Another Alert


Recommended Posts

hi team here is another alert from

trend micro

body,th,td,p,div,span,a,input,select,textarea,form,ul,dl,li,ul{font-family:verdana,helvetica,sans-serif}

.small-text{font-size:10px;}

div.vertical2{font-size:2px;}

div.vertical3{font-size:3px;}

div.vertical4{font-size:4px;}

div.vertical6{font-size:6px;}

div.vertical8{font-size:8px;}

div.vertical12{font-size:12px;}

div.vertical20{font-size:20px;}

div.carat-li {padding-left:12;text-indent:-12;}

span.redemailsectionheader{color:FF0000;font-weight:bold;font-size:13px;}

span.blackemailsectionheader{color:000000;font-weight:bold;font-size:13px;}

span.content{color:000000;font-size:11px;}

a:link {color:000000; text-decoration:underline;}

a:hover {color:FF0000; text-decoration:underline;}

a:active {color:FF0000; text-decoration:underline;}

a:visited {color:000000; text-decoration:underline;}

//-->

</style>

</head>

<body bgcolor="FFFFFF">

<table width="100%" cellpadding="0" cellspacing="0"

border="0">

<tr>

<td width="90"><a href="http://www.trendmicro.com"><img

src="http://www.trendmicro.com/global/common/images/email/logo.gif" width="90" height="29" alt="Trend Micro"

border="0"></a></td>

<td width="100%" align="right"><span

class="content"><img src="http://www.trendmicro.com/global/common/images/icon-arrow.gif" alt="" width="5" height="6" border="0"

align="middle"><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="4" height="1" alt="Trend

Micro" border="0" align="middle"><a href="http://www.trendmicro.com/">Visit Trend Micro.com</a></span></td>

<td width="90"><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="45" height="8"

alt="Trend Micro" border="0"></td>

</tr>

</table>

<div class="vertical12"> </div>

<table width="100%" border="0" cellspacing="0"

cellpadding="0" bgcolor="000000"><tr><td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1"

height="1" alt="" border="0"></td></tr></table>

<div class="vertical12"> </div>

<span class="blackemailsectionheader">Trend Micro Weekly Virus

Report</span><br />

<span class="content">(by TrendLabs Global Antivirus and Research

Center)</span><br />

<div class="vertical12"> </div>

<table width="100%" border="0" cellspacing="0"

cellpadding="0" bgcolor="000000"><tr><td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1"

height="1" alt="" border="0"></td></tr></table>

<div class="vertical12"> </div>

<table width="100%" border="0" cellspacing="0"

cellpadding="0" background="http://www.trendmicro.com/global/common/images/bg-dotted-h.gif"><tr><td><img'>http://www.trendmicro.com/global/common/images/bg-dotted-h.gif"><tr><td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1" height="1"

alt="" border="0"></td></tr></table>

<span class="content"> <br>

<span class="content">Date: </span> Friday February 25, 2005 <br>

<table width="100%" border="0" cellspacing="0"

cellpadding="0" background="http://www.trendmicro.com/global/common/images/bg-dotted-h.gif">

<tr>

<td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1" height="1" alt=""

border="0"></td>

</tr>

</table>

<br>

<span class="content"> <b>Issue Preview:</b> <br>

<br>

<b>1. Trend Micro Updates - </b>Pattern File & Scan Engine Updates<br>

<b>2. Larissa Loves You – </b>WORM_ASSIRAL.A (Low Risk)<br />

<b>3. Top 10 Most Prevalent Global Malware</b><br />

<b>4. </b></span><b>Watch PC-cillin in Action - Defending Against Hackers,

Spyware, Phishing & Spam</b><br>

<br>

<table width="100%" border="0" cellspacing="0"

cellpadding="0" bgcolor="000000">

<tr>

<td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1" height="1" alt=""

border="0"></td>

</tr>

</table>

<br>

<br>

<span class="redemailsectionheader">1. Trend Micro

Updates</span><span class="blackemailsectionheader">

- Pattern File and Scan Engine Updates </span> <br>

<br>

PATTERN

FILE: <a href="http://www.trendmicro.com/download/pattern.asp">2.446.00</a> <br />

SCAN ENGINE: <a href="http://www.trendmicro.com/download/engine.asp">7.510</a>  <br>

<br>

<table width="100%" border="0" cellspacing="0"

cellpadding="0" bgcolor="000000">

<tr>

<td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1" height="1" alt=""

border="0"></td>

</tr>

</table>

<br>

<span class="redemailsectionheader">2. </span></span>

<span class="redemailsectionheader">Larissa Loves You</span><span

class="blackemailsectionheader">

<span class="content">- </span>WORM_ASSIRAL.A </span><span

class="blackemailsectionheader"><span

class="content"> </span>(Low</span>

<span class="content"> <span class="blackemailsectionheader">

Risk) </span>

<span>

<p><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FASSIRAL%2EA&VSect=P">WORM_ASSIRAL.A</a>

is a memory-resident worm that arrives as an email attachment. It

propagates by

sending copies of itself via email to addresses found in Microsoft

Outlook, and

by dropping a copy of itself in the root folder of all network and fixed

drives

connected to affected machines. It is currently spreading in-the-wild, and

infecting computers running Windows 98, ME, NT, 2000, and XP.</p>

<p>Upon execution, it drops the following files in the following

locations:</p>

<ul>

<li>%System%\MS_LARISSA.EXE

<li>%Windows%\SPOOLMGR.EXE

<li>%Windows%\LOVE_LETTER.TXT.EXE

<li>C:\Windows\WINVBS_32.VBS (the worm's mass-mailing component)

