The WildList

February 1994

 ============================================================================
                    PC Viruses in the Wild - June 15, 1994
 ============================================================================
    This is a cooperative listing of viruses reported as being in the wild
    by 16 virus information professionals. The basis for these reports are
    virus incidents where a sample was received, and positively identified
    by the participant.  Rumors and unverified reports have been excluded.
 
    The list should not be considered a list of "currently common" viruses
    however. No provision is made for commonness. A currency basis for the
    list has been set. Reports date from September of 1992 to the present.
 
    This data indicates only "which" viruses have been found in the wild.
 ============================================================================
    The section below gives the names of participants, along with their
    organization, antivirus product (if any), and geographic location.
  
    Key Participant            Organization      Product        Location  
 ============================================================================
    As  Alan Solomon           S&S Int'l         Toolkit        UK
    Dc  Dave Chess             IBM               IBM AntiVirus  USA       
    Ek  Eugene Kaspersky       KAMI              AVP            Russia
    Fb  Fernando Bonsembiante  Virus Report      None           Argentina 
    Fs  Fridrik Skulason       Frisk Int'l       F-Prot         Iceland
    Gj  Glenn Jordan           Datawatch         VirexPC        USA
    Jw  Joe Wells              Symantec          NAV            USA       
    Pd  Paul Ducklin           CSIR Virus Lab    None           So Africa
    Pp  Padgett Peterson       Hobbyist          DiskSecure     USA
    Rf  Richard Ford           Virus Bulletin    None           UK
    Rh  Richard Head           Jade Corp         Scan Vakzin    Japan     
    Rr  Roger Riordan          CYBEC             VET            Australia
    Sg  Shimon Gruper          EliaShim          ViruSafe       Israel
    Vb  Vesselin Bontchev      U of Hamburg      None           Germany
    Ws  Wolfgang Stiller       Stiller Research  Integ Master   USA
    Yr  Yuval Rakavi           BRM               Untouchable    Israel    
 ============================================================================
   The first chart is based on two or more participants reporting a virus. 
   Therefore, these viruses are probably more geographically scattered.   
  
