Trend Micro

[martymas]

ssue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates

2. Worms are not Blue - WORM_BLUEWORM.F (Low Risk)

3. Top 10 Most Prevalent Global Malware

4. Share Your Story - PC-cillin Users Unite

NOTE: Long URLs may break into two lines in some mail readers.

Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates

------------------------------------------------------------------------

PATTERN FILE: 2.170.00 http://www.trendmicro.com/download/pattern.asp

SCAN ENGINE: 7.100

http://www.trendmicro.com/download/engine.asp

2. Worms are not Blue - WORM_BLUEWORM.F (Low Risk)

------------------------------------------------------------------------

WORM_BLUEWORM.F is a memory-resident worm that propagates via email. It deletes registry entries and files associated with antivirus programs, and also terminates certain processes associated with various antivirus applications. This worm is currently spreading in-the-wild and infecting systems running Windows 95, 98, ME, NT, 2000 and XP.

Upon execution, it drops a copy of itself in the Windows system folder using 10 different file names. It then creates the folder, %Windows%\VOLUME, where it drops a copy of itself using the same file name as any file found in the Windows folder. This worm also drops another copy of itself as %Program Files%\Internet Explorer\Media Player.exe. Some of the dropped files are compressed using the WinZip application.

In order to send email messages, this worm drops and registers the file OSSMTP.DLL in the Windows system folder. In the same folder, it also drops the following non-malicious files:

about.txt

About_BlackWorm.C.txt

Music09.rm

Special.rm

Vide01.jpg

This worm creates registry entries that allow it to execute at every Windows startup. In addition, it searches the local area network for shared network drives that are write-enabled and drops copies of itself in accessed shares using the file name GOOD MUSIC.SCR.

This worm propagates by sending a copy of itself via email to all addresses listed in the MSN and Yahoo messenger applications. It also obtains target email addresses from files containing the following extension names:

HTM

DBX

The email message that it sends out has the following details:

From:

. <[email protected]>

. <[email protected]>

. <[email protected]>

. <[email protected]>

. <[email protected]>

. <[email protected]>

. <[email protected]>

. <[email protected]>

. <[email protected]>

. <[email protected]>

. Bad Love

. Binnn MT

. Genius

. Lola Ashton

. Ralph

. Sara GL

. spoofed_names

. Sweet Women

. The Moon

. Thomas

Subject/Message body: (any of the following)

. For all Members repit the reactive one time.

. Hello

. Important

. Please reactive now

. Please reactive now.

. Please Read

. reactive now

. Thank you

. Thanks

Attachment: (Refer to the Technical Details section of this virus description, posted on the Trend Micro Web site.)

It then deletes registry entries and files associated with security and antivirus products from Hyper Technologies, Symantec, McAfee, and Trend Micro.

If you would like to scan your computer for WORM_BLUEWORM.F or thousands of other

worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free,

online virus scanner at: http://housecall.trendmicro.com/

WORM_BLUEWORM.F is detected and cleaned by Trend Micro pattern file 2.171.05 and

above.

For additional information about WORM_BLUEWORM.F please visit: http://www.trendmicro.com/vinfo/virusencyc...WORM_BLUEWORM.F

3. Top 10 Most Prevalent Global Malware

(from September 3, 2004 to September 9, 2004)

------------------------------------------------------------------------

1. WORM_SASSER.B

2. WORM_NETSKY.P

3. HTML_NETSKY.P

4. PE_ZAFI.B

5. WORM_SASSER.E

6. WORM_NETSKY.D

7. WORM_KORGO.R

8. JAVA_BYTEVER.A

9. WORM_MYDOOM.M

10. TROJ_AGENT.EG

4. Share Your Story - PC-cillin Users Unite

------------------------------------------------------------------------

If you are a user of PC-cillin Internet Security, we want to hear from you! Tell us how PC-cillin has helped you fight viruses.

Share your story here:

http://www.trendmicro.com/form/pc-cillin/feedback.asp

********************************************************************************

***

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_C_UT

To view our permission marketing policy:

http://www.rsvp0.net

Copyright 1989-2004 Trend Micro, Inc. All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

[tg1911]

Thanks for the info, marty.

[Besttechie]

Thanks for the info Marty.

B