============================================================================ PC Viruses in the Wild - July 1, 1995 ============================================================================ The WildList This is a cooperative listing of viruses reported as being in the wild by many virus information professionals. The basis for the reports are virus incidents where a sample was received, and positively identified by the participant. Rumors and unverified reports have been excluded. This report is cumulative. That is, this is not just a report of which were seen last month. Monthly data is received from most participants, but the new data is added to the old. Participants are expected to let me know when I should remove their name from a virus that they haven't seen in a year and a half or so. The list should not be considered a list of "the most common viruses", however. No provision is made for commonness. A currency basis for the list has been set. Viruses not reported for over a year and a half are removed from the WildList. So this data indicates only "which" viruses have been seen in the wild. Joe Wells - WildList@aol.com ============================================================================ The section below gives the names of participants, along with their geographic location, organization, and antivirus product (if any). The locations with an asterisk (*) note that the reports are regional, all others being multinational or global. Key Participant *Location Organization Product ============================================================================ An Anthony Naggs *So Africa CSIR Virus Lab VPS Cs Christian Schmid *Austria DataPROT Linz F-Prot Dg Dmitry Gryaznov UK S&S Int'l Toolkit Ek Eugene Kaspersky *Russia KAMI AVP Fs Fridrik Skulason Iceland Frisk Int'l F-Prot Gj Glenn Jordan USA Datawatch VirexPC Gp Gabriel Pislaru *Romania SoftWin AVX Iw Ian Whalley UK Virus Bulletin None Jk Jimmy Kuo USA McAfee ViruScan Jw Joe Wells USA IBM IBM AntiVirus Ls Luca Sambucci *Italy/Swiz. I.C.A.R.O. None Mh Mikko Hypponen *Finland Data Felows F-Prot Pro Ml Mikael Larsson *Sweden QA Informatik None Ms Marek Sell *Poland APEXIM MkS_vir Oh Omar Herrera *Mexico Escuadron AV Aguila AV Pp Padgett Peterson USA Hobbyist DiskSecure Rh Richard Head *Japan Jade Corp Scan Vakzin Rr Roger Riordan Australia CYBEC VET Rt Roger Thompson USA Thompson Network Doctor Rv Robert Vibert *Portugal RSVP None Sc Shane Coursen USA Symantec NAV Sg Sarah Gordon USA Command Software NetProt Vb Vesselin Bontchev *Germany U of Hamburg None Ws Wolfgang Stiller USA Stiller Research Integ Master Yr Yuval Rakavi Israel BRM Untouchable ============================================================================ The people below will be future participants in the WildList. ============================================================================ Ad Allan Dyer *Hong Kong Yui Kee Co. Ltd. Fl Ferenc Leitold *Hungary Hunix Ltd. Lc Lucian Caric *Croatia Bug Computer Magazine Nb Neville Bulsara *India Quantum System Software Pb Pavel Baudis *Czech Rep Alwil Software Pl Pascal Loitner *France Rf Richard Ford USA NCSA ============================================================================ The people below haven't provided reports this year and have been removed. ============================================================================ Fb Fernando Bonsembiante *Argentina Virus Report None Sg Shimon Gruper *Israel EliaShim ViruSafe ============================================================================ This main list includes viruses reported by multiple participants. CARO Name of Virus [ Alias(es) ] Reported by: ============================================================================ 5Lo.....................