The WildList

August 1994

 ============================================================================
                   PC Viruses in the Wild - August 1, 1994
 ============================================================================
    This is a cooperative listing of viruses reported as being in the wild
    by 16 virus information professionals. The basis for these reports are
    virus incidents where a sample was received, and positively identified
    by the participant.  Rumors and unverified reports have been excluded.
 
    The list should not be considered a list of "currently common" viruses
    however. No provision is made for commonness. A currency basis for the
    list has been set. Viruses not reported for over a year are removed.
 
    This data indicates only "which" viruses have been found in the wild.
 ============================================================================
    The section below gives the names of participants, along with their
    organization, antivirus product (if any), and geographic location.
  
    Key Participant            Organization      Product        Location  
 ============================================================================
    As  Alan Solomon           S&S Int'l         Toolkit        UK
    Dc  Dave Chess             IBM               IBM AntiVirus  USA       
    Ek  Eugene Kaspersky       KAMI              AVP            Russia
    Fb  Fernando Bonsembiante  Virus Report      None           Argentina 
    Fs  Fridrik Skulason       Frisk Int'l       F-Prot         Iceland
    Gj  Glenn Jordan           Datawatch         VirexPC        USA
    Jw  Joe Wells              Symantec          NAV            USA       
    Pd  Paul Ducklin           CSIR Virus Lab    None           So Africa
    Pp  Padgett Peterson       Hobbyist          DiskSecure     USA
    Rf  Richard Ford           Virus Bulletin    None           UK
    Rh  Richard Head           Jade Corp         Scan Vakzin    Japan     
    Rr  Roger Riordan          CYBEC             VET            Australia
    Sg  Shimon Gruper          EliaShim          ViruSafe       Israel
    Vb  Vesselin Bontchev      U of Hamburg      None           Germany
    Ws  Wolfgang Stiller       Stiller Research  Integ Master   USA
    Yr  Yuval Rakavi           BRM               Untouchable    Israel    
 ============================================================================
   The first chart is based on two or more participants reporting a virus. 
   Therefore, these viruses are probably more geographically scattered.   
  
