The WildList
July 1995
============================================================================
PC Viruses in the Wild - July 1, 1995
============================================================================
The WildList
This is a cooperative listing of viruses reported as being in the wild
by many virus information professionals. The basis for the reports are
virus incidents where a sample was received, and positively identified
by the participant. Rumors and unverified reports have been excluded.
This report is cumulative. That is, this is not just a report of which
were seen last month. Monthly data is received from most participants,
but the new data is added to the old. Participants are expected to let
me know when I should remove their name from a virus that they haven't
seen in a year and a half or so.
The list should not be considered a list of "the most common viruses",
however. No provision is made for commonness. A currency basis for the
list has been set. Viruses not reported for over a year and a half are
removed from the WildList.
So this data indicates only "which" viruses have been seen in the wild.
Joe Wells - [email protected]
============================================================================
The section below gives the names of participants, along with their
geographic location, organization, and antivirus product (if any). The
locations with an asterisk (*) note that the reports are regional, all
others being multinational or global.
Key Participant *Location Organization Product
============================================================================
An Anthony Naggs *So Africa CSIR Virus Lab VPS
Cs Christian Schmid *Austria DataPROT Linz F-Prot
Dg Dmitry Gryaznov UK S&S Int'l Toolkit
Ek Eugene Kaspersky *Russia KAMI AVP
Fs Fridrik Skulason Iceland Frisk Int'l F-Prot
Gj Glenn Jordan USA Datawatch VirexPC
Gp Gabriel Pislaru *Romania SoftWin AVX
Iw Ian Whalley UK Virus Bulletin None
Jk Jimmy Kuo USA McAfee ViruScan
Jw Joe Wells USA IBM IBM AntiVirus
Ls Luca Sambucci *Italy/Swiz. I.C.A.R.O. None
Mh Mikko Hypponen *Finland Data Felows F-Prot Pro
Ml Mikael Larsson *Sweden QA Informatik None
Ms Marek Sell *Poland APEXIM MkS_vir
Oh Omar Herrera *Mexico Escuadron AV Aguila AV
Pp Padgett Peterson USA Hobbyist DiskSecure
Rh Richard Head *Japan Jade Corp Scan Vakzin
Rr Roger Riordan Australia CYBEC VET
Rt Roger Thompson USA Thompson Network Doctor
Rv Robert Vibert *Portugal RSVP None
Sc Shane Coursen USA Symantec NAV
Sg Sarah Gordon USA Command Software NetProt
Vb Vesselin Bontchev *Germany U of Hamburg None
Ws Wolfgang Stiller USA Stiller Research Integ Master
Yr Yuval Rakavi Israel BRM Untouchable
============================================================================
The people below will be future participants in the WildList.
============================================================================
Ad Allan Dyer *Hong Kong Yui Kee Co. Ltd.
Fl Ferenc Leitold *Hungary Hunix Ltd.
Lc Lucian Caric *Croatia Bug Computer Magazine
Nb Neville Bulsara *India Quantum System Software
Pb Pavel Baudis *Czech Rep Alwil Software
Pl Pascal Loitner *France
Rf Richard Ford USA NCSA
============================================================================
The people below haven't provided reports this year and have been removed.
============================================================================
Fb Fernando Bonsembiante *Argentina Virus Report None
Sg Shimon Gruper *Israel EliaShim ViruSafe
============================================================================
This main list includes viruses reported by multiple participants.
