News Letter

[martymas]

hi team this is a low risk warning .

tho still important

marty

As of February 16, 2005, 05:31 PM (GMT - 08:00, Pacific Standard Time)

TrendLabs has declared a Medium Risk Virus Alert to control the spread of

WORM_MYDOOM.BB.

Trendlabs received numerous infection reports indicating that this malware

is spreading in Singapore and U.S. This worm was previously detected

as WORM_MYDOOM.M.

It has very similar characteristics as with WORM_MYDOOM.M. However,

this new MYDOOM worm comes compressed with MEW compression tool, whereas

WORM_MYDOOM.M is compressed using UPX.

Like earlier MYDOOM variants, this worm spreads via email through SMTP

(Simple Mail Transfer Protocol), gathering target recipients from the Windows

Address Book, the Temporary Internet Files folder, and certain fixed

drives. It uses social engineering techniques by sending out email messages

with a spoofed sender's name and poses as a failure delivery notification.

The email message it sends has varying subjects, message bodies, and

attachment file names.

Apart from simply spreading via email, this worm also carries backdoor

functionalities that leaves the infected machine vulnerable to remote

access. It drops a backdoor component named SERVICES.EXE in the Windows folder,

which opens TCP port 1034 and waits for outside connections. This

routine virtually hands over control of the affected machine to a remote

attacker.

TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 149

Official Pattern Release 2.416.00

Damage Cleanup Template 520

For more information on WORM_MYDOOM.BB, you can visit our Web site at:

http://www.trendmicro.com/vinfo/virusencyc...=WORM_MYDOOM.BB

You can modify subscription settings for Trend Micro newsletters at:

http://www.trendmicro.com/subscriptions/default.asp

----------------------------------------------o0o----

IMPORTANT NOTE!

TrendLabs will also be releasing a 3-digit pattern file 989 that

corresponds with the pattern indicated in this email. This 3-digit pattern is a

special release for users running non-NPF compliant products (i.e., old

3-digit pattern format) and is designed to provide protection against the

most current malware threats. Users running non-NPF compliant products are

still urged to apply the NPF solution <http://www.trendmicro.com/en/support/npf/overview.htm>. These users may also upgrade to the latest

product version. Only NPF-compliant products will be able to update with

regular pattern releases.

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys

Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...vyf_f5.2evvf_88

To view our permission marketing policy:

http://www.rsvp0.net

Copyright 1989-2004 Trend Micro, Inc. All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA

95014

[thesidekickcat]

Thanks Marty,

Your news items from Trend (Micro) labs are so useful to let us know the latest attempts to do us damage.

My Norton had an antivirus update last night, second big one for day, that covered this new threat. They rate it on scale of 1-5 as a 3. They call it MyDoom AX, Click on it for more info including a removal tool for it if anyone gets infected with it. But better to get whatever brand of antivirus you have updated now folks and avoid this and all the other junk that is out to get us.

Symantec Security Response

God bless everyone.

[bar5]

Thanks Marty.

I have Pc-cillin 2005, and it has updated 3 times today.They update almost every day. This is my first experience with Trend Micro, and so far am really impressed.

Take care

Barb

[martymas]

hi barb ive used it for several years .

do you have the alert button on your tool button .

unfortunately it dosent intercept viruses in or out but if you get one it is one of the few

scanners that cleans without having to use safe mode.

it dosent take up any space until you use it.

some thing i notice it detected a potential highjack on my address bar.

which i removed with microsoft anti spyware.

can remember it doing that in the past.

marty