  CARO Name of Virus        AsDcEkFbFsGjJwPdPpRfRhRrSgVbWsYr  Alias(es)
 ============================================================================
  3-Tunes.A................| . . . . . x x . . . . . . . . . | 1784
  AntiCMOS.................| . x . . . . x . . . . . . . . x |
  AntiEXE..................| . x . . x . x x . . . . . x . x | D3,Newbug
  Barrotes.1310.A..........| x . . . . . x . . . . . . . . . | Barrotos
  Boot-437.................| . . . . . . x . . . . . . . . x |
  Brasil...................| . . . . . . x . x . . . . . . . |
  Butterfly.Butterfly......| . . . . . . x . . . . . . x . x |
  Cascade.1701.A...........| x x . x x . . . . x x . x x . . | 1701
  Cascade.1704.A...........| x x x . x . x . . . . . x x . . | 1704
  Changsha.A...............| . . . . . . . . . . x x . . . . | Centry
  Chinese Fish.............| x . . . x x x . . . . x . x . x | Fish Boot
  CPW.1527.................| . . . . . . x . x . . . . . . . | Mediera,Mierda
  Dark_Avenger.1800.A......| x x . x x x x . . x x x . . x . | Eddie
  Datalock.920.A...........| x x . . . . x . . . . . x . . x | V920
  Dir-II.A.................| x x x x x . x x . x x x x x x x | Creeping Death
  Disk_Killer.1_00.A.......| x . x . . . . . x x . . x . . . | Ogre
  EXE_Bug.A................| x . . . . . x x . x . . x . x . | CMOS Killer
  EXE_Bug.C................| . . . . . . . x . . . . x . x . |
  Fichv.2_1................| x . . . x . . . . . . . x x . . | 905,CHV 2.1
  Filler.A.................| . . . . . x x . . . . . . . . . |
  Flame....................| . . . . . . x . . . . x . x . x | Stoned(3C)
  Flip.2153.A..............| x x . x x . x . . x x . x . . x | Omicron
  Flip.2343................| x . . . x . . . . . . . . . . . | Omicron 2
  Form.A...................| x x . x x x x . x x x . x x x x | Form 18
  Form.D...................| . . . . . . x . . . . . . . . x | Form May
  Freddy_2.................| . . . . x . x . . . . . . . . x |
  Frodo.Frodo.A............| x . . x x . x . . . x x x x . x | 4096,100 Year
  Ginger...................| . . . . . . x . . . . x . . . . | Gingerbread
  Green_Caterpillar.1575.A.| x x . . x x x . . x x x x x x . | Find,1591,1575
  Helloween.1376.A.........| x . . . . . x . . x x x . . x x | 1376
  Hidenowt.................| . . . . . . x . . x . . . . . . |
  Jerusalem.1808.Standard..| x x . x x x x x x x x . x . x x | 1808,Israeli
  Jerusalem.Anticad.4096.B.| x . . . x . . . . . . . x . . . | Invader
  Jerusalem.Mummy.2_1.A....| x . . . x . . x . . x . x . . . | PC Mummy
  Jerusalem.Sunday.A.......| . . . . . . . x . . x . . . . . | Sunday
  Jerusalem.Zerotime.Aus.A.| x x . . . . . . . . . x x . x . | Slow
  Joshi.A..................| x x . . x x x . x x x x x x x x |
  Jumper...................| . . . . . . x . . . . . . x . x | French Boot
  Junkie...................| . . . . . . . . . . . x . x . . |
  Kampana.A................| x x . x x x x . . x x . . . x . | AntiTel,Telecom
  Keypress.1232.A..........| x x . . . . . . . x x x x . x x | Turku,Twins
  Liberty.2857.A...........| . x . . x . x . . x x . . . x x | Mystic,Magic
  Little_Red...............| . . . . . x x . . . . . . . . . |
  Maltese Amoeba...........| x x . . x . . . x x . . x . x x | Grain of Sand
  Music_Bug................| . . . . x x . . x . . . . . x . |
  NJH2LBC.A................| x . . . . . . . . . . . . . . x | Korea Boot
  No_Frills.Dudley.........| x . . . . . . . . . . x . . . . | Oi Dudley
  No_Frills.No_Frills.843..| . . . . . . x . . . . x . . . . |
  Nomenklatura.A...........| x x . . . . . . . . . . . . . . | Nomen
  November_17th.855.A......| x x . . x . x . . . . . . . . . | V855
  NPox.963.A...............| . . . . x . x . . . . . . . . . | Evil Genius
  Ontario.1024.............| . x . . . . . . . . . x x . . . | SBC,1024
  Parity_Boot.B............| x x . . . . x x . x x . . x . . | Generic 1
  Pathogen:SMEG.0_1........| x . . . . . . . . x . . . . . . |
  Ping_Pong.B..............| x x . x . . . . . x . . x . x . | Italian
  Predator.2448............| . . . . x . x . . . . . . . . . | 2448
  Print_Screen_Boot.A......| x x . . . . x . . . . . . . . x | India,PrnSn
  QRry.....................| . x . . . . x . . . . . . . . . | Query,Quarry
  Quox.....................| . x . . x . x . . . . . . . . . | Stealth 2
  Ripper...................| x x . . x . x . . . . . . . . . | Jack Ripper
  Sat_Bug.Sat_Bug..........| . . . . . . x . . . . . . . . x | Satan Bug
  Sayha....................| . . . . . . x . . . . . . . . x |
  Screaming_Fist.II.696....| x x . . . x x . . . . . . . x . | Fist 2,Scream 2
  Sleep_Walker.............| . . . . . . x . . . . x . . . . |
  Stealth_Boot.B...........| . x . . . . x . x x . . . x . . | STB
  Stoned.16.A..............| x x . . . . x . . . . . . . . x | Brunswick
  Stoned.Azusa.A...........| x x . . x . x x x . x x x . x x | Hong Kong
  Stoned.Empire.Monkey.B...| x x . . x x x x x x . x . x x . | Monkey 2
  Stoned.Empire.Monkey.A...| . x . . . . x . . . . x . . . . | Monkey
  Stoned.June_4th.A........| x . . . . x x . . . x x . x x x | Bloody!,Beijing
  Stoned.Lzr...............| . x . . x . x . . . . . . . . x | Stoned.Whit
  Stoned.Manitoba..........| . x . . x . x . . . . . . . . . | Stonehenge
  Stoned.Michelangelo.A....| x x x x x x x x x x x x x x x x |
  Stoned.NoINT.A...........| x x . . x x x x . x . x . . x x | Stoned
  Stoned.Standard.A........| x . x x x x x x x x x x x x x . | New Zealand
  Stoned.Swedish_Dis.Std...| x . . . . x . . . . . . . . . . |
  Stoned.W-Boot............| . . . . . . x . . . . x . . . x | W-Boot
  Stardot.789.A............| . x . . . . x . . . . . . . . . | 805
  SVC.3103.A...............| x . x . . . x . . . x . x . . . | SVC 5.0
  Tequila.A................| x x . . x . x . . x x . x x x x |
  Tremor...................| . . . . x . . . . x . . . x x . |
  Trojector................| . . . . x . x . . . . . . . . . | Athens
  V-Sign...................| x x . . x x x . . x x x x x x x | Cansu,Sigalit
  Vacsina.TP-05.A..........| x x . . x x x . . x x . . . x . | RCE-1206
  Vacsina.TP-16.A..........| x x . . x . . . . . . . . . . . | RCE-1339
  Vienna.648.Reboot.A......| x x x . . . . . . . . . . . . . | DOS-62
  WXYC.....................| . x . . . . x . . . . . . . . . |
  Yankee Doodle.TP-39......| x . . . x . . . . . . . . . . . | RCE-2772
  Yankee Doodle.TP-44.A....| x . x . x . x . . x x . . x . . | RCE-2885
  Yankee Doodle.XPEH.4928..| . . . . x . . . . . . . . . . x | Micropox
 ============================================================================
  Total for first list: 89
 ============================================================================
   The second chart is based on a single participant noting more than one 
   infection site and may signify limited regional virus outbreaks.
  
