[antivirus] FW: Trend Micro Weekly Virus Report - August 23, 2002

• From: "Lim, Franciscus" <Franciscus.Lim@xxxxxxx>
• To: AntivirusClub@xxxxxxxxxxxxxxx, Antivirus@xxxxxxxxxxxxx,vaksin@xxxxxxxxxxxxxxx
• Date: Mon, 26 Aug 2002 09:12:42 +0800

-----Original Message-----
From: Trend Micro Virus Info
[mailto:VirusInfo@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Saturday, August 24, 2002 10:11 AM
To: franciscus.lim@xxxxxxx
Subject: Trend Micro Weekly Virus Report - August 23, 2002


*********************************************************************
TREND  MICRO  WEEKLY  VIRUS  REPORT
    
(by TrendLabs Global Antivirus and Research Center) 
*********************************************************************
------------------------------------------------------------------------
Date: August 23, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to: 
http://www.trendmicro.com/trendsetter/virus_report/ 

Issue Preview: 

1. Trend Micro Updates - Pattern File and Scan Engine Updates 
2. I am Orlok - VBS_ROKOL.A (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. FREE Virus Scan - Clean your PC Online with Trend Micro's HouseCall 

NOTE: Long URLs may break into two lines in some mail readers. 
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File and Scan Engine Updates 
------------------------------------------------------------------------
PATTERN FILE: 337 http://www.trendmicro.com/download/pattern.asp 
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/ 

2. I am Orlok - VBS_ROKOL.A (Low Risk)
------------------------------------------------------------------------
This malware propagates via email and arrives in a message with the
following:

Subject: I feel sick today!!!
Message Body: I am ORLOK.

Upon execution, it drops the file ORLOK.VBS in the Windows System directory.
Then it adds a registry entry that allows it to execute at every Windows
startup.

If the value of the registry key does not exist, it uses Mail Application
Programming Interface (MAPI) to send a copy of itself to all email addresses
listed in the infected system's Microsoft Outlook Address Book. 

It also checks whether a MANGE.COM file exists in the Windows System
directory. If it does not find the file, it sets the Start page of the
infected system's Internet Explorer to:
http:\\membres.lycos.fr\aoteam\mange.com. The change downloads a MANGE.COM
file from the URL when the user of the infected system opens Internet
Explorer. 

If the MANGE.COM file already exists, it copies MANGE.COM from the default
Internet Explorer download directory to the Windows System directory,
executing the file from there. The author of this malware may change the
contents of the MANGE.COM file at anytime. 

The malware also overwrites all files with .VBS and .VBE extensions in the
root directory of each drive. It also continuously runs an instance of the
NOTEPAD.EXE application until the infected system eventually hangs, forcing
the infected user to restart the system and lose unsaved data on running
applications. 

If you would like to scan your computer for VBS_ROKOL.A or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free online virus scanner at: http://housecall.antivirus.com/

VBS_ROKOL.A is detected and cleaned by Trend Micro pattern file #336 and
above. 

For additional information about VBS_ROKOL.A please visit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_ROKOL.A

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 
(week of: August 12, 2002 to August 18, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_NOCLOSE.A
3. WORM_YAHA.E
4. JS_NOCLOSE.E
5. JS_EXCEPTION.GEN
6. WORM_DANDI.A
7. WORM_KLEZ.E
8. PE_NIMDA.E
9. PE_ELKERN.D
10. WORM_DATOM.A
 
4. FREE Virus Scan - Clean your PC Online with Trend Micro's HouseCall
------------------------------------------------------------------------
Get a quick checkup with HouseCall, Trend Micro's online virus scanner, to
see if a computer virus, worm, or Trojan has infected your system. HouseCall
scans your computer for new infections and detects, cleans, and removes
viruses for FREE. Try it now: 

http://housecall.antivirus.com/housecall/start_corp.asp

Note: HouseCall is a one-time, manual virus scanner and does not provide you
with continuous protection from viruses. For complete continuous protection,
we recommend Trend Micro PC-cillin 2002. 

To buy PC-cillin online** visit:
http://www.digitalriver.com/dr/v2/ec_MAIN.Entry10?xid=16269&SP=10034&PN=1&V1
=889300

**applies to customers in the U.S. and Canada only.






************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the

Other related posts:

• » [antivirus] FW: Trend Micro Weekly Virus Report - August 23, 2002

1. Home
2. antivirus
3. Archive
4. 08-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---