CARO Name of Virus [ Alias(es) ] Reported by:
============================================================================
5Lo.....................[...............] FsMh
Anticad.4096.A..........[Plastique......] JkSgVb
Anticad.4096.B..........[Invader........] DgFsJkSg
AntiCMOS.A..............[Lenart.........] DgFsGjIwJkJwMhMlMsRhRfRtScSgVbWsYr
AntiCMOS.B..............[...............] MsSc
AntiEXE.A...............[D3,Newbug......] AnDgFsGjIwJkJwMhMlMsRfRtScSgVbWsYr
Arianna.3375............[...............] IwLs
Avispa.D................[...............] JkJwRtSc
BackFormat.A............[Backform.......] JkMhYr
Baclab..................[...............] JkPpRtSc
Barrotes.1310.A.........[Barrotos.......] DgJkRvSc
Boot-437................[...............] FsGjJkJwRhRtScSgWsYr
BootEXE.451.............[BFD-451........] FsIwJkMhMsSg
Brasil..................[...............] PpSc
Butterfly.Butterfly.....[...............] VbYr
Cascade.1701.A..........[1701...........] DgFsGjIwJkJwLsMhMlRfRtSgVbWs
Cascade.1704.A..........[1704...........] DgEkFsJwMlRtScSgVb
Changsha.A..............[Centry.........] MlMsRfRrRt
Chaos.1241..............[...............] JkRrSgYr
Chill...................[Chill Touch....] JkRtSc
Chinese_Fish............[Fish Boot......] DgFsGjJkMlRrRtVbYr
Civil_Defence.6672......[CDV 3.3........] AnJwSg
Coffeeshop:MtE..........[...............] AnJk
CPW.1527................[Mediera,Mierda.] DgJkPpSc
Crazy_Boot..............[...............] DgJkJwMhRhScSg
DA_Boys.................[...............] JkRtScSgWs
Dark_Avenger.1800.A.....[Eddie..........] DgFsGjGpIwJwLsRfRrSgWs
Datalock.920.A..........[V920...........] DgJwLsYr
DelWin.1759.............[...............] JkJwMsVb
Den_Zuko.2.A............[Den Zuk........] DgRtSg
Die_Hard................[Wix............] AnIwJkJwMlRtScSgVbWs
Dir-II.A................[Creeping Death.] AnDgEkFsGpIwJkJwMlOhRfRrScSgVbWsYr
Disk_Killer.1_00........[Ogre...........] DgEkIwMlPp
Disk_Washer.............[...............] RhSc
Espejo..................[Stakka,IFE.....] JkJwRtScSg
EXE_Bug.A...............[CMOS Killer....] AnDgFsIwJkMlRtScWs
EXE_Bug.C...............[...............] AnRtWs
EXE_Bug.Hooker..........[...............] AnRt
Fairz...................[Khobar.........] JkMh
Fat_Avenger.............[...............] JwRr
Fichv.2_1...............[905,CHV 2.1....] DgFsVb
Filler.A................[...............] GjMl
Finnish.357.............[...............] FsMl
Finnish_Sprayer.........[...............] FsMhSc
Flame...................[Stamford.......] JkJwRrScVbYr
Flip.2153.A.............[Omicron........] DgFsIwJkJwLsMlRhRfScWsYr
Flip.2343...............[Omicron 2......] DgFsLsRv
Form.A..................[Form 18........] CsDgFsGjIwJkJwLsMhMlPpRfRtRvSc
(Form.A continued) SgVbWsYr
Form.D..................[Form May.......] FsJwMsRtScYr
Frankenstein............[Frank..........] DgJkMs
Freddy_Krueger..........[Freddy 2.......] FsJkScWsYr
Frodo.Frodo.A...........[4096,100 Year..] DgFsJkJwMlRfRrVbYr
Galicia.................[Telecom........] JkMhRtSc
Ginger..................[Gingerbread....] JkRrSc
GoldBug.................[...............] DgJkIwMh
Green_Caterpillar.1575..[Find,1591,1575.] DgFsGjGpIwJkJwLsRfRrRtScVbWs
Hafenstrasse.*..........[Hafen..........] JkVb
Helloween.1376.A........[1376...........] DgIwJkJwRfRrScWsYr
