martymas Posted October 15, 2004 Report Share Posted October 15, 2004 not sure if th9is ahs been posted or not marty1. Trend Micro Updates - Pattern File & Scan Engine Updates2. Frantic FILI – WORM_FILI.A (Low Risk)3. Microsoft Vulnerabilities (High Risk)4. Top 10 Most Prevalent Global Malware 5. Trend Micro PC-cillin Internet Security 2005 Now AvailableNOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window.************************************************************************1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------PATTERN FILE: 2.202.00 http://www.trendmicro.com/download/pattern.aspSCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp 2. Frantic FILI – WORM_FILI.A (Low Risk)------------------------------------------------------------------------WORM_FILI.A is a non-destructive worm that propagates via peer-to-peerapplications by dropping copies of itself in default shared folders. Italso propagates via email and Internet Relay Chat (IRC). It can disable theWindows Task Manager, thereby preventing an infected user from terminatingits process. It also displays the Windows Shut Down menu (the windowthat pops out when CTRL+ALT+DEL keys are pressed) every few seconds to annoythe user. This worm is currently spreading in-the-wild, and infectingsystems running Windows 95, 98, ME, NT, 2000, and XP.Upon execution, this worm drops a copy of itself in the Windows systemfolder as the file PILIF.EXE. It creates a registry entry that allows itautomatically execute at every system startup.This worm drops copies of itself in the following folders found in theProgram Files directory, which are default-shared folders of popularpeer-to-peer (P2P) applications: \BearShare\Shared \BearShare\Shared\ \Edonkey2000\Incoming \Edonkey2000\Incoming\ \Grokster\My Grokster \Grokster\My Grokster\ \icq\shared files\ \Kazaa\My Shared Folder \Kazaa\My Shared Folder\ \KMD\Shared Folder \limewire\Shared \limewire\Shared\ \Morpheus\My Shared Folder \Morpheus\My Shared Folder\ \Shareaza\downloads \WinMX\my shared folder\ Shareaza\downloads It uses any of the following file names for its dropped copy, followed byan .EXE, .SCR, .PIF, .BAT, or .CMD extension: Anti-hacker Utility Cracks mega warez collection Dark Coderz Alliance Easy credit card validation Free porn sites accounts Kasperky AV Universal Key Norton 2004 crack Sex - totally free porn Webmail official hacker Yahoo hacker This worm searches for email addresses on .HTM and .HTML files foundon the affected system. It then sends email messages to these addressesusing MAPI. It sends email with the following details: Message body: (any of the following) Important legal notice! Do not delete this message. Analyse attachement and reply as soon as possible with manifesto details. Thank you! ------------------- Please help us to save the right of freedom of expression! All details will be displayed in small attached file. Good luck andthank you. ------------------- You personal manifesto details are attached. Take good care of them! ------------------- Help us gather online votes for our anti-censore manifesto We need you help now! Attachement will automatically send a vote to our online database once you run it and will be redirected to our webpage! Thank you! ------------------- Its curious, its scandalous... dont be so furious! Life is bitch so dont take it serious. ------------------- Please help us be free! We need the basic right of expression. Enable an online vote for our manifesto with the help of theattachement. Many thanks! ------------------- Music is beeing censored, journalists are afraid, law has not been respected for long time. Why? Because of corruption and lack of rightof expression. Help us! Enable the attachement and our voting systemwill track and record you help. Many thanks! ------------------- Parazitii need your help for the anti-censore campaign! See all details in the attachement. Thank you! ------------------- Its just hip-hop. Nothing else. Enjoy! Oh yeah! one more thing: its a censore-related manifesto ------------------- This is my manifesto. You can stop this individual, but you can't stop us all...after all,we're all alike. ------------------- Attachment: (any one of the following, followed by an .EXE, .SCR,.PIF, .BAT, or .CMD extension) · attachement · details · freedom · Freedom of expression · Goverment issue · JOS CeNzurA · manifesto · Manifesto anti pilif · Manifesto details · Parazitii · pilif · Simple solution · stolen rights · sustain