[...............] FsMh Anticad.4096.A..........[Plastique......] JkSgVb Anticad.4096.B..........[Invader........] DgFsJkSg AntiCMOS.A..............[Lenart.........] DgFsGjIwJkJwMhMlMsRhRfRtScSgVbWsYr AntiCMOS.B..............[...............] MsSc AntiEXE.A...............[D3,Newbug......] AnDgFsGjIwJkJwMhMlMsRfRtScSgVbWsYr Arianna.3375............[...............] IwLs Avispa.D................[...............] JkJwRtSc BackFormat.A............[Backform.......] JkMhYr Baclab..................[...............] JkPpRtSc Barrotes.1310.A.........[Barrotos.......] DgJkRvSc Boot-437................[...............] FsGjJkJwRhRtScSgWsYr BootEXE.451.............[BFD-451........] FsIwJkMhMsSg Brasil..................[...............] PpSc Butterfly.Butterfly.....[...............] VbYr Cascade.1701.A..........[1701...........] DgFsGjIwJkJwLsMhMlRfRtSgVbWs Cascade.1704.A..........[1704...........] DgEkFsJwMlRtScSgVb Changsha.A..............[Centry.........] MlMsRfRrRt Chaos.1241..............[...............] JkRrSgYr Chill...................[Chill Touch....] JkRtSc Chinese_Fish............[Fish Boot......] DgFsGjJkMlRrRtVbYr Civil_Defence.6672......[CDV 3.3........] AnJwSg Coffeeshop:MtE..........[...............] AnJk CPW.1527................[Mediera,Mierda.] DgJkPpSc Crazy_Boot..............[...............] DgJkJwMhRhScSg DA_Boys.................[...............] JkRtScSgWs Dark_Avenger.1800.A.....[Eddie..........] DgFsGjGpIwJwLsRfRrSgWs Datalock.920.A..........[V920...........] DgJwLsYr DelWin.1759.............[...............] JkJwMsVb Den_Zuko.2.A............[Den Zuk........] DgRtSg Die_Hard................[Wix............] AnIwJkJwMlRtScSgVbWs Dir-II.A................[Creeping Death.] AnDgEkFsGpIwJkJwMlOhRfRrScSgVbWsYr Disk_Killer.1_00........[Ogre...........] DgEkIwMlPp Disk_Washer.............[...............] RhSc Espejo..................[Stakka,IFE.....] JkJwRtScSg EXE_Bug.A...............[CMOS Killer....] AnDgFsIwJkMlRtScWs EXE_Bug.C...............[...............] AnRtWs EXE_Bug.Hooker..........[...............] AnRt Fairz...................[Khobar.........] JkMh Fat_Avenger.............[...............] JwRr Fichv.2_1...............[905,CHV 2.1....] DgFsVb Filler.A................[...............] GjMl Finnish.357.............[...............] FsMl Finnish_Sprayer.........[...............] FsMhSc Flame...................[Stamford.......] JkJwRrScVbYr Flip.2153.A.............[Omicron........] DgFsIwJkJwLsMlRhRfScWsYr Flip.2343...............[Omicron 2......] DgFsLsRv Form.A..................[Form 18........] CsDgFsGjIwJkJwLsMhMlPpRfRtRvSc (Form.A continued) SgVbWsYr Form.D..................[Form May.......] FsJwMsRtScYr Frankenstein............[Frank..........] DgJkMs Freddy_Krueger..........[Freddy 2.......] FsJkScWsYr Frodo.Frodo.A...........[4096,100 Year..] DgFsJkJwMlRfRrVbYr Galicia.................[Telecom........] JkMhRtSc Ginger..................[Gingerbread....] JkRrSc GoldBug.................[...............] DgJkIwMh Green_Caterpillar.1575..[Find,1591,1575.] DgFsGjGpIwJkJwLsRfRrRtScVbWs Hafenstrasse.*..........[Hafen..........] JkVb Helloween.1376.A........[1376...........] DgIwJkJwRfRrScWsYr Hi.460..................[Hi.............] JkMsYr Hidenowt................[...............] DgIwJkRhSc HLLC.Even_Beeper.B......[...............] DgJwMsWs HLLO.Novademo.*.........