[virusinfo] WORM_BOBAX.P
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Fri, 03 Jun 2005 08:46:57 -0700
From; Trend Micro Newsletters:
Dear Trend Micro customer,
As of June 3, 2005, 1:38 AM PDT (Pacific Daylight Time/GMT -7:00),
TrendLabs has declared a Medium Risk Virus Alert to control the spread of
WORM_BOBAX.P. TrendLabs has received several infection reports indicating
that this malware is spreading in Australia, India, Ireland, Japan, Peru,
Singapore, and the United States.
This memory-resident worm usually arrives on a system as a downloaded file
of TROJ_SMALL.AHE. It spreads by sending a copy of TROJ_SMALL.AHE as an
attachment to an email message that it sends using its own Simple Mail
Transfer Protocol (SMTP) engine.
The message it sends out contains the following details:
Subject: {blank}
Message body: (any of the following)
? Attached some pics that i found
? Check this out :-)
? Hello,
? I was going through my album, and look what I found..
? Long time! Check this out!
? Osama Bin Laden Captured.
? Remember this?
? Saddam Hussein - Attempted Escape, Shot dead
? Secret!
? Testing
(followed by any of the following strings)
? +++ Attachment: No Virus found
? +++ F-Secure AntiVirus - You are protected
? +++ Norman AntiVirus - You are protected
? +++ Norton AntiVirus - You are protected
? +++ Panda AntiVirus - You are protected
? +++ www.f-secure.com
? +++ www.norman.com
? +++ www.pandasoftware.com
? +++ www.symantec.com
Attachment: (any of the following names followed by a .ZIP extension)
? bush.1
? funny.1
? joke.1
? pics.1
? secret.2
When an unsuspecting user executes the Trojan attachment, TROJ_SMALL.AHE
downloads WORM_BOBAX.P, and the vicious worm-Trojan cycle continues.
It also propagates by taking advantage of the Windows LSASS vulnerability.
Furthermore, it is capable of modifying the system's HOSTS file in order to
prevent users from accessing certain Web sites.
TrendLabs will be releasing the following EPS deliverables:
TMCM Outbreak Prevention Policy 179 -- already uploaded
Official Pattern Release 2.663.00
Damage Cleanup Template 612
For more information on WORM_BOBAX.P, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BOBAX.P
You can modify subscription settings for Trend Micro newsletters at:
http://www.trendmicro.com/subscriptions/default.asp
----------------------------------------------o0o----
IMPORTANT NOTE!
TrendLabs will also be releasing a corresponding 3-digit pattern file (998)
to the pattern indicated in this email. This 3-digit pattern is a special
release for users running non-NPF compliant products (i.e., old 3-digit
pattern format) and is designed to provide protection against the most
current malware threats. Users running non-NPF compliant products are still
urged to apply the NPF solution at
http://www.trendmicro.com/en/support/npf/overview.htm. These users may also
upgrade to the latest product version. Only NPF-compliant products will be
able to update with regular pattern releases.
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
To view our permission marketing policy:
http://www.rsvp0.net
Copyright 1989-2005 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] WORM_BOBAX.P
