martymas Posted October 1, 2004 Report Share Posted October 1, 2004 hi team here is a trend micro alert marty(by TrendLabs Global Antivirus and Research Center) *********************************************************************------------------------------------------------------------------------Date: Friday October 1, 2004------------------------------------------------------------------------To read an HTML version of this newsletter, go to: http://www.trendmicro.com/en/security/report/overview.htmIssue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates2. JPEG Hacker Tool – HKTL_JPGDOWN.A (Low Risk)3. Top 10 Most Prevalent Global Malware4. Test your Knowledge - Complete the Virus & Security Crossword PuzzleNOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window.************************************************************************1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------PATTERN FILE: 2.186.00 http://www.trendmicro.com/download/pattern.aspSCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp 2. JPEG Hacker Tool – HKTL_JPGDOWN.A (Low Risk)------------------------------------------------------------------------HKTL_JPGDOWN.A is a non-destructive hack tool that creates a JPEG file(detected by Trend Micro as EXPL_JPGDOWN.A), which exploits avulnerability in Windows XP. This buffer overrun vulnerability in the processing ofJPEG image formats may allow a remote user to execute code on an affectedsystem. If a user is logged in with administrator privileges, thisvulnerability allows an attacker to take complete control of affected system, andperform actions such as installing programs, viewing, changing or deletingdata, and creating new accounts with full privileges. This malware iscurrently spreading in–the-wild, infecting computer systems that are runningWindows 95, 98, ME, NT, 2000, and XP. Upon execution, this hack tool displays a dialogue box titled isdisplayed, and the buttons “Make†and “Aboutâ€. The Trojan dropped by thishack tool, attempts to download and execute files from any URL that amalicious user inputs in the dialogue box. This hack tool also drops the file MYPICTURE.JPG in the currentfolder. After execution of this hack tool, the following message is displayed: "The Jpeg Server, has been created with your settings in the currentdirectory."The following strings can be found in the malware body: JPEG Downloader V1.0 With this downloader you can create downloader server with *.jpg extension. Based on Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) Using Generic win32 http download shellcodeBug analized by eEye Digital Security (http://www.eeye.com) Compilied 23/09/04 Copyright 2004 ProGroup Software, Inc. Coded By ATmaCA E-Mail:[email protected] Web:http://www.prohack.netIf you would like to scan your computer for HKTL_JPGDOWN.A or thousandsof other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro'sfree, online virus scanner at: http://housecall.trendmicro.com/HKTL_JPGDOWN.A is detected and cleaned by Trend Micro pattern file2.180.00 and above. For additional information about HKTL_JPGDOWN.A please visit: http://www.trendmicro.com/vinfo/virusencyc...=HKTL_JPGDOWN.A3. Top 10 Most Prevalent Global Malware (from September 24, 2004 to September 30, 2004)------------------------------------------------------------------------1. PE_ZAFI.B 2. WORM_NETSKY.P 3. HTML_NETSKY.P4. WORM_NETSKY.D 5. PE_FUNLOVE.40996. JAVA_BYTEVER.A 7. DEADLINK_NOVIRUS8. PE_NIMDA.A-O9. WORM_NETSKY.C10. WORM_ANIG.A4. Roundup: September Virus Activity & Analysis------------------------------------------------------------------------ The highlights of last month’s virus activity include a noticeableincrease in the generation of bot programs, an increase in the detection ofTrojans, and a comeback of sorts for the MYDOOM and BAGLE worms with thecontinued release of new variants.Read the September roundup of virus activity:http://www.trendmicro.com/en/security/report/0904roundup.htm**Analysis conducted and prepared by TrendLabs***********************************************************************************______________________________________________________________________This message was sent by Trend Micro's Newsletters Editor using ResponsysInteract .To unsubscribe from Trend Micro's Newsletters Editor: http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0To update your subscription preference, or to change your email address:http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_UT_UTo view our permission marketing policy: http://www.rsvp0.netCopyright 1989-2004 Trend Micro, Inc. All rights reservedTrend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA95014 Quote Link to post Share on other sites
Besttechie Posted October 1, 2004 Report Share Posted October 1, 2004 Thanks for the alert Marty.B Quote Link to post Share on other sites
cowsgonemadd3 Posted October 1, 2004 Report Share Posted October 1, 2004 Thanks Quote Link to post Share on other sites
tg1911 Posted October 1, 2004 Report Share Posted October 1, 2004 Thanks for the update, marty. Quote Link to post Share on other sites
JSKY Posted October 2, 2004 Report Share Posted October 2, 2004 Thanks for keeping us all aware of these things. Quote Link to post Share on other sites
sultan_emerr Posted October 2, 2004 Report Share Posted October 2, 2004 Thanks for the update, marty. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.