martymas Posted September 18, 2004 Report Share Posted September 18, 2004 hi team these alerts are comming thick and fast this is the third one this week.it is circulating the south pacific at the moment if you come from down there becareful martyTo read an HTML version of this newsletter, go to: http://www.trendmicro.com/en/security/report/overview.htmIssue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates2. Bad Bot – WORM_SDBOT.VQ (Low Risk)3. Top 10 Most Prevalent Global Malware4. Join Trend Micro's Anti-Spam 1.0 PilotNOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window.************************************************************************1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------PATTERN FILE: 2.174.00 http://www.trendmicro.com/download/pattern.aspSCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp 2. Bad Bot – WORM_SDBOT.VQ (Low Risk)------------------------------------------------------------------------WORM_SDBOT.VQ is a memory-resident worm that spreads via network shares,and exploits specific vulnerabilities to propogate across networks. Italso gathers available lists of names and passwords, and uses this gatheredinformation to locate and list shared folders where it drops a copy ofitself. This worm has backdoor capabilities and attempts to connect to anInternet Relay Chat (IRC) server to allow a remote user to access the infectedsystem and perform malicious commands. WORM_SDBOT.VQ runs on WindowsNT, 2000, and XP.Upon execution, this memory-resident worm drops a copy of itself in theWindows System directory as EXPLORER32.EXE. It adds registry entries toenable this dropped copy to run at every Windows startup. It then createsseveral threads to be used for sniffing, keylogging, and other backdoorcapabilities. It also attempts to send copies of itself to other systems asBLING.EXE. This worm spreads via network shares. It gathers available lists ofnames and passwords, and uses this gathered information to locate and listshared folders where it drops a copy of itself. It then attempts to accesssystems with weak passwords to drop a copy of itself. You may view the listof usernames and passwords in the Technical Details section of this virusdescription at http://www.trendmicro.com/vinfo/virusencyc...DBOT.VQ&VSect=TThis worm takes advantage of the following Windows vulnerabilities: IIS5/WEBDAV Buffer Overflow vulnerability Remote Procedure Call (RPC) Distributed Component Object Model (DCOM)vulnerability Buffer Overflow in SQL Server 2000 Windows LSASS Vulnerability This worm attempts to connect to the Internet Relay Chat (IRC) server,irc.t3musso.net, which allows a remote user to access the infected systemand perform the following commands: Update malware from HTTP and FTP URL Steal CD keys of game applications Execute a file Download from HTTP and FTP URL Open a command shell Open files Display the driver list Get screen capture Capture pictures and video clips Display netinfo Make a bot join a channel Stop and start a thread List all running process Rename a file Generate a random nickname Perform different kinds of ddos attacks Retrieve and clear log files Terminate the bot Disconnect the bot from IRC Send a message to the IRC server Let the bot perform mode change Change BOT ID Display connection type, local IP address and other net information Log in and log out the user Issue ping attack on to a target computer Display the following system information: -CPU speed -Amount of Memory -Windows platform, build version, and product ID -Malware uptime -User name It also checks for the following strings, and then attempts to stealWindows product ID and CD keys for several game applications::.login :,login :!login :@login :$login :%login login :&login :*login :-login :+login :/login :\login :=login :?login :'login login :~login : login :.auth :,auth :!auth :@auth :$auth :%auth :&auth :*auth :-auth :+auth :/auth :\auth :=auth :?auth :'auth :~auth : auth :.hashin :!hashin :$hashin :%hashin :.secure :!secure :.syn :!syn :$syn :%syn paypal PAYPAL paypal.com PAYPAL.COM The remote malicious user can also issue commands to allow the bot to loguser keystrokes.If you would like to scan your computer for WORM_SDBOT.VQ or thousandsof other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro'sfree, online virus scanner at: http://housecall.trendmicro.com/WORM_SDBOT.VQ is detected and cleaned by Trend Micro pattern file2.175.13 and above. For additional information about WORM_SDBOT.VQ please visit: http://www.trendmicro.com/vinfo/virusencyc...e=WORM_SDBOT.VQ3. Top 10 Most Prevalent Global Malware (from September 10, 2004 to September 16, 2004)------------------------------------------------------------------------1. WORM_SASSER.B2. PE_ZAFI.B 3. WORM_NETSKY.P4. HTML_NETSKY.P5. WORM_KORGO.R6. HTML_BAGLE.AI7. PE_FUNLOVE.40998. WORM_NETSKY.D9. JAVA_BYTEVER.A10. WORM_KORGO.V4. Join Trend Micro's Anti-Spam 1.0 Pilot Test------------------------------------------------------------------------ The Trend Micro™ Anti-Spam 1.0 Pilot delivers a free-of-charge toolfor Microsoft Outlook users that provides sophisticated, effective, andeasy-to-use spam filtering capabilities to combat the spam problem prevalenttoday. It offers:Advanced heuristic-rule based spam-filtering technology A spam quarantine folder that holds suspicious messages for review Personal approved and blocked senders lists Integration with Microsoft Outlook (adds anti-spam functions to Outlooktoolbar and creates spam quarantine folder in Outlook) On-demand or automatic updates via Trend Micro’s ActiveUpdate service System Requirements Pentium III 500MHz or faster processor 128MB of memory 20MB disk space for program installation Windows 2000 Professional, plus service packs Windows XP Home or Professional Edition, plus service packs Microsoft Outlook 2000 or higher Complete the application form and download Trend Micro's Anti-Spam 1.0Pilot:http://www.trendmicro.com/form/anti-spam/download.aspNote: Trend Micro Anti-Spam does not support MS Outlook 97, 98 or OutlookExpress. The Trend Micro Anti-Spam 1.0 Pilot is for personal,non-commercial use only and Trend Micro will not provide technical support, howeverif you have any comments or suggestions about the software, please emailthem to [email protected].***********************************************************************************______________________________________________________________________This message was sent by Trend Micro's Newsletters Editor using ResponsysInteract .To unsubscribe from Trend Micro's Newsletters Editor: http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0To update your subscription preference, or to change your email address:http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_C_UATo view our permission marketing policy: http://www.rsvp0.netCopyright 1989-2004 Trend Micro, Inc. All rights reservedTrend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA95014 Quote Link to post Share on other sites
tg1911 Posted September 18, 2004 Report Share Posted September 18, 2004 Thanks for the heads-up, marty. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.