-=PCTechTalk=- Trend Micro Medium Risk Virus Alert - WORM_KELVIR.B and WORM_FATSO.A
- From: "David F. Wooledge" <wooledge001@xxxxxxxx>
- To: "@freelistts PCTechTalk" <pctechtalk@xxxxxxxxxxxxx>, accmail Juno <juno_accmail@xxxxxxxxxxxxx>
- Date: Tue, 8 Mar 2005 12:18:59 -0800 (PST)
Trend Micro Newsletters Editor <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:Date:
Mon, 7 Mar 2005 04:34:30 -0800
From: "Trend Micro Newsletters Editor" <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Trend Micro Medium Risk Virus Alert - WORM_KELVIR.B and WORM_FATSO.A
To: wooledge001@xxxxxxxxxxx
Dear Trend Micro customer,
As of March 7, 2005, 3:05 AM (GMT - 08:00), TrendLabs has declared a Medium
Risk Virus Alert to control the spread of WORM_KELVIR.B and WORM_FATSO.A.
TrendLabs has received numerous infection reports indicating that this malware
is spreading in Korea and the United States of America.
? WORM_KELVIR.B:
This new worm is very similar to WORM_KELVIR.A, in that it also propagates via
MSN messenger. It attempts to send the following instant message to all online
MSN messenger contacts of an affected user:
"http://home.ealink.net/gallery10/omg.pif lol! see it! u'll like it"
When the user clicks the given URL, this worm downloads a copy of itself, named
OMG.PIF, from the given URL. When this downloaded copy is executesd, it
downloads another malware file from the Internet, which Trend Micro detects as
WORM_SDBOT.AUI.
? WORM_FATSO.A
This memory-resident worm arrives on a system via MSN messenger, a popular
instant messaging application. It spreads copies of itself to all online MSN
messenger contacts of an affected system by sending an instant message
conataining a link, which when clicked, downloads a copy of this worm into the
recipient's system. This worm also has the ability to propagate via eMule, a
known peer-to-peer (P2P) file sharing application.
This worm is capable of redirecting infected users to a certain Web site, which
as of this writing, is already not available. It does this whenever the user
accesses Web sites that are associated with antivirus and security companies.
It may also terminate certain running processes, and disallow them from
executing while this worm resides in the memory.
TrendLabs will be releasing the following EPS deliverables:
TMCM Outbreak Prevention Policy 154
Official Pattern Release 2.476.00
Damage Cleanup Template 550
For more information on WORM_KELVIR.B and WORM_FATSO.A, you can visit our Web
site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KELVIR.B
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FATSO.A
----------------------------------------------o0o----
IMPORTANT NOTE!
TrendLabs will also be releasing a 3-digit pattern file 991 that corresponds
with the pattern indicated in this
email. This 3-digit pattern is a special release for users running non-NPF
compliant products (i.e., old 3-digit
pattern format) and is designed to provide protection against the most current
malware threats. Users running
non-NPF compliant products are still urged to apply the NPF solution
. These users may also upgrade to the latest product
version. Only NPF-compliant products will be able to update with regular
pattern releases.
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
To view our permission marketing policy:
http://www.rsvp0.net
Copyright 1989-2004 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
- » -=PCTechTalk=- Trend Micro Medium Risk Virus Alert - WORM_KELVIR.B and WORM_FATSO.A
