============================================================================ PC Viruses in the Wild - August 10, 1995 ============================================================================ The WildList This is a cooperative listing of viruses reported as being in the wild by many virus information professionals. The basis for the reports are virus incidents where a sample was received, and positively identified by the participant. Rumors and unverified reports have been excluded. This report is cumulative. That is, this is not just a report of which were seen last month. Monthly data is received from most participants, but the new data is added to the old. Participants are expected to let me know when I should remove their name from a virus that they haven't seen in a year and a half or so. The list should not be considered a list of "the most common viruses", however. No provision is made for commonness. A currency basis for the list has been set. Viruses not reported for over a year and a half are removed from the WildList. So this data indicates only "which" viruses have been seen in the wild. Joe Wells - WildList@aol.com ============================================================================ The section below gives the names of participants, along with their geographic location, organization, and antivirus product (if any). The locations with an asterisk (*) note that the reports are regional, all others being multinational or global. Key Participant *Location Organization Product ============================================================================ Ad Allan Dyer *Hong Kong Yui Kee Co. Ltd. F-Prot An Anthony Naggs *So Africa CSIR Virus Lab VPS Cs Christian Schmid *Austria DataPROT Linz F-Prot Dg Dmitry Gryaznov UK S&S Int'l Toolkit Ek Eugene Kaspersky *Russia KAMI AVP Fs Fridrik Skulason Iceland Frisk Int'l F-Prot Gj Glenn Jordan USA Datawatch VirexPC Gp Gabriel Pislaru *Romania SoftWin AVX Iw Ian Whalley UK Virus Bulletin None Jk Jimmy Kuo USA McAfee ViruScan Jw Joe Wells USA IBM IBM AntiVirus Ls Luca Sambucci *Italy/Swiz. I.C.A.R.O. None Mh Mikko Hypponen *Finland Data Felows F-Prot Ml Mikael Larsson *Sweden QA Informatik None Ms Marek Sell *Poland APEXIM MkS_vir Oh Omar Herrera *Mexico Escuadron AV Aguila AV Pb Pavel Baudis *Czech Rep Alwil Software Avast! Pd Paul Ducklin UK Sophos Plc. Sweep Rh Richard Head *Japan Jade Corp Scan Vakzin Rr Roger Riordan Australia CYBEC VET Rt Roger Thompson USA Thompson Network Doctor Rv Robert Vibert *Portugal RSVP None Sc Shane Coursen USA Symantec NAV Sg Sarah Gordon USA Command Software NetProt Vb Vesselin Bontchev *Germany U of Hamburg None Ws Wolfgang Stiller USA Stiller Research Integ Master Yr Yuval Rakavi Israel BRM Untouchable ============================================================================ The people below will be future participants in the WildList. ============================================================================ Ec Eva Chen Taiwan Trend Micro Devices Ew Eddy Willems *Belgium/Lux. De Vaderlandsche Fl Ferenc Leitold *Hungary Hunix Ltd. Lc Lucian Caric *Croatia Bug Computer Magazine Nb Neville Bulsara *India Quantum System Software Pl Pascal Loitner *France Rf Richard Ford USA NCSA ============================================================================ The people below haven't provided reports this year and have been removed. ============================================================================ Fb Fernando Bonsembiante *Argentina Virus Report None Sg Shimon Gruper *Israel EliaShim ViruSafe ============================================================================ This main list includes viruses reported by multiple participants. CARO Name of Virus [ Alias(es) ] Reported by: ============================================================================ 5Lo.....................[...............] FsMh Anticad.4096.A..........[Plastique......] JkSgVb Anticad.4096.B..........[Invader........] DgFsJkSg AntiCMOS.A..............[Lenart.........] AdDgFsGjIwJkJwMhMlMsPdRhRfRtSc (AntiCMOS continued SgVbWsYr AntiCMOS.B..............[...............] MsScYr AntiEXE.A...............[D3,Newbug......] AdDgFsGjIwJkJwMhMlMsPdRfRhRtSc (AntiEXE continued) SgVbWsYr Arianna.3375............[...............] IwLs Avispa.D................[...............] JkJwRtSc BackFormat.A............[Backform.......] JkMhYr Baclab..................[Bacteria Lab...] JkRtSc Barrotes.1310.A.........[Barrotos.......] DgJkRvSc Boot-437................[...............] FsGjJkJwPbRhRtScSgWsYr BootEXE.451.............[BFD-451........] FsIwJkMhMsSg Bosnia:TPE.1_4..........[TPE_Bos........] JkLs Butterfly.Butterfly.....[...............] VbYr Byway...................[Dir-II.Byway...] JkJw Cascade.1701.A..........[1701...........] DgFsGjIwJkJwLsMhMlRfRtSgVbWs Cascade.1704.A..........[1704...........] DgEkFsJwMlRtScSgVb Cascade.1704.D..........[Unk............] FsJk Changsha.A..............[Centry.........] MlMsRfRrRt Chaos.1241..............[...............] JkRrSgYr Chill...................[Chill Touch....] JkRtSc Chinese_Fish............[Fish Boot......] DgFsGjJkMlRrRtVbYr Civil_Defence.6672......[CDV 3.3........] AnJwPbSg Coffeeshop:MtE..........[...............] AnJk CPW.1527................[Mediera,Mierda.] DgJkSc Crazy_Boot..............[...............] DgJkJwMhRhScSg DA_Boys.................[...............] IwJkRtScSgWs Dark_Avenger.1800.A.....[Eddie..........] DgFsGjGpIwJwLsRfRrSgWs Datalock.920.A..........[V920...........] DgJwLsYr DelWin.1759.............[...............] JkJwMsVb Den_Zuko.2.A............[Den Zuk........] DgRtSg Die_Hard................[Wix............] AdAnIwJkJwMlMsRtScSgVbWsYr Dir-II.A................[Creeping Death.] AnDgEkFsGpIwJkJwMlOhRfRrScSgVb (Dir-II.A continued) WsYr Disk_Killer.1_00........[Ogre...........] DgEkIwMl Disk_Washer.............[...............] RhSc DR&ET.1710..............[Dret...........] JkMs Espejo..................[Stakka,IFE.....] JkJwRtScSg EXE_Bug.A...............[CMOS Killer....] AnDgFsIwJkMlPdRtScWs EXE_Bug.C...............[...............] AnRtWs EXE_Bug.Hooker..........[...............] AnRt Fairz...................[Khobar.........] JkMhMs Fat_Avenger.............[...............] JwRr Fichv.2_1...............[905,CHV 2.1....] DgFsVb Filler.A................[...............] GjMl Finnish.357.............[...............] FsMl Finnish_Sprayer.........[...............] FsMhSc Flame...................[Stamford.......] JkJwRrScVbYr Flip.2153.A.............[Omicron........] DgFsIwJkJwLsMlRhRfScWsYr Flip.2343...............[Omicron 2......] DgFsIwLsRv Form.A..................[Form 18........] CsDgFsGjIwJkJwLsMhMlPbPdRfRhRt (Form.A continued) RvScSgVbWsYr Form.D..................[Form May.......] FsJwMsRtScYr Frankenstein............[Frank..........] DgJkMs Freddy_Krueger..........[Freddy 2.......] FsJkScWsYr Frodo.Frodo.A...........[4096,100 Year..] DgFsJkJwMlRfRrVbYr Galicia.................[Telecom........] JkMhRtSc Ginger..................[Gingerbread....] JkRrSc GoldBug.................[...............] DgJkIwMh Green_Caterpillar.1575..[Find,1591,1575.] DgFsGjGpIwJkJwLsRfRrRtScVbWs Hafenstrasse.*..........[Hafen..........] JkVb Helloween.1376.A........[1376...........] DgIwJkJwPbRfRrScWsYr Hi.460..................[Hi.............] JkMsYr Hidenowt................[...............] DgIwJkRhSc HLLC.Even_Beeper.B......[...............] DgJwMsWs HLLO.Novademo.*.........[...............] FsMs Ibex....................[Seven_Boot.....] JwSc J&M.....................[Jimi.Jimmy.....] JkJwMsPbRfVb Jerusalem.1244..........