martymas Posted November 5, 2004 Report Share Posted November 5, 2004 has any one heard of this one beforeit is a low risk.tho it is worth posting tho it is for linux [red hat] im sure there are linux users here martyTo read an HTML version of this newsletter, go to: http://www.trendmicro.com/en/security/report/overview.htmIssue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates2. Faker – ELF_FAKEPATCH.A (Low Risk)3. Top 10 Most Prevalent Global Malware 4. Webinar: Webinar: Maintaining Productivity During Network VirusAttacks**5. Roundup: October Virus Activity & AnalysisNOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window.************************************************************************1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------PATTERN FILE: 2.238.00 http://www.trendmicro.com/download/pattern.aspSCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp 2. Faker – ELF_FAKEPATCH.A (Low Risk)------------------------------------------------------------------------ELF_FAKEPATCH.A is an executable that runs on Linux. ELF refers toExecutable and Link Format, which is the well-documented and available fileformat for Linux/UNIX executables. It arrives via email, and retrievesnetwork configuration and system information. The information is saved in thefile "mama", and sent to a specific email address.The email it sends is designed to trick users into believing it is alegitimate email sent by the RedHat Security Team, regarding critical securitypatches that must be downloaded. The email includes links to downloadablefiles, and encourages the recipients to click the links to download thepatches.When one of the specific files mentioned in the email is downloaded, thefollowing files are found: Inst.c – source code of this malware Makefile – used to compile inst.c When this Elf executable is already compiled, it produces the shell codethat retrieves information from a machine. The shell code first checkswhether it is executed in the root level. If not, it displays the followingline in a console: This patch must be applied as "root", and you are: %User% (Note:%User% is the currently logged on user.) Afterward, it adds a user named "bash" with a null password andcreates the file "mama" inside the temporary folder. It then obtainsnetwork configuration and system information, and saves it in the file mama.Next, it sends this file to the email address [email protected]. Itthen deletes the file from the system and starts SSHD (Secure ShellServer). Note: A Secure Shell Server provides secure encrypted communicationsbetween untrusted hosts over an untrusted network. It allows users toconnect to a system from another system via TCP/IP, and obtain a shell prompt,from which they can issue commands and view output.If you would like to scan your computer for ELF_FAKEPATCH or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/ELF_FAKEPATCH.A is detected and cleaned by Trend Micro pattern file#2.227.08 and above. For additional information about ELF_FAKEPATCH please visit: http://www.trendmicro.com/vinfo/virusencyc...ELF_FAKEPATCH.A3. Top 10 Most Prevalent Global Malware (from October 29, 2004 to November 4, 2004)------------------------------------------------------------------------1. WORM_NETSKY.P2. HTML_NETSKY.P3. WORM_BAGLE.AT4. WORM_NETSKY.D5. JAVA_BYTEVER.A6. WORM_NETSKY.B7. WORM_BAGLE.AU8. WORM_NETSKY.C9. PE_ZAFI.B10. WORM_NETSKY.Q4. Webinar: Maintaining Productivity During Network Virus Attacks**------------------------------------------------------------------------ Trend Micro invites you to attend a free, one-hour webinar on November 16 at 11:00 am PST entitled “Maintaining Productivity During Network Virus Attacks: A Proactive Strategyâ€. During this informative Webinar Bob Hansmann, Senior Product MarketingManager for Client, Server, and Network Security Products at Trend Micro, willdiscuss:*The nature of Network Viruses/Worms and the relative threat they pose toyour network, where they come from and what form they are likely to take next*Why Network Viruses like Nimda, Code_Red, MS_Blaster, SQL_Slammer andSasser are different from traditional viruses, and where traditional approachesfail*An effective protection strategy with both proactive and reactive components - one that addresses the specific nature of the Network Virusyet integrates smoothly with an overall protection strategyHansmann’s background in the security and disaster recovery industriesspans two decades of work with business and government sectors. Hisextensive involvement in planning for threat avoidance, risk mitigation, as wellas disaster recovery give a solid, real-world background to the securityinformation he offers attendees. To register for this informative webinar, please visit:http://trendmicro.webex.com/trendmicro/ons...&Rnd=1338687839**Open to residents of the U.S. & Canada5. Roundup: October Virus Activity & Analysis------------------------------------------------------------------------ The month of October was relatively quiet for virus outbreaks, marking oneof the longest outbreak-free periods of the year. Don't get toocomfortable though: 1,817 new malware programs were discovered, which is 22% morethan September.Read the October roundup of virus activity here:http://www.trendmicro.com/en/security/report/1004roundup.htm**Analysis conducted and prepared by TrendLabs***********************************************************************************______________________________________________________________________This message was sent by Trend Micro's Newsletters Editor using ResponsysInteract .To unsubscribe from Trend Micro's Newsletters Editor: http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0To update your subscription preference, or to change your email address:http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_UU_YTo view our permission marketing policy: http://www.rsvp0.netCopyright 1989-2004 Trend Micro, Inc. All rights reservedTrend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA95014 Quote Link to post Share on other sites
hitest Posted November 6, 2004 Report Share Posted November 6, 2004 Eep......thanks for the tip. I thought I was safe running Linux. Quote Link to post Share on other sites
martymas Posted November 6, 2004 Author Report Share Posted November 6, 2004 do you get the linux news letter.a friend says he gets the news letter and there is a narticle in it .on linux viruses.i have the mandrake 9.1 disks but haven loaded them yet.i dont know how to use a dual sys.and i need to know how do to make a dual boot ive been watching the linux forum.what i ntend to do is load mandrake on to a stand alone sys. i have a spare p2but it only has a 4.5 hdd and im sure that isnt enough.gegsback to linux and virus.im sure i read where as linux gets more public support the more it will be a target for the virus writers marty Quote Link to post Share on other sites
sultan_emerr Posted November 9, 2004 Report Share Posted November 9, 2004 Thanks Marty. Also see: = TrendMicro = Official Pattern Release 2.240.00 = As of Nov 08, 2004, the latest pattern file number is 2.240.00. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.