[antivirus] FW: Trend Micro Weekly Virus Report - August 9, 2002

• From: "Lim, Franciscus" <Franciscus.Lim@xxxxxxx>
• To: AntivirusClub@xxxxxxxxxxxxxxx, Antivirus@xxxxxxxxxxxxx,vaksin@xxxxxxxxxxxxxxx
• Date: Mon, 12 Aug 2002 09:08:22 +0800

-----Original Message-----
From: Trend Micro Virus Info
[mailto:VirusInfo@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Saturday, August 10, 2002 9:01 AM
To: franciscus.lim@xxxxxxx
Subject: Trend Micro Weekly Virus Report - August 9, 2002


*********************************************************************
TREND  MICRO  WEEKLY  VIRUS  REPORT
    
(by TrendLabs Global Antivirus and Research Center) 
*********************************************************************
------------------------------------------------------------------------
Date: August 9, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to: 
http://www.trendmicro.com/trendsetter/virus_report/ 

Issue Preview: 

1. Trend Micro Updates - Pattern File and Scan Engine Updates 
2. Forever Love - VBS_SEALUG.A (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Trend Micro Unveils Enterprise Protection Strategy 

NOTE: Long URLs may break into two lines in some mail readers. 
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File and Scan Engine Updates 
------------------------------------------------------------------------
PATTERN FILE: 333 http://www.trendmicro.com/download/pattern.asp 
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/ 

2. Forever Love - VBS_SEALUG.A (Low Risk)
------------------------------------------------------------------------
This Visual Basic Script worm propagates via Microsoft Outlook and arrives
in an email with the following: 

Subject: En SevdiginMessage

Message Body: Hayat yasandigi kadardir. Ötesi ya hatiralarda bir iz, ya da
hayallerde bir umuttur. Hüsrani ise bir tek yerde kabul edebilirim: O da
yasamaya olanak varken yasayamamis olmaktir. 

Attachment: En_Sevdigin.vbs

This worm uses the email addresses found in the infected user's Microsoft
Outlook Global Address book as recipients for its email sending routine. It
sends one email per address entry and sets Outlook to delete the sent mail
afterwards. If the infected ser does not have Microsoft Outlook installed,
it displays a message box with the following: 

Subject: VBScript

Header: Ist Oyle Birsey

It then displays two more message boxes: 

Header: VBS Script: Forever Love

Message Body: Sevgide son yoktur. Sevgiler hicbir zaman son bulmazlar. Biten
sevgiler yoktur, bitmis gibi gorunen sevgiler vardir. Vazgecis de yoktur
sevgide. Yasandikca yasatilir sevilen. Ama kimi zaman sevgili icin kimi
zamansa sevginin bir geregi olarak saklanir bu asklar. Vazgecis yoktur,
vazgecmis gibi gorunmek vardir o yuzden.Sevmekte istemek yoktur. Sevgilinin
oldugu yerde son bulur istekler. Bir sey varsa istedigin bu senin icin
degil, sevgili icin istedigindir. Ondan O'nun adina istersin. O'nu daha
sonsuz sevebilmek icin istersin. Sevme ozgurlugunu istersin, kabul
edilmesini istersin. Istersin ama bir gun gelir bu istekler de son bulur.
Kendinden istersin artik.

Header: VBS Script: Forever Love

Message Body: Sevgiliyi daha cok sevmek istersin kendinden. Sonsuz kilmak
istersin. Bu yolda sevgili olur mu, olmaz mi bunu sevgilinin istegi
belirler. Sevmek sevgiliyi istememeyi ogrenmektir. Sevmek sevgiliyi sevgili
olmadan sevmektir. Sevmek; sevmek istemektir.Sevmek, beklememektir.
Beklentilerin son buldugu bir duraktir o. Oyle ki tum gercekler, tum dunya
silinir gider. Ne O'ndan anlasilmayi beklersin, ne onu anlamayi. Ne onun
gelmesini beklersin, ne onun Leyla, Mecnun olmasini. Bildigin bir sey yoktur
sevmeyi bilmek disinda.

It searches for the following files and, if found, it drops the file
SCRIPT.INI in the directory where the file was found:
-MIRC32.EXE 
-MLINK32.EXE 
-MIRC.INI 
-SCRIPT.INI 
-MIRC.HLP

With this SCRIPT.INI file the worm is capable of performing the following: 

-connecting to the server irc.muhabbi.net 

-sending a message "Watashi Wa Anata Ga Sukide Su" to all other users who
joins the same channel as the infected user 

-sending the message http:\\www.1agustos.com to all channels the infected
user is currently on to

It then changes the startup page of Internet Explorer to
http://www.1agustos.com/ 

If you would like to scan your computer for VBS_SEALUG.A or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free online virus scanner at: http://housecall.antivirus.com/

VBS_SEALUG.A is detected and cleaned by Trend Micro pattern file #332 and
above. 

For additional information about VBS_SEALUG.A please visit:
<http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_SEALUG.
A>

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 
(week of: July 29, 2002 to August 4, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_NOCLOSE.A
3. WORM_YAHA.E
4. JS_NOCLOSE.E
5. JS_EXCEPTION.GEN
6. WORM_DANDI.A
7. WORM_KLEZ.E
8. PE_NIMDA.E
9. PE_ELKERN.D
10. WORM_DATOM.A
 
4. Trend Micro Unveils Enterprise Protection Strategy 
------------------------------------------------------------------------
Trend Micro Enterprise Protection Strategy redefines virus protection by
providing businesses with a lightweight architecture (composed of services,
products, centralized management, and knowledge) for an unprecedented
approach to proactive outbreak management. 

Trend Micro Enterprise Protection Strategy delivers centralized deployment
of outbreak detection, protection, assessment, and cleanup strategies
throughout the network. 

To learn more about Enterprise Protection Strategy go to
http://www.trendmicro.com/products/eps/


************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly
Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.trendmicro.com/subscriptions/default.asp?email=franciscus.lim@aig
.com
 
To UNSUBSCRIBE go to:
http://www.trendmicro.com/subscriptions/default.asp?format=unsubscribe
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@xxxxxxxxxxxxxxx
************************************************************************

Other related posts:

• » [antivirus] FW: Trend Micro Weekly Virus Report - August 9, 2002

1. Home
2. antivirus
3. Archive
4. 08-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---