  CARO Name of Virus         AsDcEkFbFsGjJwPdPpRfRhRrSgVbWsYr Alias(es)
 ============================================================================
  B1.......................| . . . . . . . . . . . . . . . x |
  Badsectors...............| . . . . . . . . . . . . . . . x |
  BootEXE.451..............| . . . . . . . . . x . . . . . . | BFD-451
  Cascade.1701.G...........| . . . . . . . . . . . . . x . . | 1701
  Chill....................| . . . . . . x . . . . . . . . . | Chill Touch
  Coffeeshop:MtE_090.......| . . . . . . . x . . . . . . . . |
  Darth_Vader.3.A..........| . . . . . . . . . . . . . . x . |
  Dark_Avenger.2100.SI.A...| x . . . . . . . . . . . . . . . | V2100
  Datalock.828.............| . . . . . . . . . . . . . . . x |
  Den_Zuko.A...............| x . . . . . . . . . . . . . . . | Den Zuk
  DOS_Hunter...............| . x . . . . . . . . . . . . . . |
  Emmie.3097...............| . . . . . . . . . . . . . . . x |
  EXE_Bug.B................| . . . . . . . x . . . . . . . . |
  EXE_Bug.Hooker...........| . . . . . . . x . . . . . . . . |
  Galicia..................| . . . . . . x . . . . . . . . . | Telecom
  Gippo.Epidemic...........| . . . . . . x . . . . . . . . . |
  Gippo.JumpingJack........| . . . . . . . . . . . . . . . x |
  Hafenstrasse.*...........| . . . . . . . . . . . . . x . . | Hafen
  Hi.460...................| . . . . . . . . . . . . . . . x | Hi
  HLLC.Even_Beeper.B.......| x . . . . . . . . . . . . . . . |
  HLLC.EXE_Engine..........| . . . . . . . . . . . . . x . . |
  Involuntary.A............| . . . . . . x . . . . . . . . . | Invol
  Involuntary.B............| . . . . . . x . . . . . . . . . | Invol.B
  Japanese_Xmas............| . . . . . . . . . . x . . . . . | Xmas in Japan
  Jerusalem.1244...........| x . . . . . . . . . . . . . . . | 1244
  Jerusalem.1808.Critical..| . x . . . . . . . . . . . . . . |
  Jerusalem.Anticad.4096.A.| . . . . . . . . . . . . . x . . | Plastique
  Jerusalem.Carfield.......| x . . . . . . . . . . . . . . . |
  Jerusalem.Fu_Manchu.A....| x . . . . . . . . . . . . . . . | 2080,2086
  Jerusalem.Sunday.II......| . x . . . . . . . . . . . . . . | Sunday 2
  Joshi.B..................| . . . . . . x . . . . . . . . . |
  Keypress.1744............| . . . . . . . . . . . . . . . x |
  Little Brother.307.......| . . . . x . . . . . . . . . . . |
  Lyceum.1788..............| . . x . . . . . . . . . . . . . |
  MISiS....................| . . . . . . . . . . . . . . . x | Zharinov,NIKA
  Necropolis...............| . . . . . . . . . . . . . . . x | 1963
  Necros...................| x . . . . . . . . . . . . . . . | Gnose,Irish3
  November_17th.800.A......| . . . . . . x . . . . . . . . . | Jan1, 800
  Number_of_the_Beast......| . . . x . . . . . . . . . . . . | 512,666
  NYB......................| . . . . . . x . . . . . . . . . | New York
  Parity_Boot.A............| . . . . . . . . . . . . . . x . |
  Peter....................| . x . . . . . . . . . . . . . . | Peter II
  Pro......................| . . . . . . x . . . . . . . . . | KMIT
  Queeg:SMEG.0_1...........| x . . . . . . . . . . . . . . . | 
  Quit.A...................| x . . . . . . . . . . . . . . . | 555,Dutch
  Sat_Bug.Natas............| . . . . . . x . . . . . . . . . | Satan
  Stinkfoot................| . . . . . . . x . . . . . . . . |
  Stoned.Bunny.A...........| . . . . . . . x . . . . . . x . |
  Stoned.Dinamo............| . . . . . . . . . . . . . . . x |
  Stoned.Michelangelo.K....| . . . . . . . . . . . . . . . x |
  Stoned.NOP...............| . . . . . . . . . . . . . . x . | NOP
  Storm.1218...............| . . . . . . . . . . . . . . . x |
  SVC.2936.................| . . . . . . x . . . . . . . . . | 
  SVC.3241.................| . x . . . . . . . . . . . . . . | 
  Stoned.Empire.Int_10.*...| . . . . . . . . x . . . . . . . |
  Swiss_Boot...............| . . . . x . . . . . . . . . . . | Swiss Army
  Swiss_Phoenix............| . . . . . . . . . . . . . . . x |
  Syslock.Syslock.A........| x . . . . . . . . . . . . . . . |
  Vmem.....................| . . . . . . . . . . . . . . . x |
  Voronezh.1600.A..........| . . x . . . . . . . . . . . . . | RCE-1600
 ============================================================================
  Total for both lists: 150
 ============================================================================
   Virus Alerts: Below are reports from participants and others on which
                 viruses are reported and verified in specific areas.
   