[1244...........] DgLsSg Jerusalem.1808.Standard.[1808,Israeli...] AnDgFsGjIwJkJwLsMlRfRtScSgWsYr Jerusalem.Mummy.2_1.A...[PC Mummy.......] AnDgFsRfRt Jerusalem.Sunday.A......[Sunday.........] AnJkRfRtSg Jerusalem.Zero_Time.Aus.[Slow...........] DgJkJwRhRrRtWs Jihuu.686...............[...............] FsMh Jos.1000................[Jabb...........] GpMs Joshi.A.................[...............] DgFsGjIwJkJwMlRfRrRtScSgVbWsYr Jumper.A................[French Boot....] DgFsGjJwPdRtScSgVbWsYr Jumper.B................[SillyBop,2KB...] DgJkMhMlMsRhSgVb Junkie..................[...............] CsFsIwJkJwLsMhMsPdRhRrRtScVbWsYr Kampana.A...............[AntiTel,Telecom] DgFsGjIwJkJwMhPbRhRfRtRvScSgWs Kaos4...................[...............] AnFsJkMhMsScSg Keypress.1232.A.........[Turku,Twins....] DgIwJwRfRrRtSgWsYr Leandro.................[...............] GpJkJwMhPdRtSc Lemming.................[...............] RrSc Liberty.2857.A..........[Mystic,Magic...] FsIwJwRhRfRtWsYr Little_Brother.307......[...............] FsJk Little_Red..............[Red Book.......] AnGjJkJwRhRtScYr MacGyver.2803...........[Shoo...........] AdAnJk Maltese Amoeba..........[Grain of Sand..] AnDgFsIwJkJwMlMsRtSgWsYr Mange_Tout.1099.........[1099...........] DgIwJkMhMlMsPbRfSc Manzon.1445.............[...............] JkMs Markt.1533..............[Werbe..........] DgJk MIREA.1788..............[Lyceum,Lycee...] EkJk Mongolian_Boot..........[Mongol.........] JwSc Music_Bug...............[...............] FsGjJkWs Necros..................[Gnose,Irish3...] DgJk Neuroquila..............[Havoc..........] DgIwJkWs Nightfall.4559.B........[N8Fall.........] JkPbVb NJH2LBC.A...............[Korea Boot.....] DgJkYr No_Frills.Dudley........[Oi Dudley......] DgJkRrRt No_Frills.No_Frills.843.[...............] JkRrSc Nomenklatura.A..........[Nomen..........] DgJkJw November_17th.768.A.....[...............] LsMs November_17th.800.A.....[Jan1,800.......] LsSc November_17th.855.A.....[V855...........] DgFsJkJwLsRtSc NPox.963.A..............[Evil Genius....] FsSc NYB.....................[B1.............] AdAnDgEkFsGjJkJwLsMhMlMsPdRfRt (NYB continued) ScSgVbWsYr One_Half................[Dis,Free Love..] CsDgEkGpIwJkJwLsMhMsPbRtScSgVb (One_Half continued) WsYr Ontario.1024............[SBC,1024.......] JkJwRr Parity_Boot.B...........[Generic 1......] AnCsDgFsGjGpIwJkJwMhMlPdRhRfRt (Parity_Boot.B continued) RvScSgVb Pathogen:SMEG.0_1.......[...............] DgIwJkWs Peter...................[Peter II.......] JwRhJkRf Ping_Pong.B.............[Italian........] DgGpIwJkJwLsWsYr Predator.2448...........[2448...........] FsJkMlScYr Print_Screen_Boot.A.....[India,PrnSn....] DgJwScYr QRry....................[Query,Essex....] JkJwSc Queeg:SMEG.0_1..........[...............] DgJk Quicksilver.1376........[V.1376.........] JkYr Quox....................[Stealth 2......] FsJkJwRhRtSc Riihi...................[...............] FsMh Ripper..................[Jack Ripper....] AnCsDgFsGjIwJkJwMhMlMsPbPdRhRf (Ripper continued) RtScSgVbWs Russian_Flag............[...............] AnDgScYr Sampo...................[Turbo..........] AdDgFsGjIwJkJwMhMlMsPbPdRhRfRt (Sampo continued) ScSgVbWs Sat_Bug.Natas...........[Satan..........] AdDgFsIwJkJwMhMlMsPbPdRtRvScSg (Sat_But.Natas continued) VbWs Sat_Bug.Sat_Bug.........[Satan Bug......] JkJwYr Sayha...................[...............] ScYr Screaming_Fist.II.696...[Fist 2,Scream 2] DgGjJkJwRtScSgWs She_Has.................[...............] DgPd Sibylle.................[...............] DgJw Sleep_Walker............[...............] JkRrSc Stardot.789.A...........[805............] JwLsSc Stealth_Boot.B..........[AMSE NopB......] GjIwJkJwPdRhRtScSgVbYr Stealth_Boot.C..........[AMSE NopB2.....] GjJkJwRtSgVbYr Stoned.16.A.............