Trend Micro News Letter

martymas

By martymas,
in Security Alerts

 Share Followers 0

Recommended Posts

martymas

martymas

Posted
Posted

hi team havent been on the board for some time so im not sure if this has been posted or not

take care out there.

marty

TREND MICRO WEEKLY VIRUS REPORT

(by TrendLabs Global Antivirus and Research Center)

*********************************************************************

------------------------------------------------------------------------

Date: Friday December 3, 2004

------------------------------------------------------------------------

To read an HTML version of this newsletter, go to:

http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates

2. Mass-mailing MUGLY – WORM_MUGLY.A (Low Risk)

3. Top 10 Most Prevalent Global Malware

4. Trend Micro URL Filtering Module - Important Product Update Now

Available

5. Ask Santa for a Handheld Device & Protect it with Trend Micro Mobile

Security

NOTE: Long URLs may break into two lines in some mail readers.

Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates

------------------------------------------------------------------------

PATTERN FILE: 2.279.00

http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VR

SCAN ENGINE: 7.100

http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VS

2. Mass-mailing MUGLY – WORM_MUGLY.A (Low Risk)

------------------------------------------------------------------------

WORM_MUGLY.A is a non-destructive mass-mailing worm that arrives via

email,

as an attachment. This memory-resident worm searches the infected system

for

target email addresses in files with certain extension names. However,

it avoids

sending email messages to email addresses that contain specific strings,

most of

which are related to antivirus and security companies. It runs on

Windows 95,

98, ME, NT, 2000, and XP.

Upon execution, it drops a copy of itself in the Windows system folder as

the

file XXX.TMP. It also drops the following files in the Windows system

folder:

ATTACHED.ZIP - a ZIP-compressed copy of itself

WINIT.EXE - a worm that is detected by Trend Micro as WORM_SDBOT.AFE

UGLYM.JPG - a normal .JPG file

SVKP.SYS - an unpacker component used to register the SVK Protector,

which this

worm uses to unpack one of its dropped files that is compressed by SVKP

ANSMTP.DLL - a standard SMTP (Simple Mail Transfer Protocol) mailing

engine

BSZIP.DLL - a standard archive engine

It creates three registry entries that allow it to automatically execute

at every system startup. In addition, it registers a standard SMTP engine

on the infected

system, which allows it to perform its mass-mailing routine.

This worm looks for target email recipients in files with the following

extensions:

ADB

ASP

DBX

DOC

HTM

HTML

PHP

SHT

TBB

TXT

WAB

However, it avoids sending email messages to addresses that contain any of

the following strings:

.gov

Adaware

Kaspersky

Lavasoft

Mcafee

Symantec

avguk

grisoft

nod32

pandasoftware

sophos

sophos

trendmicro

The email message that it sends out has the following details:

From: <spoofed>

Subject: (any of the following)

• You have an Admirer

• Your Pic On A Website!!

• Rate My Pic.......

• Hhahahah lol!!!!

Message Body: (any of the following)

• Someone has asked us on there behalf to send you this email and tell

you they think you are wonderfull!!! All the The mystery persons

details you need are enclosed in the attachment :) please download and respond

telling us if you would like to make further contact with this person.

Regards Hallmark Admirer Mail Admin.

• I was looking at a website and came across this pic they look just

like you! infact im sure it is lol , did you send this pic into them ? or is

it someonce else :S ? Ive Added the pic in a zip so download it and check

& email me back! · Hi ive sent 5 emails now and nobody will rate my

pic!! :( please download and tell me what you think out of 10 , dont

worry if you dont like it just say i wont be offended p.s i was drunk when it

was taken :P

• i found this on my computer from ages ago download it and see if you

can remember it lol i was lauging like mad when i saw it! :D email me back

haha...

Attachment: (any of the following)

• Pic_001.exe

• Photo_01.pif

• admire_001.exe

• is_this_you.scr

• love_04.scr

• for_you.pif

• Sexy_09.scr

This worms payload displays the dropped image file, UGLYM.JPG.

If you would like to scan your computer for WORM_MUGLY.A or thousands

of

other worms, viruses, Trojans and malicious code, visit HouseCall, Trend

Micro's free, online virus scanner at:

http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VT

WORM_MUGLY.A is detected and cleaned by Trend Micro pattern file

#2.274.01

and above.

For additional information about WORM_MUGLY.A please visit: http://www.trendmicro.com/vinfo/virusencyc...me=WORM_MUGLY.A

3. Top 10 Most Prevalent Global Malware

(from November 26, 2004 to December 2, 2004)

------------------------------------------------------------------------

1. WORM_NETSKY.P

2. HTML_NETSKY.P

3. WORM_SOBER.I

4. JAVA_BYTEVER.A

5. WORM_NETSKY.D

6. TROJ_AGENT.FL

7. WORM_NETSKY.B

8. WORM_NETSKY.C

9. HTML_SUNFRAUD.B

10. WORM_NETSKY.Q

4. Trend Micro URL Filtering Module - Important Product Update Now

Available

------------------------------------------------------------------------

Trend Micro URL Filtering, an optional module integrated with Trend Micro

InterScan Web Security Suite, enables companies to manage employee Internet

use by restricting access to unwanted Web sites.

If you have installed InterScan Web Security Suite with URL Filtering

module, an important product update is now available:

For Windows: InterScan Web Security Suite Patch for Windows v2.0

For Linux: InterScan Web Security Suite Patch for Linux v2.0

For Solaris: InterScan Web Security Suite Patch for Solaris v2.0

PLEASE NOTE: This is a mandatory patch, as all unpatched systems will be

unable to receive URL Filtering updates after December 7, 2004.

You may download the patch by visiting:

http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VU

If you have questions or need assistance, please contact Trend Micro

Technical Support in your area:

http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VW

5. Ask Santa for a Handheld Device & Protect it with Trend Micro Mobile

Security

------------------------------------------------------------------------

If you or someone you know receives a data-centric handheld device for the

holidays, get into the holiday spirit and download free software to help

protect your device from viruses!

Owners of data-centric mobile devices using the Microsoft Windows Mobile

2003 operating system (examples: Motorola MPx200, MPx220, Samsung SCH-i600,

SPV E200 or C500) or the Symbian 7.0/UIQ operating system (Sony Ericsson

P800, P900 & P910, Motorola A920, A925 & A1000, etc) can protect their

devices with Trend Micro Mobile Security - a new product that provides

protection from viruses and SMS spam.

Trend Micro Mobile Security will be available for other devices using the

Symbian 7.0/UIQ operating system (Sony Ericsson P900, P920, etc.) as

well as Microsoft Windows Mobile for PocketPC (Phone Edition) and Microsoft

Windows Mobile 2003 Second Edition in January 2005.

Trend Micro Mobile Security version 1.0 provides free protection for

your data-centric mobile device through June 30, 2005.

Read more about Trend Micro Mobile Security:

www.trendmicro.com/mobilesecurity

Download your free copy of Trend Micro Mobile Security:

http://trendnewsletter.rsc03.net/servlet/c...pgLlQgLlQgFV2VY

********************************************************************************

***

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys

Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_UV_W

To view our permission marketing policy:

http://www.rsvp0.net

Copyright 1989-2004 Trend Micro, Inc. All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA

95014

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing