From: TREND MICRO WEEKLY VIRUS REPORT ------------------------------------------------------------------------ Date: Friday June 10, 2005 ------------------------------------------------------------------------ To read an HTML version of this newsletter, go to: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VR Issue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates 2. Bobbing for BOBAX - WORM_BOBAX.P (Medium Risk) 3. Top 10 Most Prevalent Global Malware 4. Trend Micro Seminar - Securing your Microsoft Live Communication Server** 5. Evaluating Effective Enterprise-Class Anti-Spyware Solutions NOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window. mvi 1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------ PATTERN FILE: 2.679.00 http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VS SCAN ENGINE: 7.510 http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VT 2. Bobbing for BOBAX - WORM_BOBAX.P (Medium Risk) ------------------------------------------------------------------------ On June 3 TrendLabs declared a medium risk alert in order to control the spread of WORM_BOBAX.P. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBOBAX%2EP TrendLabs has received several infection reports indicating that this malware is currently spreading in-the-wild in the United States, Singapore, Ireland, Peru, Japan, Australia, and India. This memory-resident worm infects Windows 98, ME, NT, 2000, and XP. This is a blended threat, using a Trojan/Worm combination. The worm spreads by attaching TROJ_SMALL.AHE to an email message that it sends using its own SMTP engine. When the trojan is executed on a user?s system it downloads WORM_BOBAX.P. Like many worms, this malware takes advantage of the LSASS vulnerability in the Windows Operating System. Similar to the TROJAN/WORM_BAGLE combination WORM_BOBAX.P propogates in the following manner: -TROJ_SMALL.AHE is mass-mailed -TROJ_SMALL.AHE is executed on the user?s system, and in turn downloads WORM_BOBAX.P -WORM_BOBAX.P is executed and drops a Dynamic Link Library (DLL) file -The DLL file mass-mails TROJ_SMALL.AHE TROJ_SMALL.AHE, which is the seeding portion of the malware, utilizes a common social engineering technique that promises breaking news regarding current world events. This malware promises a story ? and pictures ? on hoaxes such as the capture of Osama bin Laden and the shooting death of Saddam Hussein, to lure the recipient into clicking on the file. Clicking on the attachment causes the trojan to run in memory and eventually download the worm component from the predefined Web site. The worm then spreads to all contacts in the recipient?s address book. If you would like to scan your computer for WORM_BOBAX.P or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VU WORM_BOBAX.P is detected and cleaned by Trend Micro pattern file #2.663.00 and above. For additional information about the WORM_BOBAX.P please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.P 3. Top 10 Most Prevalent Global Malware (from June 3 to June 9, 2005) ------------------------------------------------------------------------ 1. WORM_NETSKY.P 2. HTML_NETSKY.P 3. JAVA_BYTEVER.A 4. WORM_SOBER.S 5. WORM_NETSKY.DAM 6. SPYW_GATOR 7. TSPY_SMALL.SN 8. SPYW_DASHBAR.300 9. WORM_NETSKY.D 10. TROJ_DYFUCA.I 4. Trend Micro Seminar - Securing your Microsoft Live Communication Server** ------------------------------------------------------------------------ Do you have control over your employees' use of Instant Messaging? Can you set - and enforce - acceptable use policies for Instant Messaging? Did you know that one half of all major virus outbreaks in Q1 2005 were IM viruses? Microsoft Office Live Communication Server provides a fast and convenient way for colleagues to communicate in real time. It also provides a good starting point for organizations to gain control over their chaotic IM environment. However, worms that propagate via IM ? such as Bropia, Kelvir, and Fatso ? are becoming more prevalent. Without security for your Live Communication server, viruses can spread. And without proper monitoring and control of your Live Communication Server, trade secrets can be lost, and legal problems can arise from inappropriate content or use of company resources. Join Trend Micro on June 14 at 11:00 a.m. PDT for a free Webinar that describes the latest IM threats and how Trend Micro can help you secure your Microsoft Live Communication Server. Register for this online event here: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VSY **For residents of the U.S. & Canada only. 5. Evaluating Effective Enterprise-Class Anti-Spyware Solutions ------------------------------------------------------------------------ This new anti-spyware white paper will help you understand the risks of spyware that corporations face and how to effectively evaluate enterprise-wide spyware protection. Today, corporations are increasingly vulnerable to spyware designed to capture and send information about a user?s Web-browsing habits. In addition, IT administrators report growing problems with grayware/spyware-like programs often used for for malicious purposes such as establishing backdoors to access enterprise resources, recording keystrokes to capture passwords, hijacking browsers to redirect users to unintended sites, and gathering confidential information to support criminal activities. Left unchecked, spyware and grayware can compromise information security within an enterprise, cause computer slowdowns or crashes, and lead to an increasing number of help desk calls. In addition to consuming resources of the infected computer, spyware consumes network bandwidth, significantly reducing productivity and efficiency throughout the organization. Read Trend Micro's latest white paper and learn more about the risks of spyware, and how to evaluate an effective anti-spyware solution: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQAUWQTVupsLIpsLxlLtmkQgLlV2VSA ______________________________________________________________________ To view our permission marketing policy: http://www.rsvp0.net Copyright 1989-2005 Trend Micro, Inc. All rights reserved Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014 *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member