[...............] FsMs Ibex....................[Seven_Boot.....] JwSc J&M.....................[Jimi.Jimmy.....] JkJwMsRfVb Jerusalem.1244..........[1244...........] DgLsSg Jerusalem.1808.Standard.[1808,Israeli...] AnDgFsGjIwJkJwLsMlPpRfRtScSgWsYr Jerusalem.Mummy.2_1.A...[PC Mummy.......] AnDgFsRfRt Jerusalem.Sunday.A......[Sunday.........] AnJkRfRtSg Jerusalem.Zero_Time.Aus.[Slow...........] DgJkJwRhRrRtWs Jihuu.686...............[...............] FsMh Jos.1000................[Jabb...........] GpMs Joshi.A.................[...............] DgFsGjIwJkJwMlPpRfRrRtScSgVbWsYr Jumper.A................[French Boot....] DgFsGjJwRtScSgVbWsYr Jumper.B................[SillyBop.......] DgMhMlMsRhSgVb Junkie..................[...............] CsFsIwJkJwLsMhMsRhRrRtScVbWsYr Kampana.A...............[AntiTel,Telecom] DgFsGjIwJkJwMhRhRfRtRvScSgWs Kaos4...................[...............] AnFsJkMhMsScSg Keypress.1232.A.........[Turku,Twins....] DgIwJwRfRrRtSgWsYr Leandro.................[...............] GpJkJwMhRtSc Lemming.................[...............] RrSc Liberty.2857.A..........[Mystic,Magic...] FsIwJwRhRfRtWsYr Little_Brother.307......[...............] FsJk Little_Red..............[Red Book.......] AnGjJkJwRhRtSc MacGyver.2803...........[Shoo...........] AnJk Maltese Amoeba..........[Grain of Sand..] AnDgFsIwJkJwMlMsPpRtSgWsYr Mange_Tout.1099.........[1099...........] DgJkMhMlMsRfSc Markt.1533..............[Werbe..........] DgJk MIREA.1788..............[Lyceum,Lycee...] EkJk Mongolian_Boot..........[Mongol.........] JwSc Music_Bug...............[...............] FsGjJkPpWs Necros..................[Gnose,Irish3...] DgJk Neuroquila..............[Havoc..........] DgIwJkWs NJH2LBC.A...............[Korea Boot.....] DgJkYr No_Frills.Dudley........[Oi Dudley......] DgJkRrRt No_Frills.No_Frills.843.[...............] JkRrSc Nomenklatura.A..........[Nomen..........] DgJkJw November_17th.768.A.....[...............] LsMs November_17th.800.A.....[Jan1,800.......] LsSc November_17th.855.A.....[V855...........] DgFsJkJwLsRtSc NPox.963.A..............[Evil Genius....] FsSc NYB.....................[B1.............] AnDgEkFsGjJkJwLsMhMlMsRfRtScSgVb (NYB continued) WsYr One_Half................[Dis,Free Love..] CsDgEkGpIwJkJwLsMhMsRtScSgVbWs Ontario.1024............[SBC,1024.......] JkJwRr Parity_Boot.B...........[Generic 1......] AnCsDgFsGjGpIwJkJwMhMlRhRfRtRv (Parity_Boot.B continued) ScSgVb Pathogen:SMEG.0_1.......[...............] DgIwJkWs Peter...................[Peter II.......] JwRhJkRf Ping_Pong.B.............[Italian........] DgGpIwJkJwLsWsYr Predator.2448...........[2448...........] FsMlSc Print_Screen_Boot.A.....[India,PrnSn....] DgJwScYr QRry....................[Query,Essex....] JkJwSc Queeg:SMEG.0_1..........[...............] DgJk Quox....................[Stealth 2......] FsJkJwRhRtSc Riihi...................[...............] FsMh Ripper..................[Jack Ripper....] AnCsDgFsGjJkJwMhMlMsRhRfRtScSgVbWs Russian_Flag............[...............] AnDgSc Sampo...................[Turbo..........] DgFsGjIwJkJwMhMlRhRfRtScSgVbWs Sat_Bug.Natas...........[Satan..........] DgFsJkJwMhMlMsRtRvScSgVbWs Sat_Bug.Sat_Bug.........[Satan Bug......] JkJwYr Sayha...................[...............] ScYr Screaming_Fist.II.696...[Fist 2,Scream 2] DgGjJkJwRtScSgWs Sibylle.................[...............] DgJw Sleep_Walker............[...............] JkRrSc Stardot.789.A...........[805............] JwLsSc Stealth_Boot.B..........[AMSE NopB......] GjIwJkJwPpRhRtScSgVb Stealth_Boot.C..........