  CARO Name of Virus        AsDcEkFbFsGjJwPdPpRfRhRrSgVbWsYr  Alias(es)
 ============================================================================
  3-Tunes..................| . . . . . x x . . . . . . . . . | 1784
  AntiCMOS.................| . x . . . . x . . . . . . . . . |
  AntiEXE..................| . . . . x . x . . . . . . x . x | D3,Newbug
  Athens...................| . . . . x . x . . . . . . . . . | Trajector
  Barrotes.A...............| x . . . . . x x . . . . . . . . | Barrotos
  Boot-437.................| . . . . . . x . . . . . . . . x |
  Brasil...................| . . . . . . x . x . . . . . . . |
  Butterfly................| . . . . . . x . . . . . . x . x |
  Cascade.1701.A...........| x x . x x . . . . x x . x x . . | 1701
  Cascade.1704.A...........| x x x . x . x . . . . . x . . x | 1704
  Changsha.................| . . . . . . x . . . x x . . . . | Centry
  Chinese Fish.............| x x . . x x x x . . . x . . . x | Fish Boot
  CPW.1527.................| . . . . . . x . x . . . . . . . | Mediera,Mierda
  Dark_Avenger.1800.A......| x x . x x x x . . x x x . . x x | Eddie
  Dark_Avenger.2100.SI.A...| x . . . . . x . . . . . . . . . | V2100
  Datalock.920.............| x x . . . . x . . . . . x . . x | V920
  Dir-II.A.................| x x x x x . x x . x x x x x x x | Creeping Death
  Disk_Killer.A............| x . x . . . x . x x . . x . . . | Ogre
  Even_Beeper..............| x x . . . . . . . . . . . . . . |
  EXE_Bug.A................| x . . . . . x x . x . . x . x . | CMOS Killer
  EXE_Bug.C................| . . . . . . . x . . . . x . x . |
  Fichv.2_1................| x . . . x . . . . . . . x . . x | 905,CHV 2.1
  Filler...................| . . . . . x x . . . . . . . . . |
  Flip.2153.A..............| x x . x x . x . . x x . x . . . | Omicron
  Flip.2343................| x . . . x . . . . . . . . . . . | Omicron 2
  Form.....................| x x . x x x x . x x x . x x x x | Form 18
  Freddy_2.................| . . . . x . x . . . . . . . . . |
  Frodo.Frodo.A............| x x . x x . x . . . x x x . . x | 4096,100 Year
  Ginger...................| . . . . . . x . . . . x . . . . | Gingerbread
  Green Caterpillar........| x x . . x x x . . x x x x . x x | Find,1591,1575
  Helloween.1376...........| x . . . . . x . . x x x . . x x | 1376
  Jerusalem.1244...........| x x . . . . . . . . . . . . . . | 1244
  Jerusalem.1808.Standard..| x x . x x x x x x x x . x . x x | 1808,Israeli
  Jerusalem.Anticad.4096.B.| x . . . x . . . . . . . x . . . | Invader
  Jerusalem.Fu_Manchu......| x . . . . . x . . . . . x . . . | 2080,2086
  Jerusalem.Mummy.2_1......| x . . . x . . x . . x . x . . . | PC Mummy
  Jerusalem.Sunday.A.......| . . . . . . . x . . x . . . . x | Sunday
  Jerusalem.Zerotime.Austr.| x x . . . . . . . . . x x . x x | Slow
  Joshi.A..................| x x . . x x x . x x x x x . x . |
  Kampana.3700:Boot........| x x . x x x x . . x x . . . x . | AntiTel,Telecom
  Keypress.1232.A..........| x x . . . . . x . x x x x . x x | Turku,Twins
  Liberty..................| . x . . x . x . . x x . . . x x | Mystic,Magic
  Little_Red...............| . . . . . x x . . . . . . . . . |
  Maltese Amoeba...........| x x . . x . x . x x . . x . x x | Grain of Sand
  Music_Bug................| . . . . x x . . x . . . . . x . |
  Necros...................| x . . . . . x . . . . . . . . . | Gnose,Irish3
  NJH-LBC..................| x . . . . . . . . . . . . . . x | Korea Boot
  No_Frills.Dudley.........| x . . . . . . . . . . x . . . . | Oi Dudley
  No_Frills.No_Frills......| . . . . . . x . . . . x . . . . |
  Nomenklatura.............| x x . . . . . . . . . . . . . . | Nomen
  November_17th.855.A......| x x . . x . x . . . . . . . . . | V855
  NPox.963.A...............| . . . . x . x . . . . . . . . x | Evil Genius
  Ontario.1024.............| . x . . . . . . . . . x x . . . | SBC,1024
  Parity_Boot.B............| x . . . . . x x . x x . . x . . | Generic 1
  Ping_Pong.B..............| x x . x . . . . . x . . x . x . | Italian
  Predator.2448............| . . . . x . x . . . . . . . . . | 2448
  Print_Screen.............| x x . . . . x . . . . . . . . x | India,PrnSn
  Quit.A...................| x x . . . . . . . . . . . . . . | 555,Dutch
  Quox.....................| . x . . x . x . . . . . . . . . | Stealth 2
  Ripper...................| x x . . x . x . . . . . . . . . | Jack the Ripper
  Screaming_Fist.696.......| x x . . . x x . . . . . . . x . | Fist 2,Scream 2
  Sleepwalker..............| . . . . . . x . . . . x . . . . |
  SMEG.Pathogen............| x . . . . . . . . x . . . . . . |
  Stealth.B................| . x . . . . x . x x . . . . . . | STB
  Stoned.16................| x x . . . . x . . . . . . . . x | Brunswick
  Stoned.Azusa.............| x x . . x . x x x . x x x . x . | Hong Kong
  Stoned.Empire.Monkey.B...| x x . . x x x . x x . x . x x . | Monkey 2
  Stoned.Empire.Monkey.A...| . . . . . . x . . . . x . . . . | Monkey
  Stoned.Flame.............| . . . . . . x . . . . x . x . . | Stoned(3C)
  Stoned.June_4th..........| x . . . . x x . . . x x . x x x | Bloody!,Beijing
  Stoned.Lzr...............| . . . . x . x . . . . . . . . x | Stoned.Whit
  Stoned.Manitoba..........| . . . . x . x . . . . . . . . . | Stonehenge
  Stoned.Michelangelo......| x x x x x x x x x x x x x x x . |
  Stoned.NoINT.............| x x . . x x x x . x . x . . x . | Stoned
  Stoned.NOP...............| . . . . . . x . . . . . . . x . | NOP
  Stoned.Standard.B........| x . x x x x x x x x x x x x x . | New Zealand
  Stoned.Swedish_Disaster..| x . . . . x . . . . . . . . . . |
  Stoned.W-Boot............| . . . . . . x . . . . x . . . x | W-Boot
  Stardot.789..............| . x . . . . x . . . . . . . . . | 805
  SVC.3103.................| x . x . . . x . . . x . x . . . | SVC 5.0
  Swiss_Phoenix............| . . . . . . x . . . . . . . . x |
  Tequila..................| x x . . x . x x . x x . x x x x |
  Tremor...................| . . . . x . . . . x . . . x x . |
  V-Sign...................| x x . . x x x . . x x x x . x . | Cansu,Sigalit
  Vacsina.TP-05............| x x . . x x x . . x x . . . x . | RCE-1206
  Vacsina.TP-16............| x x . . x . . . . . . . . . . . | RCE-1339
  Vienna.648.Reboot........| x x x . . . . . . . . . . . . . | DOS-62
  WXYC.....................| . x . . . . x . . . . . . . . . |
  Yankee Doodle.TP-39......| x . . . x . . . . . . . . . . . | RCE-2772
  Yankee Doodle.TP-44.A....| x . x . x . x . . x x . . x . x | RCE-2885
  Yankee Doodle.XPEH.4928..| . . . . x . . . . . . . . . . x | Micropox
  Yeke.1076................| . x . . . . x . . . . . . . . . |
 ============================================================================
  Total for first list: 92 Viruses
 ============================================================================
   The second chart is based on a single participant noting more than one 
   infection site and may signify limited regional virus outbreaks.
  
