Post by Mickuk on Sept 2, 2005 22:53:40 GMT
Trend Micro Weekly Virus Report
(by TrendLabs Global Antivirus and Research Center)
Date: Friday September 2, 2005
Issue Preview:
1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Email Worm – WORM_SAVAGE.A (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Trend Micro's Award-winning Legacy Continues
5. Trend Micro Whitepaper - The Spyware Battle -- Privacy vs. Profits
1. Trend Micro Updates - Pattern File and Scan Engine Updates
PATTERN FILE: 2.817.00
SCAN ENGINE: 7.510
2. Email Worm - WORM_SAVAGE.A (Low Risk)
WORM_WURMARK.A is a non-destructive, memory-resident worm that propagates
via email and through peer-to-peer (P2P) networks. It spreads via email by sending copies of itself with the file name TMP.ZIP to target addresses. It gathers target recipients from an affected system's Windows Address Book (WAB). This worm is currently spreading in-the-wild and infecting
systems running Windows 95, 98, ME, 2000, XP, and Server 2003.
This worm also propagates by dropping a copy of itself in accessible network shares, enabling other users to download this worm. However, on systems using the P2P applications, LimeWire and eDonkey2000, this worm drops its copy in locations specific to these applications.
This worm utilizes a common social engineering technique to avoid early detection. It uses file names that usually pertain to legitimate software, such as Nero and winamp5. Thus, this worm tricks users into thinking that it is a harmless file, possibly affecting its prolonged presence on the system.
It modifies the affected system's HOSTS file by appending a list of URLs, which are related to antivirus and security applications, to the said file. It directs the said URLs to the local machine, preventing the user from accessing the listed Web sites.
This worm has backdoor capabilities that connect to a remote Web site, where it awaits for commands from a remote malicious user, such as the downloading of files that may be malicious. It then executes the said commands locally, therefore compromising the machine's security.
This worm also carries a malware retaliation routine, particularly against NETSKY, BLASTER, MYDOOM, BAGLE, and SOBIG variants. It removes the corresponding registry entries of the said variants if found on the system.
If you would like to scan your computer for WORM_SAVAGE.A, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: housecall.trendmicro.com/
WORM_SAVAGE.A is detected and cleaned by Trend Micro pattern file #2.813.00 and above.
3. Top 10 Most Prevalent Global Malware
(from August 25 to September 1, 2005)
JAVA_BYTEVER.A
HTML_NETSKY.P
ADW_BADBITOR.A
WORM_NETSKY.P
SPYW_GATOR
SPYW_DASHBAR.300
TSPY_SMALL.SN
JS_DLOADER.I
TROJ_DYFUCA.I
TROJ_ROOTKIT.N
4. Trend Micro's Award-winning Legacy Continues
Since its inception in 1988, Trend Micro has won various awards for its
excellence in products and services, support, and corporate achievement.
Click here to see some of the latest accolades.
5. Whitepaper - The Spyware Battle -- Privacy vs. Profit
For the past three years, antivirus vendors have toiled over how to handle the removal of spyware - software that logs information on user activity, collects Web browsing histories, on-line purchases, etc. Spyware programs run in the background, with their activities transparent to most users. In this paper, Trend Micro provides some insights into the problem, to educate users about spyware threats and how to minimize the risk of infection. This includes sound advice on safe Internet practices, to avoid many of the most common spyware "traps".
Mick
(by TrendLabs Global Antivirus and Research Center)
Date: Friday September 2, 2005
Issue Preview:
1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Email Worm – WORM_SAVAGE.A (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Trend Micro's Award-winning Legacy Continues
5. Trend Micro Whitepaper - The Spyware Battle -- Privacy vs. Profits
1. Trend Micro Updates - Pattern File and Scan Engine Updates
PATTERN FILE: 2.817.00
SCAN ENGINE: 7.510
2. Email Worm - WORM_SAVAGE.A (Low Risk)
WORM_WURMARK.A is a non-destructive, memory-resident worm that propagates
via email and through peer-to-peer (P2P) networks. It spreads via email by sending copies of itself with the file name TMP.ZIP to target addresses. It gathers target recipients from an affected system's Windows Address Book (WAB). This worm is currently spreading in-the-wild and infecting
systems running Windows 95, 98, ME, 2000, XP, and Server 2003.
This worm also propagates by dropping a copy of itself in accessible network shares, enabling other users to download this worm. However, on systems using the P2P applications, LimeWire and eDonkey2000, this worm drops its copy in locations specific to these applications.
This worm utilizes a common social engineering technique to avoid early detection. It uses file names that usually pertain to legitimate software, such as Nero and winamp5. Thus, this worm tricks users into thinking that it is a harmless file, possibly affecting its prolonged presence on the system.
It modifies the affected system's HOSTS file by appending a list of URLs, which are related to antivirus and security applications, to the said file. It directs the said URLs to the local machine, preventing the user from accessing the listed Web sites.
This worm has backdoor capabilities that connect to a remote Web site, where it awaits for commands from a remote malicious user, such as the downloading of files that may be malicious. It then executes the said commands locally, therefore compromising the machine's security.
This worm also carries a malware retaliation routine, particularly against NETSKY, BLASTER, MYDOOM, BAGLE, and SOBIG variants. It removes the corresponding registry entries of the said variants if found on the system.
If you would like to scan your computer for WORM_SAVAGE.A, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: housecall.trendmicro.com/
WORM_SAVAGE.A is detected and cleaned by Trend Micro pattern file #2.813.00 and above.
3. Top 10 Most Prevalent Global Malware
(from August 25 to September 1, 2005)
JAVA_BYTEVER.A
HTML_NETSKY.P
ADW_BADBITOR.A
WORM_NETSKY.P
SPYW_GATOR
SPYW_DASHBAR.300
TSPY_SMALL.SN
JS_DLOADER.I
TROJ_DYFUCA.I
TROJ_ROOTKIT.N
4. Trend Micro's Award-winning Legacy Continues
Since its inception in 1988, Trend Micro has won various awards for its
excellence in products and services, support, and corporate achievement.
Click here to see some of the latest accolades.
5. Whitepaper - The Spyware Battle -- Privacy vs. Profit
For the past three years, antivirus vendors have toiled over how to handle the removal of spyware - software that logs information on user activity, collects Web browsing histories, on-line purchases, etc. Spyware programs run in the background, with their activities transparent to most users. In this paper, Trend Micro provides some insights into the problem, to educate users about spyware threats and how to minimize the risk of infection. This includes sound advice on safe Internet practices, to avoid many of the most common spyware "traps".
Mick