[Brunswick......] DgJwScYr Stoned.Angelina.........[...............] CsDgIwJkJwMhMlMsPbPdRvScSg Stoned.Azusa.A..........[Hong Kong......] AnDgFsGjJkJwMlRfRrRtScWsYr Stoned.Bravo............[...............] AnJkMs Stoned.Bunny.A..........[...............] AnWs Stoned.Dinamo.*.........[...............] RtScYr Stoned.Daniela..........[...............] ScSg Stoned.Empire.Int_10.B..[...............] JkRtSgSc Stoned.Empire.Monkey.A..[Monkey.........] IwJkJwMlPdRrRtScSg Stoned.Empire.Monkey.B..[Monkey 2.......] AnDgFsGjIwJkJwMhMlPdRhRfRrRtSc (Stoned.Empire.Monkey.B continued SgVbWs Stoned.June_4th.A.......[Bloody!,Beijing] DgGjJkMlRfRrScVbWsYr Stoned.Kiev.............[...............] EkJkRt Stoned.Lzr..............[Stoned.Whit....] AdFsGjIwJkJwMhRtScYr Stoned.Manitoba.........[Stonehenge.....] DgFsJkJwMlRtSc Stoned.Michelangelo.A...[...............] AnCsDgEkFsGjGpIwJkJwMlPbRhRfRr (Stoned.Michelangelo continued) RtScSgVbWsYr Stoned.No_INT.A.........[Stoned.........] AnDgFsGjIwJkJwMhMlPbPdRrRtScSg (Stoned.No_INT.A continued) WsYr Stoned.NOP..............[NOP............] DgJkWs Stoned.Standard.A.......[New Zealand....] AnDgEkFsGjGpIwJkJwLsMlPdRfRhRr (Stoned.Standard continued) RtScVbWs Stoned.Swedish_Disaster.[...............] DgGjMl Stoned.W-Boot...........[W-Boot.........] JkMsRrScWsYr SVC.3103.A..............[SVC 5.0........] DgEkRfSc Swiss_Boot..............[Swiss Army.....] FsJkMhRh Tai-Pan.438.............[...............] FsIwJkJwMhMlMsPbRtSgVbYr Tai-Pan.666.............[D2D,Doom 2.....] DgEkJkJwMhMlMsRtScSgWs Tequila.A...............[...............] CsDgFsIwJkJwLsRfRtScSgVbWsYr Three_Tunes.A...........[1784...........] GjJkSc Trakia.653..............[...............] RrSc Tremor.A................[...............] AnFsIwJkMlMsPbRtSgVbWs Trojector.1463..........[Athens.........] DgFsJkJwSg Urkel...................[Nwait .........] FsJkScSgVbWs V-Sign..................[Cansu,Sigalit..] DgFsGjIwJkJwLsMhMlPbPdRhRfRrRt (V-Sign continued) ScSgVbWsYr Vacsina.TP-05.A.........[RCE-1206.......] DgFsGjIwJwRfRtScWs Vacsina.TP-16.A.........[RCE-1339.......] DgFsJwRh Vampiro.................[...............] DgWs Vienna.648.Reboot.A.....[DOS-62.........] DgEkJwSg Vinchuca................[...............] DgWs Virogen.Pinworm.........[...............] GjJk VLamiX..................[Die Lamer......] DgJkMhMsRt WelcomB.................[Bupt...........] AdIwJkJwMhMlPbPdRtSc WXYC....................[...............] GjJkJwMsRhScWs Yankee Doodle.TP-39.....[RCE-2772.......] DgFs Yankee Doodle.TP-44.A...[RCE-2885.......] DgEkFsGpIwJkJwLsMhMlRfRtScVb Yankee Doodle.XPEH.4928.[Micropox.......] FsJkYr ============================================================================ Total for main list: 190 ============================================================================ This additional list includes viruses reported by a single participant and are oftener moving onto the main list, or dropping off of it. Note especially that this list also tends to be more of a regional reporting mechanism. For example, BackFormat.B is reported as very common in Poland by Marek Sell, yet no other regions have reported it. CARO Name of Virus [Alias(es) ] Reported by: ============================================================================ 2up.6000................[...............] Ek Accept.3773.............[...............] Yr Aircop.Standard.........[...............] Oh Alphabetic.A............[...............] Mh Alphastrike.............[...............] Yr Anarchy.2048............[...............] Ek Anticad.2900............[Plastique.2900.] Jw Bad_Sectors.A...........[...............] Yr BackFormat.B............[BackForm.B.....] Ms Benito..................[...............] Ls Boot-446................[Pasta..........] Dg Brasil..................