  CARO Name of Virus         AsDcEkFbFsGjJwPdPpRfRhRrSgVbWsYr Alias(es)
 ============================================================================
  10_Past_3.748............| . . . . . . . x . . . . . . . . |
  BootEXE..................| . . . . . . . . . x . . . . . . | BFD-451
  Brain....................| . . . . . . . . x . . . . . . . | Pakistani
  Cascade.1701.G...........| . . . . . . . . . . . . . x . . | 1701
  Chill_Touch..............| . . . . . . x . . . . . . . . . |
  Coffeeshop:MtE_090.......| . . . . . . . x . . . . . . . . |
  Darth_Vader.3.A..........| . . . . . . . . . . . . . . x . |
  Datalock.828.............| . . . . . . . . . . . . . . . x |
  Den_Zuko.A...............| x . . . . . . . . . . . . . . . | Den Zuk
  DosHunter................| . x . . . . . . . . . . . . . . |
  Emmie.3097...............| . . . . . . . . . . . . . . . x |
  EXE_Engine...............| . . . . . . . . . . . . . x . . |
  Grower...................| . . . . . . x . . . . . . . . . | V270x,268+
  Hafenstrasse.............| . . . . . . . . . . . . . x . . | Hafen
  Hi.......................| . . . . . . . . . . . . . . . x | Hi.460
  Involuntary.A............| . . . . . . x . . . . . . . . . | Invol
  Involuntary.B............| . . . . . . x . . . . . . . . . | Invol.B
  Japanese_Xmas............| . . . . . . . . . . x . . . . . | Xmas in Japan
  Jerusalem.1808.CT........| . x . . . . . . . . . . . . . . | Capt Trips
  Jerusalem.1808.Null......| . x . . . . . . . . . . . . . . |
  Jerusalem.Carfield.......| x . . . . . . . . . . . . . . . |
  Jerusalem.Moctezuma......| . x . . . . . . . . . . . . . . |
  Jerusalem.Mummy.1_2......| . . . . . . . x . . . . . . . . |
  Jerusalem.Sunday.II......| . x . . . . . . . . . . . . . . | Sunday 2
  Joshi.B..................| . x . . . . . . . . . . . . . . |
  Jumper...................| . . . . . . . . . . . . . . . x |
  Kampana.Galicia:Boot.....| . . . . . . x . . . . . . . . . | Telecom
  Keypress.1744............| . . . . . . . . . . . . . . . x |
  Little Brother.307.......| . . . . x . . . . . . . . . . . |
  Lyceum.1788..............| . . x . . . . . . . . . . . . . |
  MISiS....................| . . . . . . . . . . . . . . . x | Zharinov,NIKA
  Murphy.Smack.1841........| . . . . . . x . . . . . . . . . | Smack
  Natas....................| . . . . . . x . . . . . . . . . |
  Necropolis...............| . . . . . . . . . . . . . . . x | 1963
  November_17th.800........| . . . . . . x . . . . . . . . . | Jan1, 800
  NYB......................| . . . . . . x . . . . . . . . . | New York
  Number_of_the_Beast......| . . . x . . . . . . . . . . . . | 512,666
  Parity_Boot.A............| . . . . . . . . . . . . . . x . |
  Sat_Bug..................| . . . . . . x . . . . . . . . . | Satan Bug
  Screaming_Fist.NuWay.....| . . . . . . x . . . . . . . . . | Sticky
  Pathogen:SMEG............| x . . . . . . . . . . . . . . . | 
  Stinkfoot................| . . . . . . . x . . . . . . . . |
  Stoned.Bunny.A...........| . . . . . . . x . . . . . . x . |
  Stoned.Dinamo............| . . . . . . . . . . . . . . . x |
  Stoned.Michelangelo.K....| . . . . . . . . . . . . . . . x |
  Stoned.Empire.In_Love....| . . . . . . x . . . . . . . . . |
  SVC.2936.................| . . . . . . x . . . . . . . . . | 
  SVC.3241.................| . x . . . . . . . . . . . . . . | 
  Stoned.Empire.Int_10.....| . . . . . . . . x . . . . . . . |
  Swiss_Boot...............| . . . . x . . . . . . . . . . . | Swiss Army
  Syslock.Syslock.A........| x . . . . . . . . . . . . . . . |
  Vmem.....................| . . . . . . . . . . . . . . . x |
  Voronezh.1600............| . . x . . . . . . . . . . . . . | RCE-1600
  Yale.....................| . x . . . . . . . . . . . . . . | Alameda
 ============================================================================
  Total for both lists: 146 Viruses
 ============================================================================
   Virus Alerts: Below are reports from participants and others on which
                 viruses are reported and verified in specific areas. For 
                 false and distorted alerts, see the next section.
   
