martymas Posted September 25, 2004 Report Share Posted September 25, 2004 HI TEAM JUST GOT THIS FROM TREND MICRO martyTREND MICRO WEEKLY VIRUS REPORT(by TrendLabs Global Antivirus and Research Center) *********************************************************************------------------------------------------------------------------------Date: Friday September 24, 2004------------------------------------------------------------------------To read an HTML version of this newsletter, go to: http://www.trendmicro.com/en/security/report/overview.htmIssue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates2. Mixing It Up – WORM_MEXER.E (Low Risk)3. Top 10 Most Prevalent Global Malware4. Test your Knowledge - Complete the Virus & Security Crossword PuzzleNOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window.************************************************************************1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------PATTERN FILE: 2.178.00 http://www.trendmicro.com/download/pattern.aspSCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp 2. Mixing It Up – WORM_MEXER.E (Low Risk)------------------------------------------------------------------------WORM_MEXER.E is a memory-resident worm that propagates via peer-to-peer(P2P) file-sharing networks, particularly Kazaa and Imesh, and by mailingcopies of itself via Simple Mail Transfer Protocol (SMTP). This wormcreates a folder and drops several copies of itself into this folder, usingfilenames that pertain to software, moviews, or games. It gathers emailaddresses from the infected system by scanning certain files for email addressesit can send to. WORM_MEXER.E is currently spreading in-the-wild andinfecting systems running Windows 95, 98, ME, NT, 2000, and XP.Upon execution, this memory-resident worm displays a message box. Itthen adds a registry entry that allows it to automatically execute at everysystem startup. To propagate via peer-to-peer file-sharing networks -specifically Kazaa and Imesh - the worm creates three more registry entries.This worm then creates a folder, named sysnet, in the root folder anddrops 42 files in it. It also drops another set of randomly named files inthis same folder. The filenames are formed using a combination of 70different naming strings comprised of the titles or names of popular software,movies, and games. These filenames are meant to entice P2P network users todownload and execute them. Read the Technical Details section of theVirus Description on Trend Micro's Web site for the full list of namingstrings: http://www.trendmicro.com/vinfo/virusencyc...MEXER.E&VSect=TThis worm also searches for the following files: C:\*.DBX C:\*.DOC C:\*.HTM C:\*.RTF C:\*.SHT C:\*.TXT C:\*.WAB If found, the worm scans these files for email addresses and sends emailto these addresses. It skips email addresses with the following strings: admi host kasp micr newv root supp viru webm It sends email via Simple Mail Transfer Protocol (SMTP) with any of thefollowing details: Subject: EBAY InformationMessage body: EBAY Installer...Attachment: <files from the sysnet folder> Subject: VISA InformationMessage body: Security Tool...Attachment: <files from the sysnet folder> Subject: Provider InformationMessage body: New account data...Attachment: <files from the sysnet folder> Subject: Your Crack1Message body: Here is your crack!Attachment: <files from the sysnet folder> Subject: Internet InformationMessage body: New account data...Attachment: <files from the sysnet folder>If you would like to scan your computer for WORM_MEXER.E or thousands ofother worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro'sfree, online virus scanner at: http://housecall.trendmicro.com/WORM_MEXER.E is detected and cleaned by Trend Micro pattern file2.178.00 and above. For additional information about WORM_MEXER.E please visit: http://www.trendmicro.com/vinfo/virusencyc...me=WORM_MEXER.E3. Top 10 Most Prevalent Global Malware (from September 17, 2004 to September 23, 2004)------------------------------------------------------------------------1. WORM_NETSKY.P2. PE_ZAFI.B 3. HTML_NETSKY.P4. PE_FUNLOVE.40995. HTML_BAGLE.AI6. WORM_NETSKY.D7. JAVA_BYTEVER.A8. DEADLINK9. TROJ_AGENT.EG10. WORM_NETSKY.C4. Test your Knowledge - Complete the Virus & Security Crossword Puzzle------------------------------------------------------------------------ So, you think you know about computer viruses? Test your virus andsecurity knowledge with our crossword puzzle:http://www.trendmicro.com/en/security/report/puzzle.htmCurious about how well you did? You can view and download the answers tothe crossword puzzle here:http://www.trendmicro.com/en/security/report/answer-key.htm***********************************************************************************______________________________________________________________________This message was sent by Trend Micro's Newsletters Editor using ResponsysInteract .To unsubscribe from Trend Micro's Newsletters Editor: http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0To update your subscription preference, or to change your email address:http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_C_VXTo view our permission marketing policy: http://www.rsvp0.netCopyright 1989-2004 Trend Micro, Inc. All rights reservedTrend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA95014 Quote Link to post Share on other sites
Besttechie Posted September 25, 2004 Report Share Posted September 25, 2004 Thanks for the alert Marty.B Quote Link to post Share on other sites
robroy Posted September 25, 2004 Report Share Posted September 25, 2004 Just found it in my inboxthanksJD Quote Link to post Share on other sites
sultan_emerr Posted September 29, 2004 Report Share Posted September 29, 2004 Thanks for the alert Marty. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.