[AMSE NopB2.....] GjJkJwRtSgVbYr Stoned.16.A.............[Brunswick......] DgJwScYr Stoned.Angelina.........[...............] CsDgIwJkJwMhMlRvScSg Stoned.Azusa.A..........[Hong Kong......] AnDgFsGjJkJwMlPpRfRrRtScWsYr Stoned.Bravo............[...............] AnJkMs Stoned.Bunny.A..........[...............] AnWs Stoned.Dinamo.*.........[...............] RtScYr Stoned.Daniela..........[...............] ScSg Stoned.Empire.Int_10.B..[...............] JkPpRtSgSc Stoned.Empire.Monkey.A..[Monkey.........] IwJkJwMlRrRtScSg Stoned.Empire.Monkey.B..[Monkey 2.......] AnDgFsGjIwJkJwMhMlPpRhRfRrRtScSg (Stoned.Empire.Monkey.B continued VbWs Stoned.June_4th.A.......[Bloody!,Beijing] DgGjJkMlRfRrScVbWsYr Stoned.Kiev.............[...............] EkJkRt Stoned.Lzr..............[Stoned.Whit....] FsGjIwJkJwMhRtScYr Stoned.Manitoba.........[Stonehenge.....] DgFsJkJwMlRtSc Stoned.Michelangelo.A...[...............] AnCsDgEkFsGjGpIwJkJwMlPpRhRfRrRt (Stoned.Michelangelo continued) ScSgVbWsYr Stoned.No_INT.A.........[Stoned.........] AnDgFsGjIwJkJwMhMlRrRtScSgWsYr Stoned.NOP..............[NOP............] DgJkWs Stoned.Standard.A.......[New Zealand....] AnDgEkFsGjGpIwJkJwLsMlPpRfRrRtSc (Stoned.Standard continued) VbWs Stoned.Swedish_Disaster.[...............] DgGjMl Stoned.W-Boot...........[W-Boot.........] JkMsRrScWsYr SVC.3103.A..............[SVC 5.0........] DgEkRfSc Swiss_Boot..............[Swiss Army.....] FsJkMhRh Tai-Pan.438.............[...............] FsIwJkJwMhMlMsRtSgVb Tai-Pan.666.............[D2D,Doom 2.....] DgEkJkJwMhMlMsPpRtScSgWs Tequila.A...............[...............] CsDgFsIwJkJwLsRfRtScSgVbWsYr Three_Tunes.A...........[1784...........] GjJkSc Trakia.653..............[...............] RrSc Tremor.A................[...............] AnFsIwJkMlMsRtSgVbWs Trojector.1463..........[Athens.........] DgFsJkJwSg Urkel...................[Nwait .........] FsJkScSgVbWs V-Sign..................[Cansu,Sigalit..] DgFsGjIwJkJwLsMhMlRhRfRrRtScSg (V-Sign continued) VbWsYr Vacsina.TP-05.A.........[RCE-1206.......] DgFsGjIwJwRfRtScWs Vacsina.TP-16.A.........[RCE-1339.......] DgFsJwRh Vampiro.................[...............] DgWs Vienna.648.Reboot.A.....[DOS-62.........] DgEkJwSg Vinchuca................[...............] DgWs Virogen.Pinworm.........[...............] GjJk VLamiX..................[Die Lamer......] DgMhMsRt WelcomB.................[Bupt...........] IwJkJwMhMlRtSc WXYC....................[...............] GjJkJwMsRhScWs Yankee Doodle.TP-39.....[RCE-2772.......] DgFs Yankee Doodle.TP-44.A...[RCE-2885.......] DgEkFsGpIwJkJwLsMhMlRfRtScVb Yankee Doodle.XPEH.4928.[Micropox.......] FsJkYr ============================================================================ Total for main list: 168 ============================================================================ This additional list includes viruses reported by a single participant and are often either moving onto the main list, or dropping off of it. N.B: This list also tends to be more of a regional reporting mechanism (e.g. BackFormat.B is reported as very common in Poland by Marek Sell, yet no other regions have reported it). CARO Name of Virus [Alias(es) ] Reported by: ============================================================================ 2up.6000................[...............] Ek Accept.3773.............[...............] Yr Aircop.Standard.........[...............] Oh Alphabetic.A............[...............] Mh Anarchy.2048............[...............] Ek Anticad.2900............[Plastique.2900.] Jw Bad_Sectors.A...........