   USA - Most frequently reported viruses for May 1992, per Symantec, in
         order of frequency are: Monkey.B, Stoned.Michelangelo, Form,
         Stoned.Standard, V-Sign, Stoned.NoInt, Joshi, Stealth.B.
 
         Chill_Touch was posted on Ziffnet and downloaded by a few dozen
         people. Ziff posted a notice about this and is making an effort
         to reach those who downloaded infected games.
 
         NYB virus was shipped to 3000 locations in the US and Canada.
 
         Form is rumored to have been shipped in preformatted disks (again).
   
         Stealth.B was rumored to have been shipped on some small-capacity
         harddrives. 
       
         AntiCMOS has appeared in several locations.
 
         Sat_Bug.Natas been confirmed at several scattered locations.
 
   Mexico - Sat_Bug.Natas has been confirmed at several sites in Mexico 
 
   Chile - The most commonly reported viruses, per Juan Vignolo, are: 
           CPW.1527, Green_Caterpillar.1575.A, Stoned.Michalengelo.A,
           Stoned.NoINT, CPW.1459, Cascade.1701.A, Vacsina.TP.5.A,
           Ping-Pong.Standard.A, Jerusalem.1808.Standard, Brain.Standard
 
   Argentina - The most common viruses, per Fernando Bonsembiante, are:
           Stoned.Michalangelo, Stoned.Standard, Number_of_the_Beast,
           Jerusalem.1808.Standard, Ping-Pong.Standard, Cascade, Dark
           Avenger.1800, Kampana Boot, Dir-II, Flip, Frodo, Form.
 
   Japan - The most common viruses, per Richard Head, are:
           Yankee Doodle, Cascade, Kampana, Form, AntiCMOS, Michelangelo,
           Kampana.3445, Stoned.Azusa, StarDot.789, Stoned.Standard.
 
   South Africa - EXE_Bug.A is by far the most common, per Paul Ducklin,
                  followed by Stoned.Standard and Stoned.Michelangelo.
 
   United Kingdom - The three most often reported viruses for April, per
                    Richard Ford, were Form (by far number one), with
                    Ripper and Stoned.Standard tied for second. A few
                    cases of SMEG.Pathogen were reported.

   Germany - The DR&ET virus has been confirmed in northern Germany and
             is possibly in Denmark, per Vesselin Bontchev.
 
   Finland - Finnish Sprayer is spreading widely, per Mikko Hipponen.
 
 ============================================================================
   The collation of this material is done by Joe Wells, Virus Specialist at 
   Symantec, Peter Norton Group, who is solely responsible for its contents.
 
   The material presented is implicitly copyrighted under various laws, but
   may be freely quoted or cited. However, its source and cooperative nature
   should be duly referenced. Feel free to distribute this list.
 
   Other antivirus product developers are invited to participate in the list. 
   If you wish to do so, please contact me.
 ============================================================================
  The WILDList by Joe Wells -- [email protected] -- 70750,3457 -- Vol2.08a
 ============================================================================