Recommended Posts

hi team if this hasent been posted before .be careful out there

not sure if thei is the right place to post this

marty

To read an HTML version of this newsletter, go to:

http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates

2. Proof-of-Concept Virus – W64_SHRUGGLE.A (Low Risk)

3. Top 10 Most Prevalent Global Malware

4. OfficeScan Corporate Edition 6.5 – New Demo Available

NOTE: Long URLs may break into two lines in some mail readers.

Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates

------------------------------------------------------------------------

PATTERN FILE: 2.162.00 http://www.trendmicro.com/download/pattern.asp

SCAN ENGINE: 7.100

http://www.trendmicro.com/download/engine.asp

2. Proof-of-Concept Virus – W64_SHRUGGLE.A (Low Risk)

------------------------------------------------------------------------

W64_SHRUGGLE.A is the second malware discovered that infects 64-bit

Windows Portable Executable (PE) files. The first such virus, W64_RUGRAT.A,

and this virus are believed to be created by the same author, who calls

himself roy g biv. While W64_RUGRAT.A infected 64-bit files running on

IA64 (Intel Itanium) processors, this virus is intended to infect PE files

running on AMD 64-bit systems. Both of these 64-bit viruses are considered

proof-of-concept viruses, meaning the author is probably trying to prove

that new systems are susceptible to virus attacks. W64_SHRUGGLE.A is

currently spreading in-the-wild, and infecting Windows 64-bit systems.

Upon execution , this virus searches for target files in the current

folder and subfolders. It then infects every 64-bit file (AMD64 only) that it

finds. It then passes this file through some filtering criteria, appends

its code to the last section of the host file, and then modifies the

section as executable. Garbage data may be appended at the end of the virus

code to further avoid detection.

This virus does not infect 32-bit files and does not run in 32-bit

processors without software to support AMD64-bit programs. All infected files

contain the following signature string: "Shrug - roy g biv"

If you would like to scan your computer for W64_SHRUGGLE.A or thousands

of other

worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's

free,

online virus scanner at: http://housecall.trendmicro.com/

W64_SHRUGGLE.A is detected and cleaned by Trend Micro pattern file

2.163.06 and

above.

For additional information about WORM_RATOS.A please visit: http://www.trendmicro.com/vinfo/virusencyc...e=W64SHRUGGLE.A

3. Top 10 Most Prevalent Global Malware

(from August 20, 2004 to August 26, 2004)

------------------------------------------------------------------------

1. WORM_SASSER.B

2. PE_ZAFI.B

3. WORM_NETSKY.P

4. HTML_NETSKY.P

5. WORM_NETSKY.D

6. JAVA_BYTEVER.A

7. WORM_RATOS.A

8. TROJ_AGENT.EG

9. TROJ_AGENT.AE

10. WORM_NETSKY.Q

4. OfficeScan Corporate Edition 6.5 - New Demo Available

------------------------------------------------------------------------

Trend Microâ„¢ OfficeScanâ„¢ Corporate Edition is an integrated enterprise

client security solution designed to protect against the daily threats of

file-based and network viruses as well as secure access from intruders,

spyware, and other threats. Security policy is enforced with Cisco network

access devices that support Network Admission Control (NAC), or through

Network VirusWall.

Link to post
Share on other sites
All infected files contain the following signature string: Shrug - roy g biv"

Used to use that name to remember the colors of a rainbow. lol

r - red

o - orange

y - yellow

g - green

b - blue

i - indigo

v - violet

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...