[...............] Sc Bravo.A.................[...............] An Byway.B.................[...............] Jw Cantando................[...............] Mh Cascade.1701.G..........[1701...........] Vb Catholic................[...............] Mh Cavaco..................[...............] Jk Cholera.*...............[...............] Ms Corgi...................[...............] Dg Cybercide.1307..........[...............] Mh Dalian..................[...............] Ad Danish_Tiny.467.........[...............] Fs Dark_Avenger.2100.SI.A..[V2100..........] Dg Datalock.828.A..........[...............] Yr Deliver.................[Digi...........] Ms Diamond.1024.B..........[...............] Fs Dir-II.5................[...............] Vb DOS_Hunter..............[...............] Jw Dual_Gtm.1643...........[...............] Jk Emmie.2803..............[...............] Yr Emmie.3097..............[...............] Yr End_of.783..............[...............] Yr Error_Vir...............[...............] Mh Espejo.B................[...............] Jk EXE_Bug.B...............[...............] An Face....................[...............] Jk Form.C..................[...............] Ms Freddy_Soft.............[...............] Fs G_World.................[...............] Yr Gippo.Epidemic..........[...............] Sc Gippo.JumpingJack.......[...............] Yr Goomba..................[...............] Yr Ha!.1224................[Info, Zmiana...] Ms Hi.833..................[Hi.............] Gp HLLC.EXE_Engine.........[...............] Vb HLLC.Sauna..............[...............] Fs HLLP.Vova.12560.........[...............] Ek Immortal................[...............] Ms Industrial.1841.........[...............] Dg ITV.457.................[...............] Oh Japanese_Xmas.*.........[Xmas in Japan..] Rf Jerusalem.1808.Blank....[...............] Fs Jerusalem.1808.Critical.[...............] Jw Jerusalem.1808.F........[...............] Fs Jerusalem.AntiScan......[...............] Dg Jerusalem.Carfield......[...............] Dg Jerusalem.Fu_Manchu.A...[80 2086........] Dg Jerusalem.HK.2886.......[...............] Ad Jerusalem.June_13.......[...............] Gp Jerusalem.Sunday.II.....[Sunday 2.......] Jw June_12th...............[...............] Ad K-Hate..................[...............] Iw Kaczor.4444.............[Pieck..........] Ms Keypress.1744...........[...............] Yr Kysia.1536.*............[Kyokushinkai...] Ms Kysia.3072..............[Kyokushinkai...] Ms Lame_Surprize.B.........[Lamsurp.B......] Dg LoveChild.2710..........[...............] Yr Magda...................[Magdzie........] Ms Mannequin.*.............[...............] Gp Mario.745...............[...............] Ms Ming.491................[...............] Ad Ming.CLME.1952..........[...............] Ad MISiS...................[Zharinov,NIKA..] Yr Necropolis.*............[1963...........] Yr Nice.B..................[...............] Fs NoWin.2576..............[Zielona........] Ms Parity_Boot.A...........[...............] Ws PG_Boot.................[...............] Jw Phalcon.Storyless.......[...............] Yr PCBB.1784...............[...............] Jw Pro.....................[KMIT...........] Sc Quit.A..................[555,Dutch......] Dg Renegade.1176...........[...............] Ek Reverse.948.............[Red Spider.....] Ms Rulus...................[...............] Rt Satria..................[July_4th.......] Jk Scroll.1532.............[Kato...........] Ms Sierra..................[...............] Jk SillyC.377..............[...............] Yr SillyCR.409.............[...............] Jk SillyCR.351.............[...............] Yr Stardot.600.............[...............] Ls Stealth_Boot.Alfredo....[...............] Jw Stealth_Fighter:RDA_20..