Hi.460..................[Hi.............] JkMsYr
Hidenowt................[...............] DgIwJkRhSc
HLLC.Even_Beeper.B......[...............] DgJwMsWs
HLLO.Novademo.*.........[...............] FsMs
Ibex....................[Seven_Boot.....] JwSc
J&M.....................[Jimi.Jimmy.....] JkJwMsRfVb
Jerusalem.1244..........[1244...........] DgLsSg
Jerusalem.1808.Standard.[1808,Israeli...] AnDgFsGjIwJkJwLsMlPpRfRtScSgWsYr
Jerusalem.Mummy.2_1.A...[PC Mummy.......] AnDgFsRfRt
Jerusalem.Sunday.A......[Sunday.........] AnJkRfRtSg
Jerusalem.Zero_Time.Aus.[Slow...........] DgJkJwRhRrRtWs
Jihuu.686...............[...............] FsMh
Jos.1000................[Jabb...........] GpMs
Joshi.A.................[...............] DgFsGjIwJkJwMlPpRfRrRtScSgVbWsYr
Jumper.A................[French Boot....] DgFsGjJwRtScSgVbWsYr
Jumper.B................[SillyBop.......] DgMhMlMsRhSgVb
Junkie..................[...............] CsFsIwJkJwLsMhMsRhRrRtScVbWsYr
Kampana.A...............[AntiTel,Telecom] DgFsGjIwJkJwMhRhRfRtRvScSgWs
Kaos4...................[...............] AnFsJkMhMsScSg
Keypress.1232.A.........[Turku,Twins....] DgIwJwRfRrRtSgWsYr
Leandro.................[...............] GpJkJwMhRtSc
Lemming.................[...............] RrSc
Liberty.2857.A..........[Mystic,Magic...] FsIwJwRhRfRtWsYr
Little_Brother.307......[...............] FsJk
Little_Red..............[Red Book.......] AnGjJkJwRhRtSc
MacGyver.2803...........[Shoo...........] AnJk
Maltese Amoeba..........[Grain of Sand..] AnDgFsIwJkJwMlMsPpRtSgWsYr
Mange_Tout.1099.........[1099...........] DgJkMhMlMsRfSc
Markt.1533..............[Werbe..........] DgJk
MIREA.1788..............[Lyceum,Lycee...] EkJk
Mongolian_Boot..........[Mongol.........] JwSc
Music_Bug...............[...............] FsGjJkPpWs
Necros..................[Gnose,Irish3...] DgJk
Neuroquila..............[Havoc..........] DgIwJkWs
NJH2LBC.A...............[Korea Boot.....] DgJkYr
No_Frills.Dudley........[Oi Dudley......] DgJkRrRt
No_Frills.No_Frills.843.[...............] JkRrSc
Nomenklatura.A..........[Nomen..........] DgJkJw
November_17th.768.A.....[...............] LsMs
November_17th.800.A.....[Jan1,800.......] LsSc
November_17th.855.A.....[V855...........] DgFsJkJwLsRtSc
NPox.963.A..............[Evil Genius....] FsSc
NYB.....................[B1.............] AnDgEkFsGjJkJwLsMhMlMsRfRtScSgVb
(NYB continued) WsYr
One_Half................[Dis,Free Love..] CsDgEkGpIwJkJwLsMhMsRtScSgVbWs
Ontario.1024............[SBC,1024.......] JkJwRr
Parity_Boot.B...........[Generic 1......] AnCsDgFsGjGpIwJkJwMhMlRhRfRtRv
(Parity_Boot.B continued) ScSgVb
Pathogen:SMEG.0_1.......[...............] DgIwJkWs
Peter...................[Peter II.......] JwRhJkRf
Ping_Pong.B.............[Italian........] DgGpIwJkJwLsWsYr
Predator.2448...........[2448...........] FsMlSc
Print_Screen_Boot.A.....[India,PrnSn....] DgJwScYr
QRry....................[Query,Essex....] JkJwSc
Queeg:SMEG.0_1..........[...............] DgJk
Quox....................[Stealth 2......] FsJkJwRhRtSc
Riihi...................[...............] FsMh
Ripper..................[Jack Ripper....] AnCsDgFsGjJkJwMhMlMsRhRfRtScSgVbWs
Russian_Flag............[...............] AnDgSc
Sampo...................[Turbo..........] DgFsGjIwJkJwMhMlRhRfRtScSgVbWs
Sat_Bug.Natas...........[Satan..........] DgFsJkJwMhMlMsRtRvScSgVbWs