cause This worm drops a modified SCRIPT.INI file in the following folders: C:\mirc\ C:\mirc32\ C:\mirc\32 %Program Files%\mirc\ %Program Files%\mirc32\ This modified IRC script sends a copy of the worm to every user who entersthe same chatroom as the infected user. It displays the followingmessage upon file transfer: DCA are fighting for free speech. Get their manifesto now! It then sends out the following file: Manifesto Anti Censore Pilif.txt.exeThis worm disables the Windows Task Manager to prevent an infected userfrom terminating its process. It also displays the Windows Shut Down menuevery few seconds to annoy the user. If you would like to scan your computer for WORM_FILI.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/WORM_FILI.A is detected and cleaned by Trend Micro pattern file#2.193.14 and above. For additional information about WORM_FILI.A please visit: http://www.trendmicro.com/vinfo/virusencyc...ame=WORM_FILI.A3. Microsoft Vulnerabilities (High Risk)------------------------------------------------------------------------- The following set of ten Microsoft vulnerabilities were published byMicrosoft on October 12, 2004: MS04-029_RPC_RUNTIME_LIBRARY MS04-030_WEBDAV_XML MS04-031_NETDDE MS04-032_MICROSOFT_WINDOWS MS04-033_MICROSOFT_EXCEL MS04-034_COMPRESSED_FOLDERS MS04-035_SMTP MS04-036_NNTP MS04-037_WINDOWS_SHELL MS04-038_INTERNET_EXPLORER A more detailed discussion of each vulnerability is available on the TrendMicro Security Advisories page: http://www.trendmicro.com/en/security/advi...es/overview.htmor by reading Microsoft's Vulnerability Bulletins. Trend Micro advises users to patch their system against thesevulnerabilities, and to refrain from using their system until it has been completelypatched against these vulnerabilities.4. Top 10 Most Prevalent Global Malware (from October 8, 2004 to October 14, 2004)------------------------------------------------------------------------1. WORM_NETSKY.P2. PE_ZAFI.B3. HTML_NETSKY.P4. WORM_NETSKY.D5. JAVA_BYTEVER.A6. WORM_NETSKY.B7. WORM_NETSKY.C8. WORM_ANIG.A9. WORM_NETSKY.Q10. HTML_CITIFRAUD.C5. Trend Micro PC-cillin Internet Security 2005 Now Available------------------------------------------------------------------------ Trend Micro™ PC-cillin™ Internet Security 2005 protects your PC andhome network against all types of viruses, worms, Trojans, and blendedthreats—including network viruses such as MYDOOM and SASSER. It also blockshackers, detects and removes spyware, guards against phishing attacks,filters unwanted content, and minimizes spam. New features include HomeNetwork Control and Wi-Fi Intrusion Detection which extends desktop security toyour home and wireless networks.Key Features:-Comprehensive Virus Security-Enhanced Spyware Detection and Removal-Anti-Phishing –New!-Home Network Control –New!-Wi-Fi Intrusion Detection –New!-Improved Spam Filtering -Personal Firewall Read more about Trend Micro PC-cillin Internet Security 2005:http://www.trendmicro.com/en/products/desk...te/overview.htm***********************************************************************************______________________________________________________________________This message was sent by Trend Micro's Newsletters Editor using ResponsysInteract .To unsubscribe from Trend Micro's Newsletters Editor: http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0To update your subscription preference, or to change your email address:http://trendnewsletter.rsc03.net/servlet/w...kNlyLihkm_UT_UY Quote Link to post Share on other sites
tg1911 Posted October 16, 2004 Report Share Posted October 16, 2004 Thanks for the update, Marty. Quote Link to post Share on other sites
sultan_emerr Posted October 16, 2004 Report Share Posted October 16, 2004 Thanks for the update, Marty. Quote Link to post Share on other sites
martymas Posted October 16, 2004 Author Report Share Posted October 16, 2004 hi team this is a bit of a nasty ive been to the trend micro website and they say to keep an eye on your task manager.thats where it is lodged kazza is one of the instigators so im glad i dont use that program marty Quote Link to post Share on other sites
sultan_emerr Posted October 17, 2004 Report Share Posted October 17, 2004 hi team this is a bit of a nasty ive been to the trend micro website and they say to keep an eye on your task manager.thats where it is lodged kazza is one of the instigators so im glad i dont use that program marty Me too!!! Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.