Trend Micro

[martymas]

hi team ive been off the board for several days so im not sure if this ahs been posted or not.just to make sure here goes

marty

To read an HTML version of this newsletter, go to:

http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates

2. Bag it Up – WORM_BAGZ.A (Low Risk)

3. Top 10 Most Prevalent Global Malware

4. Test Your Knowledge - Complete the Virus & Security Crossword Puzzle

5. Attend our Webinar - "Protect Your Enterprise from Web-based

Attack"**

NOTE: Long URLs may break into two lines in some mail readers.

Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates

------------------------------------------------------------------------

PATTERN FILE: 2.192.00 http://www.trendmicro.com/download/pattern.asp

SCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp

2. Bag it Up – WORM_BAGZ.A (Low Risk)

------------------------------------------------------------------------

WORM_BAGZ.A is a memory-resident, mass-mailing worm uses SMTP (Simple

Mail

Transfer Protocol) to propagate. It arrives as an attachment to an email

with

a spoofed From field and varying subjects, message bodies, and attachment

file

names. This non-destructive worm also drops multiple components in the

Windows system folder upon execution. It runs on Windows 95, 98, ME, NT,

2000

and XP, and is currently spreading in-the-wild.

Upon execution, this worm drops the following files in the Windows system

folder:

DRIVERS\NDISRD.SYS

DL.EXE – downloads and executes a file from a remote site

IPDB.DLL

JOBDB.DLL

NDISAPI.DLL

NDISRD.SYS

SYSLOGIN.EXE – a mass-mailing component of this worm

TUTORIAL.DOC<numerous space characters>.EXE – a copy of this worm

TUTORIAL.ZIP - a .ZIP archive that contains the file

TUTORIAL.DOC<numerous

space characters>.EXE

It also adds a registry entry that allows it to automatically execute at

every

system startup, and uses Simple Mail Transfer Protocol (SMTP) to send

multiple copies

of itself.

It arrives on a system as an attachment to an email with following

details:

From: <spoofed>

Subject: (any of the following)

[Fwd: Broken link]

big announcements

building maintenance

Cost Inquiry

Deactivation Notice

failure notice

find a solution with this customer

Fwd: Password

Fwd: Your Funds are Eligible for Withdrawal

Knowledge Base Article

last request before refunding

Message recieved, please confirm

My funny stories

Need help pls

No Subject

Open Invoices

Order Approval

progress news

Questions

Re: Help Desk Registration

Re: payment

RE: quote request

RE: Re: A question

Re: User ID Update

referrences

Returned mail: see transcript for details

troubles are back again

units available

Webmail Invite

What is this ????

when should i call you?

WinXP

You have recieved an eCard!

Message body: (any of the following)

***URGENT: SERVICE SHUTDOWN NOTICE***

Due to your failure to comply with our email

Rules and Regulations, your email account has been

temporarily suspended for 24 hours unless we are contacted regarding this

situation. You must read the attached document for further

instructions. Failure

to comply will result in termination of your account.

Regards, Net Operator

***URGENT: SERVICE SHUTDOWN NOTICE***

***ATTENTION: YOUR EMAIL IS NOT BEING DELIVERED!***

You are currently unable to send emails.

This may be a billing issue.

Please call the billing center.

The # for the billing office is located in the attached

contact list for your convenience.

***ATTENTION: YOUR EMAIL IS NOT BEING DELIVERED!***

***YOUR MESSAGE HAS BEEN RECOGNIZED AS SPAM***

Hello

The previous email you sent has been recognized as spam.

This means your email was not delivered to your friend or client.

You must open the attached file to receive more information.

***YOUR MESSAGE HAS BEEN RECOGNIZED AS SPAM***

Hello,

What version of windows you are using?

This last document I received from you came out weird.

Please see the attached word file and resend the file to me.

Many thanks,

User

Hello,

My PC crashed while I was sending that last email.

I have re-attached the document of yours that I discovered.

Please read attached document and respond ASAP.

Sincerely,

User,0

Hello,

Your email was sent in an INVALID format.

To verify this email was sent from you,

simply open the attached email (.eml) file

and click yes in the sender options box.

Thank You,

User

Hello,

Your email was received.

YOUR REPLY IS URGENT!

Please view the attached text file for instructions.

Regards,

User

Hello,

I was in a hurry and I forgot to attach an important

document. Please see attached.

Best Regards,

User

Hello,

I resent this email as attachment because

it was previously blocked by your email filters.

