Trend Migro News Letter


Recommended Posts

HI TEAM JUST GOT THIS FROM TREND MICRO

marty

TREND MICRO WEEKLY VIRUS REPORT

(by TrendLabs Global Antivirus and Research Center)

*********************************************************************

------------------------------------------------------------------------

Date: Friday September 24, 2004

------------------------------------------------------------------------

To read an HTML version of this newsletter, go to:

http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates

2. Mixing It Up – WORM_MEXER.E (Low Risk)

3. Top 10 Most Prevalent Global Malware

4. Test your Knowledge - Complete the Virus & Security Crossword Puzzle

NOTE: Long URLs may break into two lines in some mail readers.

Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates

------------------------------------------------------------------------

PATTERN FILE: 2.178.00 http://www.trendmicro.com/download/pattern.asp

SCAN ENGINE: 7.100

http://www.trendmicro.com/download/engine.asp

2. Mixing It Up – WORM_MEXER.E (Low Risk)

------------------------------------------------------------------------

WORM_MEXER.E is a memory-resident worm that propagates via peer-to-peer

(P2P) file-sharing networks, particularly Kazaa and Imesh, and by mailing

copies of itself via Simple Mail Transfer Protocol (SMTP). This worm

creates a folder and drops several copies of itself into this folder, using

filenames that pertain to software, moviews, or games. It gathers email

addresses from the infected system by scanning certain files for email addresses

it can send to. WORM_MEXER.E is currently spreading in-the-wild and

infecting systems running Windows 95, 98, ME, NT, 2000, and XP.

Upon execution, this memory-resident worm displays a message box. It

then adds a registry entry that allows it to automatically execute at every

system startup. To propagate via peer-to-peer file-sharing networks -

specifically Kazaa and Imesh - the worm creates three more registry entries.

This worm then creates a folder, named sysnet, in the root folder and

drops 42 files in it. It also drops another set of randomly named files in

this same folder. The filenames are formed using a combination of 70

different naming strings comprised of the titles or names of popular software,

movies, and games. These filenames are meant to entice P2P network users to

download and execute them. Read the Technical Details section of the

Virus Description on Trend Micro's Web site for the full list of naming

strings: http://www.trendmicro.com/vinfo/virusencyc...MEXER.E&VSect=T

This worm also searches for the following files:

C:\*.DBX

C:\*.DOC

C:\*.HTM

C:\*.RTF

C:\*.SHT

C:\*.TXT

C:\*.WAB

If found, the worm scans these files for email addresses and sends email

to these addresses. It skips email addresses with the following strings:

admi

host

kasp

micr

newv

root

supp

viru

webm

It sends email via Simple Mail Transfer Protocol (SMTP) with any of the

following details:

Subject: EBAY Information

Message body: EBAY Installer...

Attachment: <files from the sysnet folder>

Subject: VISA Information

Message body: Security Tool...

Attachment: <files from the sysnet folder>

Subject: Provider Information

Message body: New account data...

Attachment: <files from the sysnet folder>

Subject: Your Crack1

Message body: Here is your crack!

Attachment: <files from the sysnet folder>

Subject: Internet Information

Message body: New account data...

Attachment: <files from the sysnet folder>

If you would like to scan your computer for WORM_MEXER.E or thousands of

other

worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's

free,

online virus scanner at: http://housecall.trendmicro.com/

WORM_MEXER.E is detected and cleaned by Trend Micro pattern file

2.178.00 and

above.

For additional information about WORM_MEXER.E please visit: http://www.trendmicro.com/vinfo/virusencyc...me=WORM_MEXER.E

3. Top 10 Most Prevalent Global Malware

(from September 17, 2004 to September 23, 2004)

------------------------------------------------------------------------

1. WORM_NETSKY.P

2. PE_ZAFI.B

3. HTML_NETSKY.P

4. PE_FUNLOVE.4099

5. HTML_BAGLE.AI

6. WORM_NETSKY.D

7. JAVA_BYTEVER.A

8. DEADLINK

9. TROJ_AGENT.EG

10. WORM_NETSKY.C

4. Test your Knowledge - Complete the Virus & Security Crossword Puzzle

------------------------------------------------------------------------

So, you think you know about computer viruses? Test your virus and

security knowledge with our crossword puzzle:

http://www.trendmicro.com/en/security/report/puzzle.htm

Curious about how well you did? You can view and download the answers to

the crossword puzzle here:

http://www.trendmicro.com/en/security/report/answer-key.htm

********************************************************************************

***

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys

Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_C_VX

To view our permission marketing policy:

http://www.rsvp0.net

Copyright 1989-2004 Trend Micro, Inc. All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA

95014

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...