Sat_Bug.Sat_Bug.........[Satan Bug......] JkJwYr
Sayha...................[...............] ScYr
Screaming_Fist.II.696...[Fist 2,Scream 2] DgGjJkJwRtScSgWs
Sibylle.................[...............] DgJw
Sleep_Walker............[...............] JkRrSc
Stardot.789.A...........[805............] JwLsSc
Stealth_Boot.B..........[AMSE NopB......] GjIwJkJwPpRhRtScSgVb
Stealth_Boot.C..........[AMSE NopB2.....] GjJkJwRtSgVbYr
Stoned.16.A.............[Brunswick......] DgJwScYr
Stoned.Angelina.........[...............] CsDgIwJkJwMhMlRvScSg
Stoned.Azusa.A..........[Hong Kong......] AnDgFsGjJkJwMlPpRfRrRtScWsYr
Stoned.Bravo............[...............] AnJkMs
Stoned.Bunny.A..........[...............] AnWs
Stoned.Dinamo.*.........[...............] RtScYr
Stoned.Daniela..........[...............] ScSg
Stoned.Empire.Int_10.B..[...............] JkPpRtSgSc
Stoned.Empire.Monkey.A..[Monkey.........] IwJkJwMlRrRtScSg
Stoned.Empire.Monkey.B..[Monkey 2.......] AnDgFsGjIwJkJwMhMlPpRhRfRrRtScSg
(Stoned.Empire.Monkey.B continued VbWs
Stoned.June_4th.A.......[Bloody!,Beijing] DgGjJkMlRfRrScVbWsYr
Stoned.Kiev.............[...............] EkJkRt
Stoned.Lzr..............[Stoned.Whit....] FsGjIwJkJwMhRtScYr
Stoned.Manitoba.........[Stonehenge.....] DgFsJkJwMlRtSc
Stoned.Michelangelo.A...[...............] AnCsDgEkFsGjGpIwJkJwMlPpRhRfRrRt
(Stoned.Michelangelo continued) ScSgVbWsYr
Stoned.No_INT.A.........[Stoned.........] AnDgFsGjIwJkJwMhMlRrRtScSgWsYr
Stoned.NOP..............[NOP............] DgJkWs
Stoned.Standard.A.......[New Zealand....] AnDgEkFsGjGpIwJkJwLsMlPpRfRrRtSc
(Stoned.Standard continued) VbWs
Stoned.Swedish_Disaster.[...............] DgGjMl
Stoned.W-Boot...........[W-Boot.........] JkMsRrScWsYr
SVC.3103.A..............[SVC 5.0........] DgEkRfSc
Swiss_Boot..............[Swiss Army.....] FsJkMhRh
Tai-Pan.438.............[...............] FsIwJkJwMhMlMsRtSgVb
Tai-Pan.666.............[D2D,Doom 2.....] DgEkJkJwMhMlMsPpRtScSgWs
Tequila.A...............[...............] CsDgFsIwJkJwLsRfRtScSgVbWsYr
Three_Tunes.A...........[1784...........] GjJkSc
Trakia.653..............[...............] RrSc
Tremor.A................[...............] AnFsIwJkMlMsRtSgVbWs
Trojector.1463..........[Athens.........] DgFsJkJwSg
Urkel...................[Nwait .........] FsJkScSgVbWs
V-Sign..................[Cansu,Sigalit..] DgFsGjIwJkJwLsMhMlRhRfRrRtScSg
(V-Sign continued) VbWsYr
Vacsina.TP-05.A.........[RCE-1206.......] DgFsGjIwJwRfRtScWs
Vacsina.TP-16.A.........[RCE-1339.......] DgFsJwRh
Vampiro.................[...............] DgWs
Vienna.648.Reboot.A.....[DOS-62.........] DgEkJwSg
Vinchuca................[...............] DgWs
Virogen.Pinworm.........[...............] GjJk
VLamiX..................[Die Lamer......] DgMhMsRt
WelcomB.................[Bupt...........] IwJkJwMhMlRtSc
WXYC....................[...............] GjJkJwMsRhScWs
Yankee Doodle.TP-39.....[RCE-2772.......] DgFs
Yankee Doodle.TP-44.A...[RCE-2885.......] DgEkFsGpIwJkJwLsMhMlRfRtScVb
Yankee Doodle.XPEH.4928.[Micropox.......] FsJkYr
============================================================================
Total for main list: 168
============================================================================
This additional list includes viruses reported by a single participant and
are often either moving onto the main list, or dropping off of it.
