[virusinfo] Trend Micro Weekly Virus Report - June 3, 2005

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Fri, 03 Jun 2005 12:57:50 -0700

From; TREND  MICRO  WEEKLY  VIRUS  REPORT
    
(by TrendLabs Global Antivirus and Research Center) 
------------------------------------------------------------------------
Date: Friday June 3, 2005

------------------------------------------------------------------------
To read an HTML version of this newsletter, go to: 

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQATYQTVupsLIpsLxlLtmkQgLlV2VR


Issue Preview: 

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Two MYTOBS - WORM MYTOB.AR & WORM_MYTOB.BI (Medium Risk)
3. Top 10 Most Prevalent Global Malware 
4. Trend Micro Mobile Security - Offer Extended
5. Roundup: May Virus Activity & Analysi


NOTE: Long URLs may break into two lines in some mail readers. 
Should this occur, please copy and paste the URL into your browser window.



1. Trend Micro Updates - Pattern File & Scan Engine Updates 
------------------------------------------------------------------------
PATTERN FILE: 2.663.00 
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQATYQTVupsLIpsLxlLtmkQgLlV2VS

SCAN ENGINE: 7.510 
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQATYQTVupsLIpsLxlLtmkQgLlV2VT
 

2. Two MYTOBS - WORM MYTOB.AR & WORM_MYTOB.BI (Medium Risk)
------------------------------------------------------------------------
Trend Micro raised two MYTOB variants to yellow alert status this week ? 
WORM_MYTOB.AR and WORM_MYTOB.BI. These are the third and fourth variants 
of the ever-popular family of worms to reach the alert stage. Both worms are 
currently spreading in-the-wild. WORM_MYTOB.AR infects computers that run
on 
Windows 98, ME, 2000, and XP. WORM_MYTOB.BI infects computers that run on 
Windows 98, ME, NT, 2000, and XP.

It has only been 90 days since antivirus experts detected the first variant 
of the MYTOB family of worms. Yet, since its detection on February 27,
2005, WORM_MYTOB has managed to register nearly 120 new variants 
and is responsible for more than 65,000 worldwide infections.

These worms are nearly identical to previous MYTOB variants, which use the 
classic social engineering technique of posing as an e-mail administrator
to entice users to execute the attachment in the mail. The malware attempts 
to fool the user into thinking that the email is about the suspension of his/her
email account. And, as with all other variants, these memory-resident worms
propagate by sending a copy of themselves as an attachment within an email 
message, which they send to target recipients using their own Simple Mail 
Transfer Protocol (SMTP) engine.

The only difference between the ?.AR? variant and the ?.BI? variant is the
name of the dropped file. But, there are three notable differences of ?.AR? 
and ?.BI?, versus their 115 MYTOB predecessors. These differences are:

-They drop a copy of themselves as LIEN VAN DE KELDER.EXE or 
LIEN VAN DE KELDERRR.EXE 
(note, the only difference between the dropped file in the ?.AR? 
variant and the ?.BI? variant is the addition of two ?R?s? at the end of
the file name in ?.BI?) in the Windows system folder. Lien Van de Kelder 
is a popular Belgian actress.

-Upon execution, the worms drop spyware and adware onto the victims?
machine which contains a backdoor capability. 
The spyware, detected as TSPY_AGENT.H, tracks user preferences and 
could (potentially) track infection rates. The adware, detected as 
ADW_MEDTICKS.A, is a popular adware program ?Media Tickets?
(www.mediatickets.net). 
It has the ability to track what the user clicks on ? and how often they do
it ? and can display pop-up ads. This adware also promises to pay 15 cents 
(USD) for every time a user clicks on the adware.

-They also open Internet Explorer (IE) to connect to different Web sites
that install other spyware or adware programs currently available on host sites.

It is believed that these variants are actually intended as a testing
ground for future variants that will likely take advantage of the monetary 
offer 
of the adware (the site referred to in this variant is not believed to be one 
of 
those sites ? it was likely just written by a fan of Ms. Van De Kelder).
 
If you would like to scan your computer for WORM_MYTOB.AR, WORM_MYTOB.BI 
or thousands of other worms, viruses, Trojans and malicious code, visit
HouseCall, Trend Micro's free, online virus scanner at: 
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQATYQTVupsLIpsLxlLtmkQgLlV2VU


WORM_MYTOB.AR and WORM_MYTOB.BI are detected and cleaned by Trend Micro
pattern file #2.651.00 and above. 

For additional information about the WORM_MYTOB.AR please visit: 

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQATYQTVupsLIpsLxlLtmkQgLlV2VW


For additional information about the WORM_MYTOB.BI please visit: 

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQATYQTVupsLIpsLxlLtmkQgLlV2VY

mvi
3. Top 10 Most Prevalent Global Malware 
(from May 27 to June 2, 2005)
------------------------------------------------------------------------
1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. TSPY_SMALL.SN
5. WORM_NETSKY.DAM
6. WORM_SOBER.S
7. SPYW_GATOR
8. WORM_NETSKY.D
9. TROJ_DYFUCA.I
10. SPYW_DASHBAR.300

4. Trend Micro Mobile Security - Offer Extended
------------------------------------------------------------------------ 
Trend Micro Mobile Security (TMMS) 1.x software protects your smartphone
and PocketPC handheld from mobile viruses. TMMS 1.x is a "no charge" product 
that has enjoyed more 50,000 downloads. Originally scheduled to expire on
June 30, 2005, TMMS 1.x is being extended through September 2005. 
TMMS 1.x is being extended to ensure a smooth transition to TMMS 2.0 available 
in July/August 2005.
Existing TMMS 1.x users will automatically have their antivirus protection 
extended
with an "over-the-air" or ActiveSync connection when they select the "Update"
option within TMMS 1.x after 14 June 2005. 

-Learn more about TMMS 1.x: www.trendmicro.com/mobilesecurity 

5. Roundup: May Virus Activity & Analysis
------------------------------------------------------------------------
While the month of April allowed the computing world to slumber in peace,
the month of May reawakened the circuit with a bang and gave way to a comeback, 
to a successful umpteenth attempt, and to a malware-spyware team up.

-Read the May Virus Roundup for more details: 

http://trendnewsletter.rsc03.net/servlet/cc5?lgLQATYQTVupsLIpsLxlLtmkQgLlV2VR

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).


To view our permission marketing policy:
    http://www.rsvp0.net
Copyright 1989-2005 Trend Micro, Inc.  All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Trend Micro Weekly Virus Report - June 3, 2005

1. Home
2. virusinfo
3. Archive
4. 06-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---