Recommended Posts

hi team this is a news letter from TM.

marty

TREND MICRO WEEKLY VIRUS REPORT

(by TrendLabs Global Antivirus and Research Center)

*********************************************************************

------------------------------------------------------------------------

Date: Friday November 12, 2004

------------------------------------------------------------------------

To read an HTML version of this newsletter, go to:

http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates

2. Mining for Gold – TROJ_GETEGOLD.A (Low Risk)

3. Top 10 Most Prevalent Global Malware

4. Trend Micro URL Filtering Module - Important Product Update Now

Available

5. Trend Micro Announces Network VirusWall 300

NOTE: Long URLs may break into two lines in some mail readers.

Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates

------------------------------------------------------------------------

PATTERN FILE: 2.246.00 http://www.trendmicro.com/download/pattern.asp

SCAN ENGINE: 7.100 http://www.trendmicro.com/download/engine.asp

2. Mining for Gold – TROJ_GETEGOLD.A (Low Risk)

------------------------------------------------------------------------

TROJ_GETEGOLD.A targets users with e-gold accounts. E-gold is an

integrated account-based payment system mainly utilized for e-commerce. This

Trojan does not employ typical phishing techniques, such as logging user

keystrokes in text files that can be sent to a remote malicious user.

Instead, when a user accesses the

e-gold account login form it opens a hidden duplicate Internet Explorer

(IE) window accessing that same URL. It then fills the duplicate Web form,

which eventually leads to illegal account access. The Trojan periodically

drains the funds of the compromised account by a certain percentage, and

the stolen funds are then transferred to another e-gold account. This

Trojan runs on Windows 95, 98, ME, NT, 2000, and XP and is currently spreading

in-the-wild.

Upon execution, this Trojan drops itself as SVHOST.EXE in the Windows

folder. It then creates a registry entry that allows it to automatically

execute at every Windows startup. When a user accesses the URL http://e-gold.com/acct/login.html, this Trojan opens a hidden duplicate Internet

Explorer page of the said URL, which it fills, in order to drain a target

user’s e-Gold account.

To successfully perform this function, this Trojan uses Internet

Explorer’s built-in OLE automation functions. This method is similar to API

hooks used by PE viruses. In this case, this Trojan executes certain

functions for every change in the URL address that occurs.

The following URLs cause this Trojan to execute certain functions:

e-gold.com/acct/acct.asp

e-gold.com/acct/balance.asp

e-gold.com/acct/spend.asp

e-gold.com/acct/verify.asp

https://www.e-gold.com/acct/acct.asp

https://www.e-gold.com/acct/balance.asp

https://www.e-gold.com/acct/spend.asp

E-gold account holders should monitor e-gold Security Alerts at the

following URL:

http://www.e-gold.com/unsecure/alert.html

If you would like to scan your computer for TROJ_GETEGOLD.A or thousands

of

other worms, viruses, Trojans and malicious code, visit HouseCall, Trend

Micro's free, online virus scanner at: http://housecall.trendmicro.com/

TROJ_GETEGOLD.A is detected and cleaned by Trend Micro pattern file

#2.245.01

and above.

For additional information about TROJ_GETEGOLD.A please visit: http://www.trendmicro.com/vinfo/virusencyc...TROJ_GETEGOLD.A

3. Top 10 Most Prevalent Global Malware

(from November 5, 2004 to November 11, 2004)

------------------------------------------------------------------------

1. WORM_NETSKY.P

2. HTML_NETSKY.P

3. WORM_BAGLE.AT

4. WORM_NETSKY.D

5. JAVA_BYTEVER.A

6. PE_ZAFI.B

7. WORM_BAGLE.AU

8. WORM_NETSKY.C

9. WORM_NETSKY.B

10. TROJ_DELF.AR

4. Trend Micro URL Filtering Module - Important Product Update Now

Available

------------------------------------------------------------------------

Trend Micro URL Filtering, an optional module integrated with Trend Micro

InterScan Web Security Suite, enables companies to manage employee Internet

use by restricting access to unwanted Web sites.

If you have installed InterScan Web Security Suite with URL Filtering

module, an important product update is now available:

For Windows: InterScan Web Security Suite Patch for Windows v2.0

For Linux: InterScan Web Security Suite Patch for Linux v2.0

For Solaris: InterScan Web Security Suite Patch for Solaris v2.0

PLEASE NOTE: This is a mandatory patch as all unpatched systems will be

unable to receive URL Filtering updates after January, 2005.

You may obtain the patch by visiting:

http://www.trendmicro.com/download/product.asp?productid=34

If you have questions or need assistance, please contact Trend Micro

Technical Support in your area: http://kb.trendmicro.com/solutions/include...TechSupport.asp

5. Trend Micro Announces Network VirusWall 300

------------------------------------------------------------------------

Trend Micro recently launched the Network VirusWall 300 outbreak

prevention appliance intended to protect mission-critical devices such as Automatic

Teller Machines (ATM machines), self-service ticketing kiosks and medical

devices.

Building on the success of the Network VirusWall 1200 for network

segments, the Network VirusWall 300 appliance protects individual devices and can:

-Prevent network worms and enable remote clean-up of network worm

infections using threat-specific knowledge from TrendLabs(SM)

-Isolate devices from the network and quarantine infected devices

-Ease deployment through a simple hardware architecture that avoids the

compatibility, performance, and stability issues of software security solutions

To learn more about the Network VirusWall 300 please visit: http://www.trendmicro.com/en/products/netw...00/overview.htm

********************************************************************************

***

______________________________________________________________________

This message was sent by Trend Micro's Newsletters Editor using Responsys

Interact .

To unsubscribe from Trend Micro's Newsletters Editor:

http://trendnewsletter.rsc03.net/servlet/o...RFpgLmDgLmDgSE0

To update your subscription preference, or to change your email address:

http://trendnewsletter.rsc03.net/servlet/w...kNlyLihkm_UU_UV

To view our permission marketing policy:

http://www.rsvp0.net

Copyright 1989-2004 Trend Micro, Inc. All rights reserved

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA

95014

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...