Recommended Posts

has any one heard of this one before

it is a low risk.tho it is worth posting

tho it is for linux [red hat] im sure there are linux users here

marty

To read an HTML version of this newsletter, go to:

http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates

2. Faker – ELF_FAKEPATCH.A (Low Risk)

3. Top 10 Most Prevalent Global Malware

4. Webinar: Webinar: Maintaining Productivity During Network Virus

Attacks**

5. Roundup: October Virus Activity & Analysis

NOTE: Long URLs may break into two lines in some mail readers.

Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates

------------------------------------------------------------------------

PATTERN FILE: 2.238.00 http://www.trendmicro.com/download/pattern.asp

SCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp

2. Faker – ELF_FAKEPATCH.A (Low Risk)

------------------------------------------------------------------------

ELF_FAKEPATCH.A is an executable that runs on Linux. ELF refers to

Executable and Link Format, which is the well-documented and available file

format for Linux/UNIX executables. It arrives via email, and retrieves

network configuration and system information. The information is saved in the

file "mama", and sent to a specific email address.

The email it sends is designed to trick users into believing it is a

legitimate email sent by the RedHat Security Team, regarding critical security

patches that must be downloaded. The email includes links to downloadable

files, and encourages the recipients to click the links to download the

patches.

When one of the specific files mentioned in the email is downloaded, the

following files are found:

Inst.c – source code of this malware

Makefile – used to compile inst.c

When this Elf executable is already compiled, it produces the shell code

that retrieves information from a machine. The shell code first checks

whether it is executed in the root level. If not, it displays the following

line in a console:

This patch must be applied as "root", and you are: %User% (Note:

%User% is the currently logged on user.)

Afterward, it adds a user named "bash" with a null password and

creates the file "mama" inside the temporary folder. It then obtains

network configuration and system information, and saves it in the file mama.

Next, it sends this file to the email address [email protected]. It

then deletes the file from the system and starts SSHD (Secure Shell

Server). Note: A Secure Shell Server provides secure encrypted communications

between untrusted hosts over an untrusted network. It allows users to

connect to a system from another system via TCP/IP, and obtain a shell prompt,

from which they can issue commands and view output.

If you would like to scan your computer for ELF_FAKEPATCH or thousands of

other worms, viruses, Trojans and malicious code, visit HouseCall, Trend

Micro's free, online virus scanner at: http://housecall.trendmicro.com/

ELF_FAKEPATCH.A is detected and cleaned by Trend Micro pattern file

#2.227.08

and above.

For additional information about ELF_FAKEPATCH please visit: http://www.trendmicro.com/vinfo/virusencyc...ELF_FAKEPATCH.A

3. Top 10 Most Prevalent Global Malware

(from October 29, 2004 to November 4, 2004)

------------------------------------------------------------------------

1. WORM_NETSKY.P

2. HTML_NETSKY.P

3. WORM_BAGLE.AT

4. WORM_NETSKY.D

5. JAVA_BYTEVER.A

6. WORM_NETSKY.B

7. WORM_BAGLE.AU

8. WORM_NETSKY.C

9. PE_ZAFI.B

10. WORM_NETSKY.Q

4. Webinar: Maintaining Productivity During Network Virus Attacks**

------------------------------------------------------------------------

Trend Micro invites you to attend a free, one-hour webinar on November 16

at 11:00 am PST entitled “Maintaining Productivity During Network Virus

Attacks: A Proactive Strategyâ€.

During this informative Webinar Bob Hansmann, Senior Product Marketing

Manager

for Client, Server, and Network Security Products at Trend Micro, will

discuss:

*The nature of Network Viruses/Worms and the relative threat they pose to

your

network, where they come from and what form they are likely to take next

*Why Network Viruses like Nimda, Code_Red, MS_Blaster, SQL_Slammer and

Sasser

are different from traditional viruses, and where traditional approaches

fail

*An effective protection strategy with both proactive and reactive

components - one that addresses the specific nature of the Network Virus

yet

integrates smoothly with an overall protection strategy

Hansmann’s background in the security and disaster recovery industries

spans two decades of work with business and government sectors. His

extensive involvement in planning for threat avoidance, risk mitigation, as well

as disaster recovery give a solid, real-world background to the security

information he offers attendees.

To register for this informative webinar, please visit:

http://trendmicro.webex.com/trendmicro/ons...&Rnd=1338687839

**Open to residents of the U.S. & Canada

5. Roundup: October Virus Activity & Analysis

------------------------------------------------------------------------

The month of October was relatively quiet for virus outbreaks, marking one

of the longest outbreak-free periods of the year. Don't get too

comfortable though: 1,817 new malware programs were discovered, which is 22% more

than September.

Read the October roundup of virus activity here:

http://www.trendmicro.com/en/security/report/1004roundup.htm

**Analysis conducted and prepared by TrendLabs

********************************************************************************

***

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys

Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...pkNlyLihkm_UU_Y

To view our permission marketing policy:

http://www.rsvp0.net

Copyright 1989-2004 Trend Micro, Inc. All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA

95014

Link to post
Share on other sites

do you get the linux news letter.a friend says he gets the news letter

and there is a narticle in it .on linux viruses.

i have the mandrake 9.1 disks but haven loaded them yet.

i dont know how to use a dual sys.and i need to know how do to make a dual boot

ive been watching the linux forum.

what i ntend to do is load mandrake on to a stand alone sys. i have a spare p2

but it only has a 4.5 hdd and im sure that isnt enough.gegs

back to linux and virus.

im sure i read where as linux gets more public support

the more it will be a target for the virus writers

marty

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...