . . . . . . . . . . . x . . | Grower...................| . . . . . . x . . . . . . . . . | V270x,268+ Hafenstrasse.............| . . . . . . . . . . . . . x . . | Hafen Hi.......................| . . . . . . . . . . . . . . . x | Hi.460 Involuntary.A............| . . . . . . x . . . . . . . . . | Invol Involuntary.B............| . . . . . . x . . . . . . . . . | Invol.B Japanese_Xmas............| . . . . . . . . . . x . . . . . | Xmas in Japan Jerusalem.1808.CT........| . x . . . . . . . . . . . . . . | Capt Trips Jerusalem.1808.Null......| . x . . . . . . . . . . . . . . | Jerusalem.Carfield.......| x . . . . . . . . . . . . . . . | Jerusalem.Moctezuma......| . x . . . . . . . . . . . . . . | Jerusalem.Mummy.1_2......| . . . . . . . x . . . . . . . . | Jerusalem.Sunday.II......| . x . . . . . . . . . . . . . . | Sunday 2 Joshi.B..................| . x . . . . . . . . . . . . . . | Jumper...................| . . . . . . . . . . . . . . . x | Kampana.Galicia:Boot.....| . . . . . . x . . . . . . . . . | Telecom Keypress.1744............| . . . . . . . . . . . . . . . x | Little Brother.307.......| . . . . x . . . . . . . . . . . | Lyceum.1788..............| . . x . . . . . . . . . . . . . | MISiS....................| . . . . . . . . . . . . . . . x | Zharinov,NIKA Murphy.Smack.1841........| . . . . . . x . . . . . . . . . | Smack Natas....................| . . . . . . x . . . . . . . . . | Necropolis...............| . . . . . . . . . . . . . . . x | 1963 November_17th.800........| . . . . . . x . . . . . . . . . | Jan1, 800 NYB......................| . . . . . . x . . . . . . . . . | New York Number_of_the_Beast......| . . . x . . . . . . . . . . . . | 512,666 Parity_Boot.A............| . . . . . . . . . . . . . . x . | Sat_Bug..................| . . . . . . x . . . . . . . . . | Satan Bug Screaming_Fist.NuWay.....| . . . . . . x . . . . . . . . . | Sticky Pathogen:SMEG............| x . . . . . . . . . . . . . . . | Stinkfoot................| . . . . . . . x . . . . . . . . | Stoned.Bunny.A...........| . . . . . . . x . . . . . . x . | Stoned.Dinamo............| . . . . . . . . . . . . . . . x | Stoned.Michelangelo.K....| . . . . . . . . . . . . . . . x | Stoned.Empire.In_Love....| . . . . . . x . . . . . . . . . | SVC.2936.................| . . . . . . x . . . . . . . . . | SVC.3241.................| . x . . . . . . . . . . . . . . | Stoned.Empire.Int_10.....| . . . . . . . . x . . . . . . . | Swiss_Boot...............| . . . . x . . . . . . . . . . . | Swiss Army Syslock.Syslock.A........| x . . . . . . . . . . . . . . . | Vmem.....................| . . . . . . . . . . . . . . . x | Voronezh.1600............| . . x . . . . . . . . . . . . . | RCE-1600 Yale.....................| . x . . . . . . . . . . . . . . | Alameda ============================================================================ Total for both lists: 146 Viruses ============================================================================ Virus Alerts: Below are reports from participants and others on which viruses are reported and verified in specific areas. For false and distorted alerts, see the next section. (Note: As more participants are contacted for this information, this virus alert section will undoubtedly grow. Focus so far has been on the western hemisphere and Japan.) USA - Most frequently reported viruses for May 1992 at Symantec in order of frequency are: Monkey.B, Stoned.Michelangelo, Form, Stoned.Standard, V-Sign, Stoned.NoInt, Joshi, Stealth.B. Chill_Touch was posted on Ziffnet and downloaded by a few dozen people. Ziff posted a notice about this and is making an effort to reach those who downloaded infected games. NYB virus was shipped to 3000 locations in the US and Canada. Form is rumored to have been shipped in preformatted disks (again). Stealth.B was rumored to have been shipped on some small-capacity harddrives. AntiCMOS has appeared in several locations. Mexico - Natas has been confirmed at several sites in Mexico City. Chile - The most commonly reported viruses, per Juan Vignolo, are: CPW.1527, Green_Caterpillar.1575.A, Stoned.Michalengelo.A, Stoned.NoINT, CPW.1459, Cascade.1701.A, Vacsina.TP.5.A, Ping-Pong.Standard.A, Jerusalem.1808.Standard, Brain.Standard Argentina - The most common viruses, per Fernando Bonsembiante, are: Stoned.Michalangelo, Stoned.Standard, Number_of_the_Beast, Jerusalem.1808.Standard, Ping-Pong.Standard, Cascade, Dark Avenger.1800, Kampana Boot, Dir-II, Flip, Frodo, Form. Japan - The most common viruses, per Richard Head, are: Yankee Doodle, Cascade, Kampana, Form, AntiCMOS, Michelangelo, Kampana.3445, Stoned.Azusa, StarDot.789, Stoned.Standard. ============================================================================ Report Frenzies: There were three recent virus report frenzies in which virus reports were blown all out of proportion by the news media and/or some antivirus product vendor(s). Pathogen:SMEG - Total verified incidents: 3 in UK Junkie - Total verified incidents: 0 CD-IT "Virus" - Actually, a trojan. Not a virus. An older frenzy, over Sat_Bug (Satan Bug), is still being exagerated and exploited by at lease one source. ============================================================================ The collation of this material is done by Joe Wells, Virus Specialist at Symantec, Peter Norton Group, who is solely responsible for its contents. The material presented is implicitly copyrighted under various laws, but may be freely quoted or cited. However, its source and cooperative nature should be duly referenced. Other antivirus product developers are invited to participate in the list. If you wish to do so, please contact me. ============================================================================ The WILDList by Joe Wells -- jwells@symantec.com -- 70750,3457 -- Vol2.06b ============================================================================