Trend Micro Weekly Virus ReportThis is how I got to housecalls. ----- Original Message ----- From: Trend Micro Newsletters Editor To: penwal1@xxxxxxxxxxxxx Sent: Friday, July 25, 2003 3:09 PM Subject: Trend Micro Weekly Virus Report - July 25, 2003 Visit Trend Micro.com Trend Micro Weekly Virus Report (by TrendLabs Global Antivirus and Research Center) Date: July 25, 2003 Issue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates 2. No Angel - WORM_AINJO.E (Low Risk) 3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 4. Knowledge is Power 1. Trend Micro Updates - Pattern File and Scan Engine Updates PATTERN FILE: 593 SCAN ENGINE: 6.510 2. No Angel - WORM_AINJO.E (Low Risk) WORM_AINJO.E propagates via Internet Relay Chat (IRC), peer-to-peer file-sharing networks such as Kazaa, and through email using Microsoft Outlook. It affects Windows 95, 98, NT, ME, 2000, and XP. Upon execution, this worm displays a message box. It also creates a copy of itself in the floppy drive and drops a copy of itself as: %Windows%\Kernelw32.exe %Windows%\Blank.scr It creates a registry entry that allows it to automatically execute at every Windows startup. The worm sends itself to all recipients found in the infected user's Microsoft Outlook address book using MAPI (Microsoft Application Programming Interface) commands. The email that it sends contains the following details: Subject: (any of the following) Re: Web Site Report Thank You! Free MP3, OGG/VORBIS Hit Songs !! Download DVD Movie Now !! Its Free..! You are Losing Income Message Body: (any of the following) The Mastercard Stored Value Card is good anywhere in the world that Mastercard is accepted! APPLY NOW AND GET $20 FREE!! Download it Now And Get free Bonus! Have I peaked your curiosity? This is something that I think that anyone who is serious about marketing and being on the internet should check out. Save it Now ! ATTENTION: THIS PROGRAM IS EXPLODING WORLDWIDE. THOUSANDS OF PEOPLE ARE SIGNING UP EVERY DAY CREATING ONE OF THE LARGEST MEMBERSHIP BASES IN THE WORLD! Hello! Need a quick $100 today? Need a quick $500 this week? Need to QUICKLY build a $5,000 monthly income? Download the attachment now ! Attachment: (any of the following) SaveNow.zip Report.zip FFA.zip FreeJoin.zip The attachment is a compressed ZIP file containing a single copy of this worm. To propagate through file-sharing networks such as Kazaa, the worm drops the following copies of itself in these corresponding folders: C:\Program Files\Kazaa\My Shared Folder\XPPatch.exe C:\Program Files\Kazaa\My Shared Folder\NUDE7430482Jpg.exe C:\Program Files\Kazaa\My Shared Folder\AVUPDATE.EXE C:\Program Files\Kazaa\My Shared Folder\ASIAN568230485Jpg.exe C:\Program Files\Kazaa\My Shared Folder\NAVUPDATE.EXE C:\Program Files\Kazaa\My Shared Folder\PIC92124430Jpg.exe C:\Program Files\Kazaa\My Shared Folder\LIVEUPDATE.EXE C:\Program Files\Kazaa\My Shared Folder\AMATEURE4981158Jpg.exe C:\Program Files\Kazaa\My Shared Folder\MCAFEE.EXE C:\Program Files\Kazaa\My Shared Folder\SEXY50769389Jpg.exe C:\Program Files\Kazaa\My Shared Folder\PASSWORD.EXE C:\Program Files\Kazaa\My Shared Folder\Fisting612347221Jpg.exe C:\Program Files\Kazaa\My Shared Folder\SEXSHOW.EXE C:\Program Files\Kazaa\My Shared Folder\Preeteens69625457Jpg.exe C:\Program Files\Kazaa\My Shared Folder\ANTIVIRAL.EXE C:\Program Files\Kazaa\My Shared Folder\Lolita3830436Jpg.exe C:\Program Files\Kazaa\My Shared Folder\Fetish57700493Jpg.exe C:\Program Files\Kazaa\My Shared Folder\FREE_FIREWALL.EXE C:\Program Files\Kazaa\My Shared Folder\Girls887525186Jpg.exe The worm also drops or overwrites the MIRC.INI file in the folder where mIRC is installed. When mIRC is run, this script is automatically executed. It initializes mIRC to send a copy of this worm as FREEPIC.ZIP to all users who are in the same channel as the infected user. If you would like to scan your computer for WORM_AINJO.E or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com WORM_AINJO.E is detected and cleaned by Trend Micro pattern file #592 and above. 3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US (week of: July 14, 2003 to July 20, 2003) 1.. JS_EXCEPTION.GEN 2.. WORM_KLEZ.H 3.. WORM_MAPSON.A 4.. JAVA_BYTVERIFY.A 5.. TROJ_CHECKIN.B 6.. TROJ_BISKOO.A 7.. WORM_SOBIG.E 8.. TROJ_SMALL.M 9.. WORM_SPYBOT.GEN 10.. WORM_KWBOT.C 4. Knowledge is Power Arm yourself with knowledge to fight viruses. Read the white paper "Beyond Layers and Peripheral Antivirus Security" to learn different aspects of virus behavior, human behavior, and antivirus solutions as they fit and operate within a typical network - from the Internet gateway to the desktop. The information in this document will help you to develop an effective strategy to prevent and respond to the threat of malicious code. For questions, comments, and suggestions about the Weekly Virus Report please contact the Newsletters Editor at newsletters@xxxxxxxxxxxxxxx -------------------------------------------------------------------------- This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM). Click here if you prefer not to receive future e-mail from Trend Micro's Newsletters Editor. Click here to view our permission marketing policy. Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig> Freelists login at //www.freelists.org/cgi-bin/lsg2.cgi List archives at //www.freelists.org/archives/pchelpers PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig Good advice is like good paint- it only works if applied.