N.B: This list also tends to be more of a regional reporting mechanism
(e.g. BackFormat.B is reported as very common in Poland by Marek Sell, yet
no other regions have reported it).
CARO Name of Virus [Alias(es) ] Reported by:
============================================================================
2up.6000................[...............] Ek
Accept.3773.............[...............] Yr
Aircop.Standard.........[...............] Oh
Alphabetic.A............[...............] Mh
Anarchy.2048............[...............] Ek
Anticad.2900............[Plastique.2900.] Jw
Bad_Sectors.A...........[...............] Yr
BackFormat.B............[BackForm.B.....] Ms
Benito..................[...............] Ls
Boot-446................[Pasta..........] Dg
Bosnia:TPE.1_4..........[...............] Ls
Bravo.A.................[...............] An
Cantando................[...............] Mh
Cascade.1701.G..........[1701...........] Vb
Cascade.1704.D..........[1704...........] Fs
Catholic................[...............] Mh
Cholera.*...............[...............] Ms
Corgi...................[...............] Dg
Cybercide.1307..........[...............] Mh
Danish_Tiny.467.........[...............] Fs
Dark_Avenger.2100.SI.A..[V2100..........] Dg
Datalock.828.A..........[...............] Yr
Deliver.................[Digi...........] Ms
Diamond.1024.B..........[...............] Fs
Dir_II.5................[...............] Vb
DOS_Hunter..............[...............] Jw
DR&ET.1710..............[Dret...........] Ms
Emmie.3097..............[...............] Yr
End_of.783..............[...............] Yr
Error_Vir...............[...............] Mh
EXE_Bug.B...............[...............] An
Form.C..................[...............] Ms
Freddy_Soft.............[...............] Fs
Gippo.Epidemic..........[...............] Sc
Gippo.JumpingJack.......[...............] Yr
Ha!.1224................[Info, Zmiana...] Ms
Hi.833..................[Hi.............] Gp
HLLC.EXE_Engine.........[...............] Vb
HLLC.Sauna..............[...............] Fs
HLLP.Vova.12560.........[...............] Ek
Immortal................[...............] Ms
Industrial.1841.........[...............] Dg
ITV.457.................[...............] Oh
Japanese_Xmas.*.........[Xmas in Japan..] Rf
Jerusalem.1808.Blank....[...............] Fs
Jerusalem.1808.Critical.[...............] Jw
Jerusalem.1808.F........[...............] Fs
Jerusalem.AntiScan......[...............] Dg
Jerusalem.Carfield......[...............] Dg
Jerusalem.Fu_Manchu.A...[80 2086........] Dg
Jerusalem.June_13.......[...............] Gp
Jerusalem.Sunday.II.....[Sunday 2.......] Jw
Kaczor.4444.............[Pieck..........] Ms
Keypress.1744...........[...............] Yr
Kysia.1536.*............[Kyokushinkai...] Ms
Kysia.3072..............[Kyokushinkai...] Ms
Lame_Surprize.B.........[Lamsurp.B......] Dg
Magda...................[Magdzie........] Ms
Mannequin.*.............[...............] Gp
Manzon.1445.............[...............] Ms
Mario.745...............[...............] Ms
MISiS...................[Zharinov,NIKA..] Yr
Necropolis.*............[1963...........] Yr
Nice.B..................[...............] Fs
NoWin.2576..............[Zielona........] Ms
Parity_Boot.A...........[...............] Ws
PG_Boot.................[...............] Jw
PCBB.1784...............[...............] Jw
Pro.....................[KMIT...........] Sc
Quit.A..................[555,Dutch......] Dg
Renegade.1176...........[...............] Ek
Reverse.948.............[Red Spider.....] Ms
Rulus...................[...............] Rt
Scroll.1532.............[Kato...........] Ms
She_Has.................[...............] Dg
SillyC.377..............[...............] Yr
SillyCR.351.............[...............] Yr
Stardot.600.............[...............] Ls
Stealth_Boot.Alfredo....[...............] Jw