<li>C:\Windows\system32\REG_32.VBS (the worm's payload component)

<li>C:\LARISSA_ANTI_BROPIA.HTML (non-malicious file)

<li>C:\MESSAGE.TXT (non-malicious file)</li>

</ul>

<p>The file LARISSA_ANTI_BROPIA.HTML displays text on affected machines'

Internet browsers. The file MESSAGE.TXT contains the following

strings:</p>

<p>Greetz from LARISSA.B!<br>

I will survive, In this moment in time.<br>

You computer will crash,<br>

So, you will be mine.<br>

I never crash,<br>

I never fail.<br>

So, in this moment in time,<br>

I will survive...<br>

- LARISSA AUTHOR - 5-15-05</p>

<p>The worm's component file, WINVBS_32.VBS, is used to propagate the

email. It

sends copies of itself to addresses in Microsoft Outlook, with the following

details:</p>

<p><strong>Subject:</strong> Re: LOV YA !<br>

<strong>Message Body:</strong> Kindly read and reply to my LOVE LETTER in

the

attachments :-)<br>

<strong>Attachment:</strong> LOVE_LETTER.TXT.exe</p>

<p>This worm may also propagate through the network by dropping a copy of

itself

in the root folder of all network and fixed drives connected to affected

machines. Certain processes that are associated with antivirus and

monitoring

applications are terminated by the worm, as well as certain processes

associated

with variants of WORM_BROPIA. View the list of <a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FASSIRAL%2EA&VSect=T">terminated

processes</a>.</p>

<p>If you would like to scan your computer for WORM_ASSIRAL.A

<span class="content"> or thousands of

other worms, viruses, Trojans and malicious code, visit HouseCall, Trend

Micro's

free, online virus scanner at: <a href="http://housecall.trendmicro.com/">http://housecall.trendmicro.com/</a></p>

<p>WORM_ASSIRAL.A is detected and cleaned by Trend Micro pattern file

#2.427.01

and above.</p>

<span class="content">

<table width="100%" border="0" cellspacing="0"

cellpadding="0" bgcolor="000000">

<tr>

<td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1" height="1" alt=""

border="0"></td>

</tr>

</table><br>

<span class="redemailsectionheader">3. Top 10 Most Prevalent

Global Malware</span> <br>

(from February 18 to February 25, 2005)

<ol>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.P">WORM_NETSKY.P</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_NETSKY.P">HTML_NETSKY.P</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A">JAVA_BYTEVER.A</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.AAB">TROJ_AGENT.AAB</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.D">WORM_NETSKY.D</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.SN">TROJ_SMALL.SN</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=SPYW_GATOR.D">SPYW_GATOR.D</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.B">JAVA_BYTEVER.B</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=SPYW_GATOR.C">SPYW_GATOR.C</a>

<li><a href="http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NETSKY.Q">WORM_NETSKY.Q</a></li>

</ol>

<table width="100%" border="0" cellspacing="0"

cellpadding="0" bgcolor="000000">

<tr>

<td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1" height="1" alt=""

border="0"></td>

</tr>

</table>

</span>

<p>

<span class="redemailsectionheader">4<span

class="content">. </span>

</span>

</span>

<span class="redemailsectionheader"> Watch PC-cillin in Action -

Defending

Against Hackers, Spyware, Phishing & Spam</span></p>

<span>

<span class="content">

<p>Trend Micro PC-cillin Internet Security 2005 delivers comprehensive

protection against all types of viruses, worms, Trojans, and blended

threats--including network viruses. Featuring new Home Network Control

and Wi-Fi

Intrusion Detection, it is the first personal Internet security solution

designed to extend desktop security to your home and wireless

networks.<br>

 <br>

View this multimedia presentation to learn more about PC-cillin and see

how it

helps defend against hackers, spyware, phishing attacks, inappropriate

content,

and spam.</p>

<ul>

<li><a href="http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/demo.htm">View</a>

Demo</li>

</ul>

<table width="100%" border="0" cellspacing="0"

cellpadding="0" bgcolor="000000">

<tr>

<td><img src="http://www.trendmicro.com/global/common/images/spacer.gif" width="1" height="1" alt=""

border="0"></td>

</tr>

</table>

<br>

<br>

<span class="content"> For questions, comments, and suggestions

about the Weekly

Virus Report please contact the Newsletters Editor at <a

href="mailto:[email protected]">[email protected]</a>.

</span>

</body>

</html>

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys

Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_V_VY

To view our permission marketing policy:

http://www.rsvp0.net

Copyright 1989-2004 Trend Micro, Inc. All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA

95014

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...