[...............] Yr BackFormat.B............[BackForm.B.....] Ms Benito..................[...............] Ls Boot-446................[Pasta..........] Dg Bosnia:TPE.1_4..........[...............] Ls Bravo.A.................[...............] An Cantando................[...............] Mh Cascade.1701.G..........[1701...........] Vb Cascade.1704.D..........[1704...........] Fs Catholic................[...............] Mh Cholera.*...............[...............] Ms Corgi...................[...............] Dg Cybercide.1307..........[...............] Mh Danish_Tiny.467.........[...............] Fs Dark_Avenger.2100.SI.A..[V2100..........] Dg Datalock.828.A..........[...............] Yr Deliver.................[Digi...........] Ms Diamond.1024.B..........[...............] Fs Dir_II.5................[...............] Vb DOS_Hunter..............[...............] Jw DR&ET.1710..............[Dret...........] Ms Emmie.3097..............[...............] Yr End_of.783..............[...............] Yr Error_Vir...............[...............] Mh EXE_Bug.B...............[...............] An Form.C..................[...............] Ms Freddy_Soft.............[...............] Fs Gippo.Epidemic..........[...............] Sc Gippo.JumpingJack.......[...............] Yr Ha!.1224................[Info, Zmiana...] Ms Hi.833..................[Hi.............] Gp HLLC.EXE_Engine.........[...............] Vb HLLC.Sauna..............[...............] Fs HLLP.Vova.12560.........[...............] Ek Immortal................[...............] Ms Industrial.1841.........[...............] Dg ITV.457.................[...............] Oh Japanese_Xmas.*.........[Xmas in Japan..] Rf Jerusalem.1808.Blank....[...............] Fs Jerusalem.1808.Critical.[...............] Jw Jerusalem.1808.F........[...............] Fs Jerusalem.AntiScan......[...............] Dg Jerusalem.Carfield......[...............] Dg Jerusalem.Fu_Manchu.A...[80 2086........] Dg Jerusalem.June_13.......[...............] Gp Jerusalem.Sunday.II.....[Sunday 2.......] Jw Kaczor.4444.............[Pieck..........] Ms Keypress.1744...........[...............] Yr Kysia.1536.*............[Kyokushinkai...] Ms Kysia.3072..............[Kyokushinkai...] Ms Lame_Surprize.B.........[Lamsurp.B......] Dg Magda...................[Magdzie........] Ms Mannequin.*.............[...............] Gp Manzon.1445.............[...............] Ms Mario.745...............[...............] Ms MISiS...................[Zharinov,NIKA..] Yr Necropolis.*............[1963...........] Yr Nice.B..................[...............] Fs NoWin.2576..............[Zielona........] Ms Parity_Boot.A...........[...............] Ws PG_Boot.................[...............] Jw PCBB.1784...............[...............] Jw Pro.....................[KMIT...........] Sc Quit.A..................[555,Dutch......] Dg Renegade.1176...........[...............] Ek Reverse.948.............[Red Spider.....] Ms Rulus...................[...............] Rt Scroll.1532.............[Kato...........] Ms She_Has.................[...............] Dg SillyC.377..............[...............] Yr SillyCR.351.............[...............] Yr Stardot.600.............[...............] Ls Stealth_Boot.Alfredo....[...............] Jw Stealth_Fighter:RDA_20..[...............] Ek Stoned.Michelangelo.K...[...............] Yr Stoned.New_Zealand......[...............] Gj Storm.1218..............[...............] Yr Street_Fighter:RDA......[Fighter........] Jw Swiss_Phoenix...........[...............] Yr Sword...................