Stealth_Fighter:RDA_20..[...............] Ek
Stoned.Michelangelo.K...[...............] Yr
Stoned.New_Zealand......[...............] Gj
Storm.1218..............[...............] Yr
Street_Fighter:RDA......[Fighter........] Jw
Swiss_Phoenix...........[...............] Yr
Sword...................[...............] Dg
Teraz.4004..............[Flaga..........] Ms
Tikka...................[...............] Dg
VCL.Genocide.981........[...............] An
Vmem....................[...............] Yr
Voronezh.1600.A.........[RCE-1600.......] Ek
Yeke.1204...............[...............] Ls
_814....................[...............] Gp
============================================================================
Total for both lists: 261
============================================================================
Release Notes for 1 July 1995 version.
This release adds five new participants: Gabriel Pislaru (Romania), Jimmy
Kuo (McAfee, USA), Mikael Larsson (Sweden), Marek Sell (Poland), and Sarah
Gordon (Command, USA). Two participants have been removed because no new
information has been received for the past year: Fernando Bonsembiante
(Argentina) and Shimon Gruper (Israel).
N.B.: The key 'Sg' in this list is Sarah Gordon, not Shimon Gruper.
Note that the Iw (Ian Whaley) report includes data Ian provided for both
Virus Bulletin and Sophos.
The incredible amount of detailed information for specific regions, (i.e.
Marek Sell's report on Poland) had made it necessary for me to list only
those viruses reported as very common if that virus appears only in the
second (single participant) list. This means that a virus that is in the
wild and slightly common in just an isolated region will not be reported
in the WildList. If it is spotted outside that region or becomes very
common within that region, it will be included.
I am continuously seeking WildList participants for regional reporting,
especially in Central and South America, Spain, former Soviet republics,
the Netherlands, China, and Taiwan. Such new participants will need to
be in a position where they can monitor and verify virus incidents. People
who develop av products are best suited. People who represent one or more
av products (agents) and provide localized support may also be qualified
if they actually verify the viruses or forward samples to developers. If
you thus qualify, please send your name, location, organization, product
name, favorite brand of beer, and references (preferably CARO members who
know you). Send the information to [email protected]. Thanks.
============================================================================
The collation of this list is done by Joe Wells, Virus Specialist at IBM's
T.J.Watson Research Center, who is solely responsible for its contents.
The material presented is implicitly copyrighted under various laws, but
may be freely quoted or cited. However, its source and cooperative nature
should be duly referenced. No permission is needed to reprint this list.
The latest WildList is always posted by me directly to the NCSA Security
forum on Compuserve in the Virus Info/Tools library. I also occasionally
hang out there (or in a member room called Computer Viruses on AOL).
============================================================================
WildList Vol 507b - [email protected] - 75511,635 - [email protected]
============================================================================
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7
mQCNAy+wAnYAAAEEAO2alE3YclXZAxkqrSVXkhAuuOsx6NnVfUdKMghYtrBabFuJ
+zKiIsahmjeakA2J101KZOHtKMhb5iqLG0oCbRyuBFLtuMhJrjk+L9VRCoxoDB/4
XwFevOGyxRHYfancrIydlMUooe7TZJqbGhhQEROWYm8v6RvkPFtsMpyD+Lb1AAUR
tCNKb2UgV2VsbHMgPGMxandlbGxzQHdhdHNvbi5pYm0uY29tPg==
=aKXf
-----END PGP PUBLIC KEY BLOCK-----
============================================================================
