martymas Posted August 27, 2004 Report Share Posted August 27, 2004 hi team if this hasent been posted before .be careful out therenot sure if thei is the right place to post this martyTo read an HTML version of this newsletter, go to: http://www.trendmicro.com/en/security/report/overview.htmIssue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates2. Proof-of-Concept Virus – W64_SHRUGGLE.A (Low Risk)3. Top 10 Most Prevalent Global Malware4. OfficeScan Corporate Edition 6.5 – New Demo AvailableNOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window.************************************************************************1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------PATTERN FILE: 2.162.00 http://www.trendmicro.com/download/pattern.aspSCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp 2. Proof-of-Concept Virus – W64_SHRUGGLE.A (Low Risk)------------------------------------------------------------------------W64_SHRUGGLE.A is the second malware discovered that infects 64-bitWindows Portable Executable (PE) files. The first such virus, W64_RUGRAT.A,and this virus are believed to be created by the same author, who callshimself roy g biv. While W64_RUGRAT.A infected 64-bit files running onIA64 (Intel Itanium) processors, this virus is intended to infect PE filesrunning on AMD 64-bit systems. Both of these 64-bit viruses are consideredproof-of-concept viruses, meaning the author is probably trying to provethat new systems are susceptible to virus attacks. W64_SHRUGGLE.A iscurrently spreading in-the-wild, and infecting Windows 64-bit systems.Upon execution , this virus searches for target files in the currentfolder and subfolders. It then infects every 64-bit file (AMD64 only) that itfinds. It then passes this file through some filtering criteria, appendsits code to the last section of the host file, and then modifies thesection as executable. Garbage data may be appended at the end of the viruscode to further avoid detection. This virus does not infect 32-bit files and does not run in 32-bitprocessors without software to support AMD64-bit programs. All infected filescontain the following signature string: "Shrug - roy g biv"If you would like to scan your computer for W64_SHRUGGLE.A or thousandsof other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro'sfree, online virus scanner at: http://housecall.trendmicro.com/W64_SHRUGGLE.A is detected and cleaned by Trend Micro pattern file2.163.06 and above. For additional information about WORM_RATOS.A please visit: http://www.trendmicro.com/vinfo/virusencyc...e=W64SHRUGGLE.A3. Top 10 Most Prevalent Global Malware (from August 20, 2004 to August 26, 2004)------------------------------------------------------------------------1. WORM_SASSER.B2. PE_ZAFI.B 3. WORM_NETSKY.P4. HTML_NETSKY.P5. WORM_NETSKY.D6. JAVA_BYTEVER.A7. WORM_RATOS.A8. TROJ_AGENT.EG9. TROJ_AGENT.AE10. WORM_NETSKY.Q4. OfficeScan Corporate Edition 6.5 - New Demo Available------------------------------------------------------------------------ Trend Micro™ OfficeScan™ Corporate Edition is an integrated enterpriseclient security solution designed to protect against the daily threats offile-based and network viruses as well as secure access from intruders,spyware, and other threats. Security policy is enforced with Cisco networkaccess devices that support Network Admission Control (NAC), or throughNetwork VirusWall. Quote Link to post Share on other sites
Besttechie Posted August 27, 2004 Report Share Posted August 27, 2004 Thanks for the alert Marty.B Quote Link to post Share on other sites
tg1911 Posted August 27, 2004 Report Share Posted August 27, 2004 All infected files contain the following signature string: Shrug - roy g biv"Used to use that name to remember the colors of a rainbow. lolr - redo - orangey - yellowg - greenb - bluei - indigov - violet Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.