[antivirus] FW: Trend Micro Weekly Virus Report - August 2, 2002

• From: "Lim, Franciscus" <Franciscus.Lim@xxxxxxx>
• To: AntivirusClub@xxxxxxxxxxxxxxx, Antivirus@xxxxxxxxxxxxx,vaksin@xxxxxxxxxxxxxxx
• Date: Mon, 5 Aug 2002 08:42:51 +0800

-----Original Message-----
From: Trend Micro Virus Info
[mailto:VirusInfo@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Saturday, August 03, 2002 6:29 AM
To: franciscus.lim@xxxxxxx
Subject: Trend Micro Weekly Virus Report - August 2, 2002


*********************************************************************
TREND  MICRO  WEEKLY  VIRUS  REPORT
    
(by TrendLabs Global Antivirus and Research Center) 
*********************************************************************
------------------------------------------------------------------------
Date: August 2, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to: 
http://www.trendmicro.com/trendsetter/virus_report/ 

Issue Preview: 

1. Trend Micro Updates - Pattern File and Scan Engine Updates 
2. New Mass Mailer - PE_CHIR.B (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. New Version of ServerProtect Available - Download a Free Trial 

NOTE: Long URLs may break into two lines in some mail readers. 
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File and Scan Engine Updates 
------------------------------------------------------------------------
PATTERN FILE: 331 http://www.trendmicro.com/download/pattern.asp 
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/ 

2. New Mass Mailer - PE_CHIR.B (Low Risk)
------------------------------------------------------------------------ 
This mass-mailing worm propagates by sending copies of itself to all
addresses listed in the target user's Windows Address Book (WAB). It sends
an email with the following details: 

From: imissyou@xxxxxxxxxxxxx
Subject: <username> is comming!
Message: 
Attachment: PP.EXE

It also infects all files with the following extensions: 
EXE 
SCR 
HTM 
HTML 

On the first day of every month, it overwrites the first 1,234 Bytes of all
files with the following extensions: 
ADC 
RDB 
DOC 
XLS 

This worm exploits a known vulnerability affecting systems running Microsoft
Internet Explorer 5.01 and 5.5. This exploit allows the automatic execution
of email attachments without the user opening them. The infected email
attachment is tagged as audio/x-wav content-type by this worm. Therefore,
the default audio-file player of the system that this email arrives in,
attempts to open the attachment. 

Upon execution, this worm executes itself as another process. Since the
creation of another process consumes additional memory resources, this
behavior may cause the infected system to hang. This worm drops several
copies of the file README.EML on all directories and subdirectories. This
file is a Uuencoded version of the worm. Uuencode is a universal protocol
for sending files between different platforms, and is typically utilized for
sending email attachments. 

On infected systems running Windows NT 4.0, Windows 2000, and Windows XP,
this malware runs the Net Send command to send the following text message to
all computers belonging to the same workgroup: 

My god! Some one killed ChineseHacker-2 Monitor

If you would like to scan your computer for PE_CHIR.B or thousands of other
worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's
free online virus scanner at: http://housecall.antivirus.com/

PE_CHIR.B is detected and cleaned by Trend Micro pattern file #330 and
above. 

For additional information about PE_CHIR.B please visit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_CHIRB

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 
(week of: July 22, 2002 to July 28, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_NOCLOSE.A
3. WORM_DATOM.A
4. WORM_DANDI.A
5. PE_MAGISTR.B
6. JS_NOCLOSE.E
7. WM_CONCEPT
8. PE_NIMDA.A-O
9. WORM_YAHA.E
10. WORM_KLEZ.E

4. New Version of ServerProtect Available - Download a Free Trial 
------------------------------------------------------------------------
Trend Micro ServerProtect software provides network-wide, comprehensive
antivirus scanning for servers running Microsoft(tm) Windows(tm) 2000,
Microsoft Windows NT(tm), and Novell(tm) NetWare(tm) operating systems. 

Managed through an intuitive, portable console, ServerProtect provides virus
outbreak management, centralized virus scanning, virus pattern file updates,
event reporting, and antivirus configuration.

To learn more about Trend Micro's file server and storage protection go to
http://www2.trendmicro.com/US/Products/File+Server+and+Storage/default.htm 

To download a free, 30-day trial version of ServerProtect visit
http://www.trendmicro.com/download/register.asp?product_id=18&product_from=s
vrprt


************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly
Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.trendmicro.com/subscriptions/default.asp?email=franciscus.lim@aig
.com
 
To UNSUBSCRIBE go to:
http://www.trendmicro.com/subscriptions/default.asp?format=unsubscribe
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@xxxxxxxxxxxxxxx
************************************************************************

Other related posts:

• » [antivirus] FW: Trend Micro Weekly Virus Report - August 2, 2002

1. Home
2. antivirus
3. Archive
4. 08-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---