From the latest Trend Antivirus reeport:
*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: May 31, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.antivirus.com/trendsetter/virus_report/
Issue Preview:
1. Trend Micro Updates - Pattern File and Scan Engine Updates
2. Many Variants of ENEMANY - WORM_ENEMANY.A, .B, and .C (Low Risk)
3. KLEZ Breaks the 1 Million Mark - WORM_KLEZ.H (Low Risk)
4. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
5. Trend Micro PC-cillin 2002 Now Available
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please cut and paste the URL in your browser.
************************************************************************
1. Trend Micro Updates - Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 291 http://www.antivirus.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.antivirus.com/download/engines/
2. Many Variants of ENEMANY - WORM_ENEMANY.A, .B, and .C (Low Risk)
------------------------------------------------------------------------
There are several low-risk variants of WORM_ENEMANY.A that Trend Micro
is closely monitoring.
WORM_ENEMANY.A is a non-destructive, non-memory resident mass-mailing
worm that sends copies of itself via email to all contacts listed in an
infected user's Microsoft Outlook address book using Outlook's MAPI
functions.
It places recipient names in the BCC: field, so that the email
addresses are not visible. After sending copies of itself, it deletes the
emails from the Sent Items folder. It sends email messages with the
following:
SUBJECT: The New Xerox Update for our WinXP
MESSAGE BODY: Dear,
Microsoft WinXP User, here are the last Update from Xerox Security
System, please install this file and going to www.microsoft.com and
finished this Update too.
ATTACHMENT: Xerox-Update.Exe(8.72KB)
WORM_ENEMANY.B is a non-destructive mass-mailing worm that propagates
via Messaging Application Programming Interface (MAPI), and sends itself
to all addresses listed in an infected user's Microsoft Outlook address
book. It sends email messages with the following:
SUBJECT: Edonkey Update
MESSAGE BODY: Hello Edonkey User, this is the Update tool, to fix our
Edonkey Client to 35.16.61
ATTACHMENT: Esel_Update.Exe
WORM_ENEMANY.C is a non-destructive, non-memory resident mass-mailing
worm that sends copies of itself via email to all contacts listed in an
infected user's Microsoft Outlook address book using Outlook's MAPI
functions.
It places recipient names in the BCC: field, so that the email
addresses are not visible. After sending copies of itself, it deletes the
emails from the Sent Items folder. It sends email messages with the
following:
SUBJECT: Alle gegen den TEuro
MESSAGE BODY: Sieh Dir mal Die Tabelle an,
mit den neusten Information uber den teuren T-Euro
ATTACHMENT: teuro.Exe(7.18KB)
If you would like to scan your computer for any of the variants of
WORM_ENEMANY or thousands of other worms, viruses, Trojans and malicious
code, visit HouseCall, Trend Micro's free online virus scanner at:
http://housecall.antivirus.com/
The variants of WORM_ENEMANY are detected and cleaned by Trend Micro
pattern file #292 and above.
For additional information about the variants of WORM_ENEMANY, please
visit: http://www.antivirus.com/vinfo/
3. KLEZ Breaks the 1 Million Mark - WORM_KLEZ.H (Low Risk)
------------------------------------------------------------------------
WORM_KLEZ.H, the memory-resident variant of the WORM_KLEZ.A
mass-mailing worm has recently surpassed the one million mark. At the time of this
writing, approximately 1,059,967 computers worldwide have been infected
with WORM_KLEZ.H. Europe, Asia, and North America have been hardest
hit. You may view Trend Micro's Risk Statistics for WORM_KLEZ.H at
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H&VSect=S&Period=All
This destructive, memory-resident mass-mailing worm uses SMTP to
propagate via email. The subject line of the email it arrives with is
randomly selected from a long list of possible choices. This worm can change
or spoof the original email address in the FROM: field. It obtains email
addresses (that it places in the FROM: field) from the infected user's
address book. This causes a non-infected user to appear as the person
who has sent this worm's malicious email, and hides the real address of
the sender of the infected email.
Upon execution, this worm decodes its data in memory. It then copies
itself to a WINK*.EXE file in the Windows System directory. The copy has
a hidden attribute and the * is a random number of random characters.
It also infects .EXE files.
The worm drops a randomly named file in the ProgramFilesDir (usually
C:\Program Files). Approximately 10KB in size, this program can infect
files in network-shared folders and disable system file protection. Trend
Micro detects this program as PE_ELKERN.D.
The worm also disables the running processes, and occasionally deletes
the executable files, of programs associated with several popular
antivirus products.
On Windows 98/95 systems, the worm registers itself as a service
process to hide itself from the taskbar. On Windows 2000 systems, the worm
creates a system service and registers it as a service control
dispatcher. This worm does not execute its payload on systems running Windows NT
4.0 and earlier versions, although infection of machines with this
operating system is possible if the machine has shared folders. The dropped
virus, PE_ELKERN.D, infects files in shared drives. When this happens,
a full infection of the system may result, since PE_ELKERN.D executes
on any Windows platform.
WORM_KLEZ.H is detected and cleaned by Trend Micro pattern file #265
and above.
For additional information about WORM_KLEZ.H, please visit Trend Micro
at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H
4. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: May 20, 2002 to May 26, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_EXCEPTION.GEN
3. WORM_KLEZ.E
4. WORM_YAHA.B
5. WORM_BENJAMIN.A
6. WORM_MYLIFE.J
7. VBS_LOVELETTR.AS
8. PE_MAGISTR.B
9. PE_MAGISTR.DAM
10. PE_NIMDA.E
5. Trend Micro PC-cillin 2002 - Antivirus, Anti-Hacker, & PDA Virus
Protection
------------------------------------------------------------------------
Trend Micro is pleased to announce the release of PC-cillin 2002.
PC-cillin 2002 provides award-winning protection against macro viruses,
Trojans,
and other malicious threats. An integrated personal firewall helps
secure
desktop computers against illegal access, ping attacks, and even port
scanning
for Internet-era protection. This complete antivirus strategy also
includes
security for Palm, Pocket PC, and EPOC devices.
BUY NOW: $39.95
http://www.trendmicro.com/pcc2002_wvr
If you already own PC-cillin, you may purchase an upgrade to PC-cillin
2002 for
just $19.95 at:
http://www.antivirus.com/pc-cillin/products/upgrade.htm
This pricing applies to customers in the U.S. and Canada only.
************************************************************************
No comments:
Post a Comment