[...............] Ek Stoned.Devil............[...............] Yr Stoned.G................[...............] Iw Stoned.Michelangelo.K...[...............] Yr Stoned.New_Zealand......[...............] Gj Storm.1218..............[...............] Yr Stealth_Fighter:RDA.....[Fighter........] Jw SVC.2936.C..............[...............] Jk Swiss_Phoenix...........[...............] Yr Sword...................[...............] Dg Tamanna.................[...............] Rh Teraz.4004..............[Flaga..........] Ms Tikka...................[...............] Dg VCL.Genocide.839........[...............] Ms VCL.Genocide.981........[...............] An Venezuela...............[...............] Jk Viresc..................[...............] Iw Vmem....................[...............] Yr Voronezh.1600.A.........[RCE-1600.......] Ek Yeke.1204...............[...............] Ls Zappa...................[...............] Yr _613....................[...............] Yr _814....................[...............] Gp ============================================================================ Total for both lists: 308 ============================================================================ Release Notes for August 1995 version. This release adds three new participants: Allan Dyer (Hong Kong), Pavel Baudis (Czech Republic), and Paul Ducklin (UK). With this release, the WildList is scheduled to come out on the 10th of each month, rather than the 1st. Some participants send me their data after the 1st and I've had one specific request to hold off til the 10th. Before, for example, July reports received after the August release would end up going into the September WildList, making the data two months old. Thus, holding the release until the 10th keeps the data fresher. I am continuously seeking WildList participants for regional reporting, especially in Central and South America, Spain, former Soviet republics, and the Netherlands. Such new participants will need to be in a position where they can monitor and verify virus incidents. People who develop av products are best suited. People who represent one or more av products (agents) and provide localized support may also be qualified if they actually verify the viruses or forward samples to developers. If you thus qualify, please send your name, location, organization, product name, favorite brand of beer, and references (preferably CARO members who know you). Send the information to wildlist@aol.com. Thanks. ============================================================================ The collation of this list is done by Joe Wells, Virus Specialist at IBM's T.J.Watson Research Center, who is solely responsible for its contents. The material presented is implicitly copyrighted under various laws, but may be freely quoted or cited. However, its source and cooperative nature should be duly referenced. No permission is needed to reprint this list. The latest WildList is always posted by me directly to the NCSA Security forum on Compuserve in the Virus Info/Tools library. I also occasionally hang out there (or in a member room called Computer Viruses on AOL). ============================================================================ WildList Vol. 508 - c1jwells@watson.ibm.com - 75511,635 - wildlist@aol.com ============================================================================ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.7 mQCNAy+wAnYAAAEEAO2alE3YclXZAxkqrSVXkhAuuOsx6NnVfUdKMghYtrBabFuJ +zKiIsahmjeakA2J101KZOHtKMhb5iqLG0oCbRyuBFLtuMhJrjk+L9VRCoxoDB/4 XwFevOGyxRHYfancrIydlMUooe7TZJqbGhhQEROWYm8v6RvkPFtsMpyD+Lb1AAUR tCNKb2UgV2VsbHMgPGMxandlbGxzQHdhdHNvbi5pYm0uY29tPg== =aKXf -----END PGP PUBLIC KEY BLOCK----- ============================================================================