[virusinfo] Trend Micro Weekly Virus Report - June 10, 2005

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Fri, 10 Jun 2005 13:26:19 -0700

From: TREND  MICRO  WEEKLY  VIRUS  REPORT
    

------------------------------------------------------------------------
Date: Friday June 10, 2005

------------------------------------------------------------------------
To read an HTML version of this newsletter, go to: 

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VR


Issue Preview: 

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Bobbing for BOBAX - WORM_BOBAX.P (Medium Risk)
3. Top 10 Most Prevalent Global Malware 
4. Trend Micro Seminar - Securing your Microsoft Live Communication Server**
5. Evaluating Effective Enterprise-Class Anti-Spyware Solutions 


NOTE: Long URLs may break into two lines in some mail readers. 
Should this occur, please copy and paste the URL into your browser window.
mvi


1. Trend Micro Updates - Pattern File & Scan Engine Updates 
------------------------------------------------------------------------
PATTERN FILE: 2.679.00 
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VS

SCAN ENGINE: 7.510 
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VT
 

2. Bobbing for BOBAX - WORM_BOBAX.P (Medium Risk)
------------------------------------------------------------------------
On June 3 TrendLabs declared a medium risk alert in order to control the
spread 
of WORM_BOBAX.P. 
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBOBAX%2EP
 
TrendLabs has received several infection reports indicating that 
this malware is currently spreading in-the-wild in the United States,
Singapore, 
Ireland, Peru, Japan, Australia, and India. This memory-resident worm
infects 
Windows 98, ME, NT, 2000, and XP.

This is a blended threat, using a Trojan/Worm combination. The worm spreads
by 
attaching TROJ_SMALL.AHE to an email message that it sends using its own
SMTP 
engine. When the trojan is executed on a user?s system it downloads
WORM_BOBAX.P. 
Like many worms, this malware takes advantage of the LSASS vulnerability in
the 
Windows Operating System. Similar to the TROJAN/WORM_BAGLE combination
WORM_BOBAX.P 
propogates in the following manner:

-TROJ_SMALL.AHE is mass-mailed
-TROJ_SMALL.AHE is executed on the user?s system, and in turn downloads
WORM_BOBAX.P
-WORM_BOBAX.P is executed and drops a Dynamic Link Library (DLL) file
-The DLL file mass-mails TROJ_SMALL.AHE

TROJ_SMALL.AHE, which is the seeding portion of the malware, utilizes a
common 
social engineering technique that promises breaking news regarding current
world 
events. This malware promises a story ? and pictures ? on hoaxes such as
the capture 
of Osama bin Laden and the shooting death of Saddam Hussein, to lure the
recipient 
into clicking on the file. Clicking on the attachment causes the trojan to
run in 
memory and eventually download the worm component from the predefined Web
site. The 
worm then spreads to all contacts in the recipient?s address book.

If you would like to scan your computer for WORM_BOBAX.P or thousands of
other 
worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's
free, 
online virus scanner at: 
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VU


WORM_BOBAX.P is detected and cleaned by Trend Micro pattern file #2.663.00 
and above. 

For additional information about the WORM_BOBAX.P please visit: 
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.P

3. Top 10 Most Prevalent Global Malware 
(from June 3 to June 9, 2005)
------------------------------------------------------------------------
1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. WORM_SOBER.S
5. WORM_NETSKY.DAM
6. SPYW_GATOR
7. TSPY_SMALL.SN
8. SPYW_DASHBAR.300
9. WORM_NETSKY.D
10. TROJ_DYFUCA.I

4. Trend Micro Seminar - Securing your Microsoft Live Communication Server**
------------------------------------------------------------------------ 
Do you have control over your employees' use of Instant Messaging? Can you 
set - and enforce - acceptable use policies for Instant Messaging? Did you 
know that one half of all major virus outbreaks in Q1 2005 were IM viruses?

Microsoft Office Live Communication Server provides a fast and convenient
way for colleagues to communicate in real time. It also provides a good
starting point for organizations to gain control over their chaotic IM 
environment.
However, worms that propagate via IM ? such as Bropia, Kelvir, and Fatso ? 
are becoming more prevalent. Without security for your Live Communication 
server, viruses can spread.  And without proper monitoring and control of your 
Live Communication Server, trade secrets can be lost, and legal problems can 
arise from inappropriate content or use of company resources.  

Join Trend Micro on June 14 at 11:00 a.m. PDT for a free Webinar that
describes the latest IM threats and how Trend Micro can help you secure 
your Microsoft Live Communication Server. 

Register for this online event here:  

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VSY


**For residents of the U.S. & Canada only.
 

5. Evaluating Effective Enterprise-Class Anti-Spyware Solutions
------------------------------------------------------------------------
This new anti-spyware white paper will help you understand the risks of
spyware that corporations face and how to effectively evaluate enterprise-wide 
spyware protection.

Today, corporations are increasingly vulnerable to spyware designed to
capture and send information about a user?s Web-browsing habits. 
In addition, IT administrators report growing problems with 
grayware/spyware-like 
programs often used for for malicious purposes such as establishing backdoors 
to access enterprise resources, recording keystrokes to capture passwords, 
hijacking browsers to redirect users to unintended sites, and gathering 
confidential information to support criminal activities.

Left unchecked, spyware and grayware can compromise information security
within an enterprise, cause computer slowdowns or crashes, and lead to an 
increasing number of help desk calls. In addition to consuming resources of 
the infected computer, spyware consumes network bandwidth, significantly 
reducing productivity and efficiency throughout the organization.

Read Trend Micro's latest white paper and learn more about the risks of
spyware, and how to evaluate an effective anti-spyware solution:

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VSA

______________________________________________________________________


To view our permission marketing policy:
    http://www.rsvp0.net
Copyright 1989-2005 Trend Micro, Inc.  All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Trend Micro Weekly Virus Report - June 10, 2005

1. Home
2. virusinfo
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---