|
sponsored links |
|
|
sponsored links
|
|
1
1st June 15:00
External User
Posts: 1
|
Trend Micro Weekly Virus Report
Visit Trend Micro.com
Trend Micro Weekly Virus Report (by TrendLabs Global Antivirus and Research Center) Date: October 17, 2003 Issue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates 2. Redline - WORM_REDIST.E (Low Risk) 3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 4. Head-to-Head Comparison: Web Security Performance 1. Trend Micro Updates - Pattern File and Scan Engine Updates PATTERN FILE: 655 SCAN ENGINE: 6.510 2. Redline - WORM_REDIST.E (Low Risk) WORM_REDIST.E is a non-destructive worm that spreads via email using Microsoft Outlook, and via peer-to-peer (P2P) file-sharing networks. It also has password-stealing capabilities. It runs on Windows 95, 98, ME, NT, 2000, and XP. Upon execution, this worm displays the following message box: Error Starting Progam A required .DLL file, MSVBM60.DLL, was not found. It drops the following copies of itself into the Windows folder: a.. Ircskins.skn b.. Msgsf32.exe c.. Msipxc32.exe d.. Scrset32.scr e.. Winscz32.exe f.. Winsetr32.exe It drops the following copies of itself into the Windows system folder: a.. Icmpmgr32.exe b.. Lnkscrc32.scr c.. Msgmain32.exe d.. Msgsvc32.pif e.. Msrun32.exe f.. Svcmsg32.pif g.. Winlnkf32.pif It drops the following copy into the Startup folder: a.. Startw32.pif The worm creates registry entries that allow its dropped copy, WINSCZ32.EXE, to execute at every Windows startup. This worm propagates by sending a copy of itself to all email addresses found in the infected users' address book. It uses Microsoft Outlook (MAPI) to send email with varying details. A sample of the email it sends, are as follows: Subject: A new screensaver Message Body: Take a look at this new screensaver in the attachments that I downloaded from the internet a while ago. If you like it, try setting it as your system screensaver  Cya!Attachment: 3DFish.scr Subject: Your file Message Body: Here is that file that you asked for (in the attachments). Sorry that I sent it late, I had trouble finding it on the computer. Attachment: Picture2.pif This worm also attempts to propagate to other P2P and chat clients. To do so, it drops the following copies of itself: a.. Bruce Almighty (Downloader).pif b.. Legally Blonde 2 (Downloader).pif c.. Movie - Finding Nemo (Downloader).pif d.. Movie - Terminator 3 (Downloader).pif e.. Movie - The Hulk (Downloader).pif f.. Movie - The Italian Job (Downloader).pif g.. Sinbad - Legend of the Seven Seas (Downloader).pif into the following paths, if they exist: a.. %Program Files%\BearShare\Shared b.. %Program Files%\Grokster\My Grokster c.. %Program Files%\ICQ\Shared Files d.. %Program Files%\Kazaa Lite\My Shared Folder e.. %Program Files%\Kazaa\My Shared Folder f.. %Program Files%\KMD\My Shared Folder g.. %Program Files%\Limewire\Shared h.. %Program Files%\Morpheus\My Shared Folder i.. %Program Files%\Overnet\Incoming j.. %Program Files%\Rapigator\Share k.. %Program Files%\Shareaza\Downloads l.. %Program Files%\Tesla\Files m.. %Program Files%\WinMX\My Shared Folder n.. %Program Files%\XoloX\Downloads This worm also drops randomly named files into the following paths: a.. \My Music b.. \My Do***ents\My Music This worm also attempts to capture and send cached passwords to a remote malicious user. This function only applies on systems running Windows 95 and 98, since the API used is not available on NT-based systems. It appears that the information is being sent to the following email address: Zed_rRlf@hotmail.com If you would like to scan your computer for WORM_REDIST.E or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com WORM_REDIST.E is detected and cleaned by Trend Micro pattern file #649 and above. 3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US (week of: October 6, 2003 to October 12, 2003) 1.. TROJ_ISTBAR.B 2.. WORM_SWEN.A 3.. TROJ_QHOSTS.A 4.. WORM_NACHI.A 5.. BKDR_SDBOT.441B1 6.. ADW_TENGET.A 7.. WORM_MSBLAST.C 8.. WORM_MSBLAST.A 9.. WORM_KLEZ.H 10.. WORM_FRIENDGRT.A 4. Head-to-Head Comparison: Web Security Performance Trend Micro commissioned VeriTest to compare the performance of Trend Micro InterScan Web Security Suite 1.0 to Symantec Web Security 3.0 and McAfee WebShield e1000 appliance using PC Magazine's WebBench 4.01 Web server performance benchmarking software. All three products tested work in conjunction with a Web server to monitor HTTP and FTP traffic for known viruses. The goal of the testing was to compare the performance of the three products while each filtered HTTP and FTP traffic to several client systems. View and compare the results of all three products. For questions, comments, and suggestions about the Weekly Virus Report please contact the Newsletters Editor at newsletters@trendmicro.com. -------------------------------------------------------------------------- This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM). Click here if you prefer not to receive future e-mail from Trend Micro's Newsletters Editor. Click here to view our permission marketing policy. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.528 / Virus Database: 324 - Release Date: 10/17/2003 |
|
|
Linear Mode