Please read the attachment and respond.

Thanks,User

Hello,

Sorry, I forgot to attach the new contact information.

Please view the attached (.pdf) contact sheet.

Sincerely,

User

Attachment: (any of the following)

ACCOUNT.DOC<numerous space characters>.EXE

ACCOUNT.ZIP

ARCH.DOC<numerous space characters>.EXE

ARCH.ZIP

ARCHIVE.DOC<numerous space characters>.EXE

ARCHIVE.ZIP

ATACH.DOC<numerous space characters>.EXE

ATACH.ZIP

ATT.DOC<numerous space characters>.EXE

ATT.ZIP

CONTACT.DOC<numerous space characters>.EXE

CONTACT.ZIP

DB.DOC<numerous space characters>.EXE

DB.ZIP

DOCUMENTS.DOC<numerous space characters>.EXE

DOCUMENTS.ZIP

FILE.DOC<numerous space characters>.EXE

FILE.ZIP

MAIL.DOC<numerous space characters>.EXE

MAIL.ZIP

MESSAGE.DOC<numerous space characters>.EXE

MESSAGE.ZIP

MESSAGES.DOC<numerous space characters>.EXE

MESSAGES.ZIP

MSG.DOC<numerous space characters>.EXE

MSG.ZIP

READ.DOC<numerous space characters>.EXE

READ.ZIP

README.DOC<numerous space characters>.EXE

README.ZIP

SUPPORT.DOC<numerous space characters>.EXE

SUPPORT.ZIP

WARNING.DOC<numerous space characters>.EXE

WARNING.ZIP

If you would like to scan your computer for WORM_BAGZ.A or thousands of

other worms, viruses, Trojans and malicious code, visit HouseCall, Trend

Micro's free, online virus scanner at: http://housecall.trendmicro.com/

WORM_BAGZ.A is detected and cleaned by Trend Micro pattern file

#2.189.04

and above.

For additional information about WORM_BAGZ.A please visit: http://www.trendmicro.com/vinfo/virusencyc...ame=WORM_BAGZ.A

3. Top 10 Most Prevalent Global Malware

(from October 1, 2004 to October 7, 2004)

------------------------------------------------------------------------

1. WORM_NETSKY.P

2. HTML_NETSKY.P

3. PE_ZAFI.B

4. WORM_NETSKY.D

5. JAVA_BYTEVER.A

6. WORM_NETSKY.C

7. WORM_ANIG.A

8. WORM_NETSKY.DAM

9. WORM_NETSKY.B

10. HTML_CITIFRAUD.C

4. Test Your Knowledge - Complete the Virus & Security Crossword Puzzle

-------------------------------------------------------------------------

So, you think you know about computer viruses? Test your virus and

security

knowledge with our crossword puzzle:

http://www.trendmicro.com/en/security/report/puzzle.htm

Curious about how well you did? You may view and download the answers to

the

crossword puzzle here:

http://www.trendmicro.com/en/security/report/answer-key.htm

5. Attend our Webinar - "Protect Your Enterprise from Web-based

Attack"**

------------------------------------------------------------------------

Trend Micro invites its U.S. and Canadian Enterprise customers to

attend a

free, one-hour webinar on October 14 at 11:00 am PST, entitled “Protect

Your

Enterprise From Web-based Attack: Viruses, Spyware, Phishing, and

Employee

Misuseâ€.

During this informative webinar Jack Marsal, Senior Product Marketing

Manager

for Trend Micro’s Enterprise Messaging, IMSS/SPS, and IWSS products

will

discuss:

*The nature of Internet-based attacks (phishing, spyware and viruses), and

why

they are growing faster than any other type of threat

*The latest innovations being applied by virus writers and other authors

of

malicious code

*How you can efficiently protect your enterprise from Internet-based attacks

Mr. Marsal has more than 16 years of experience in messaging, IT

infrastructure management, and security. His real-world understanding provides a

rich

background of case histories of the success and failure of different

security

strategies over the years.

To register for this informative webinar, please visit: http://trendmicro.webex.com/trendmicro/ons...hp?MK=761736485

**For residents of the U.S. and Canada only.

********************************************************************************

***

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys

Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_UT_B

To view our permission marketing policy:

http://www.rsvp0.net

Copyright 1989-2004 Trend Micro, Inc. All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA

95014

[tg1911]

Thanks for the update, Marty.

[sultan_emerr]

Thanks