[...............] Dg Teraz.4004..............[Flaga..........] Ms Tikka...................[...............] Dg VCL.Genocide.981........[...............] An Vmem....................[...............] Yr Voronezh.1600.A.........[RCE-1600.......] Ek Yeke.1204...............[...............] Ls _814....................[...............] Gp ============================================================================ Total for both lists: 261 ============================================================================ Release Notes for 1 July 1995 version. This release adds five new participants: Gabriel Pislaru (Romania), Jimmy Kuo (McAfee, USA), Mikael Larsson (Sweden), Marek Sell (Poland), and Sarah Gordon (Command, USA). Two participants have been removed because no new information has been received for the past year: Fernando Bonsembiante (Argentina) and Shimon Gruper (Israel). N.B.: The key 'Sg' in this list is Sarah Gordon, not Shimon Gruper. Note that the Iw (Ian Whaley) report includes data Ian provided for both Virus Bulletin and Sophos. The incredible amount of detailed information for specific regions, (i.e. Marek Sell's report on Poland) had made it necessary for me to list only those viruses reported as very common if that virus appears only in the second (single participant) list. This means that a virus that is in the wild and slightly common in just an isolated region will not be reported in the WildList. If it is spotted outside that region or becomes very common within that region, it will be included. I am continuously seeking WildList participants for regional reporting, especially in Central and South America, Spain, former Soviet republics, the Netherlands, China, and Taiwan. Such new participants will need to be in a position where they can monitor and verify virus incidents. People who develop av products are best suited. People who represent one or more av products (agents) and provide localized support may also be qualified if they actually verify the viruses or forward samples to developers. If you thus qualify, please send your name, location, organization, product name, favorite brand of beer, and references (preferably CARO members who know you). Send the information to wildlist@aol.com. Thanks. ============================================================================ The collation of this list is done by Joe Wells, Virus Specialist at IBM's T.J.Watson Research Center, who is solely responsible for its contents. The material presented is implicitly copyrighted under various laws, but may be freely quoted or cited. However, its source and cooperative nature should be duly referenced. No permission is needed to reprint this list. The latest WildList is always posted by me directly to the NCSA Security forum on Compuserve in the Virus Info/Tools library. I also occasionally hang out there (or in a member room called Computer Viruses on AOL). ============================================================================ WildList Vol 507b - c1jwells@watson.ibm.com - 75511,635 - wildlist@aol.com ============================================================================ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAy+wAnYAAAEEAO2alE3YclXZAxkqrSVXkhAuuOsx6NnVfUdKMghYtrBabFuJ +zKiIsahmjeakA2J101KZOHtKMhb5iqLG0oCbRyuBFLtuMhJrjk+L9VRCoxoDB/4 XwFevOGyxRHYfancrIydlMUooe7TZJqbGhhQEROWYm8v6RvkPFtsMpyD+Lb1AAUR tCNKb2UgV2VsbHMgPGMxandlbGxzQHdhdHNvbi5pYm0uY29tPg== =aKXf -----END PGP PUBLIC KEY BLOCK----- ============================================================================