[pchelpers] Fw: Trend Micro Weekly Virus Report - July 25, 2003
- From: "tactilelady" <penwal1@xxxxxxxxxxxxx>
- To: <pchelpers@xxxxxxxxxxxxx>
- Date: Fri, 25 Jul 2003 23:46:55 -0700
Trend Micro Weekly Virus ReportThis is how I got to housecalls.
----- Original Message -----
From: Trend Micro Newsletters Editor
To: penwal1@xxxxxxxxxxxxx
Sent: Friday, July 25, 2003 3:09 PM
Subject: Trend Micro Weekly Virus Report - July 25, 2003
Visit Trend Micro.com
Trend Micro Weekly Virus Report
(by TrendLabs Global Antivirus and Research Center)
Date: July 25, 2003
Issue Preview:
1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. No Angel - WORM_AINJO.E (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Knowledge is Power
1. Trend Micro Updates - Pattern File and Scan Engine Updates
PATTERN FILE: 593
SCAN ENGINE: 6.510
2. No Angel - WORM_AINJO.E (Low Risk)
WORM_AINJO.E propagates via Internet Relay Chat (IRC), peer-to-peer
file-sharing networks such as Kazaa, and through email using Microsoft Outlook.
It affects Windows 95, 98, NT, ME, 2000, and XP.
Upon execution, this worm displays a message box. It also creates a copy of
itself in the floppy drive and drops a copy of itself as:
%Windows%\Kernelw32.exe
%Windows%\Blank.scr
It creates a registry entry that allows it to automatically execute at every
Windows startup.
The worm sends itself to all recipients found in the infected user's Microsoft
Outlook address book using MAPI (Microsoft Application Programming Interface)
commands. The email that it sends contains the following details:
Subject: (any of the following)
Re: Web Site Report
Thank You!
Free MP3, OGG/VORBIS Hit Songs !!
Download DVD Movie Now !! Its Free..!
You are Losing Income
Message Body: (any of the following)
The Mastercard Stored Value Card is good anywhere in the world that Mastercard
is accepted! APPLY NOW AND GET $20 FREE!! Download it Now And Get free Bonus!
Have I peaked your curiosity?
This is something that I think that anyone who is serious about marketing and
being on the internet should check out. Save it Now !
ATTENTION: THIS PROGRAM IS EXPLODING WORLDWIDE. THOUSANDS OF PEOPLE ARE SIGNING
UP EVERY DAY CREATING ONE OF THE LARGEST MEMBERSHIP BASES IN THE WORLD!
Hello!
Need a quick $100 today?
Need a quick $500 this week?
Need to QUICKLY build a $5,000 monthly income?
Download the attachment now !
Attachment: (any of the following)
SaveNow.zip
Report.zip
FFA.zip
FreeJoin.zip
The attachment is a compressed ZIP file containing a single copy of this worm.
To propagate through file-sharing networks such as Kazaa, the worm drops the
following copies of itself in these corresponding folders:
C:\Program Files\Kazaa\My Shared Folder\XPPatch.exe
C:\Program Files\Kazaa\My Shared Folder\NUDE7430482Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\AVUPDATE.EXE
C:\Program Files\Kazaa\My Shared Folder\ASIAN568230485Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\NAVUPDATE.EXE
C:\Program Files\Kazaa\My Shared Folder\PIC92124430Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\LIVEUPDATE.EXE
C:\Program Files\Kazaa\My Shared Folder\AMATEURE4981158Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\MCAFEE.EXE
C:\Program Files\Kazaa\My Shared Folder\SEXY50769389Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\PASSWORD.EXE
C:\Program Files\Kazaa\My Shared Folder\Fisting612347221Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\SEXSHOW.EXE
C:\Program Files\Kazaa\My Shared Folder\Preeteens69625457Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\ANTIVIRAL.EXE
C:\Program Files\Kazaa\My Shared Folder\Lolita3830436Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\Fetish57700493Jpg.exe
C:\Program Files\Kazaa\My Shared Folder\FREE_FIREWALL.EXE
C:\Program Files\Kazaa\My Shared Folder\Girls887525186Jpg.exe
The worm also drops or overwrites the MIRC.INI file in the folder where mIRC is
installed. When mIRC is run, this script is automatically executed. It
initializes mIRC to send a copy of this worm as FREEPIC.ZIP to all users who
are in the same channel as the infected user.
If you would like to scan your computer for WORM_AINJO.E or thousands of other
worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's
free, online virus scanner at: http://housecall.trendmicro.com
WORM_AINJO.E is detected and cleaned by Trend Micro pattern file #592 and
above.
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: July 14, 2003 to July 20, 2003)
1.. JS_EXCEPTION.GEN
2.. WORM_KLEZ.H
3.. WORM_MAPSON.A
4.. JAVA_BYTVERIFY.A
5.. TROJ_CHECKIN.B
6.. TROJ_BISKOO.A
7.. WORM_SOBIG.E
8.. TROJ_SMALL.M
9.. WORM_SPYBOT.GEN
10.. WORM_KWBOT.C
4. Knowledge is Power
Arm yourself with knowledge to fight viruses. Read the white paper "Beyond
Layers and Peripheral Antivirus Security" to learn different aspects of virus
behavior, human behavior, and antivirus solutions as they fit and operate
within a typical network - from the Internet gateway to the desktop. The
information in this document will help you to develop an effective strategy to
prevent and respond to the threat of malicious code.
For questions, comments, and suggestions about the Weekly Virus Report please
contact the Newsletters Editor at newsletters@xxxxxxxxxxxxxxx
--------------------------------------------------------------------------
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
Click here if you prefer not to receive future e-mail from Trend Micro's
Newsletters Editor.
Click here to view our permission marketing policy.
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi
List archives at //www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.
Other related posts:
- » [pchelpers] Fw: Trend Micro Weekly Virus Report - July 25, 2003