   (Note: As more participants are contacted for this information, this
          virus alert section will undoubtedly grow. Focus so far has
          been on the western hemisphere and Japan.)

   USA - Most frequently reported viruses for May 1992 at Symantec in
         order of frequency are: Monkey.B, Stoned.Michelangelo, Form,
         Stoned.Standard, V-Sign, Stoned.NoInt, Joshi, Stealth.B.

         Chill_Touch was posted on Ziffnet and downloaded by a few dozen
         people. Ziff posted a notice about this and is making an effort
         to reach those who downloaded infected games.

         NYB virus was shipped to 3000 locations in the US and Canada.

         Form is rumored to have been shipped in preformatted disks (again).
   
         Stealth.B was rumored to have been shipped on some small-capacity
         harddrives. 
       
         AntiCMOS has appeared in several locations.

   Mexico - Natas has been confirmed at several sites in Mexico City.

   Chile - The most commonly reported viruses, per Juan Vignolo, are: 
           CPW.1527, Green_Caterpillar.1575.A, Stoned.Michalengelo.A,
           Stoned.NoINT, CPW.1459, Cascade.1701.A, Vacsina.TP.5.A,
           Ping-Pong.Standard.A, Jerusalem.1808.Standard, Brain.Standard

   Argentina - The most common viruses, per Fernando Bonsembiante, are:
           Stoned.Michalangelo, Stoned.Standard, Number_of_the_Beast,
           Jerusalem.1808.Standard, Ping-Pong.Standard, Cascade, Dark
           Avenger.1800, Kampana Boot, Dir-II, Flip, Frodo, Form.

   Japan - The most common viruses, per Richard Head, are:
           Yankee Doodle, Cascade, Kampana, Form, AntiCMOS, Michelangelo,
           Kampana.3445, Stoned.Azusa, StarDot.789, Stoned.Standard.
 ============================================================================
   Report Frenzies: There were three recent virus report frenzies in which
   virus reports were blown all out of proportion by the news media and/or 
   some antivirus product vendor(s).
   
         Pathogen:SMEG - Total verified incidents: 3 in UK
         Junkie        - Total verified incidents: 0
         CD-IT "Virus" - Actually, a trojan. Not a virus.

   An older frenzy, over Sat_Bug (Satan Bug), is still being exagerated
   and exploited by at lease one source.
 ============================================================================
   The collation of this material is done by Joe Wells, Virus Specialist at 
   Symantec, Peter Norton Group, who is solely responsible for its contents.
 
   The material presented is implicitly copyrighted under various laws, but
   may be freely quoted or cited. However, its source and cooperative nature
   should be duly referenced.
 
   Other antivirus product developers are invited to participate in the list. 
   If you wish to do so, please contact me.
 ============================================================================
  The WILDList by Joe Wells -- [email protected] -- 70750,3457 -- Vol2.06b
 ============================================================================