Trend Micro Newsletters Editor <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:Date: Mon, 7 Mar 2005 04:34:30 -0800 From: "Trend Micro Newsletters Editor" <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx> Subject: Trend Micro Medium Risk Virus Alert - WORM_KELVIR.B and WORM_FATSO.A To: wooledge001@xxxxxxxxxxx Dear Trend Micro customer, As of March 7, 2005, 3:05 AM (GMT - 08:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_KELVIR.B and WORM_FATSO.A. TrendLabs has received numerous infection reports indicating that this malware is spreading in Korea and the United States of America. ? WORM_KELVIR.B: This new worm is very similar to WORM_KELVIR.A, in that it also propagates via MSN messenger. It attempts to send the following instant message to all online MSN messenger contacts of an affected user: "http://home.ealink.net/gallery10/omg.pif lol! see it! u'll like it" When the user clicks the given URL, this worm downloads a copy of itself, named OMG.PIF, from the given URL. When this downloaded copy is executesd, it downloads another malware file from the Internet, which Trend Micro detects as WORM_SDBOT.AUI. ? WORM_FATSO.A This memory-resident worm arrives on a system via MSN messenger, a popular instant messaging application. It spreads copies of itself to all online MSN messenger contacts of an affected system by sending an instant message conataining a link, which when clicked, downloads a copy of this worm into the recipient's system. This worm also has the ability to propagate via eMule, a known peer-to-peer (P2P) file sharing application. This worm is capable of redirecting infected users to a certain Web site, which as of this writing, is already not available. It does this whenever the user accesses Web sites that are associated with antivirus and security companies. It may also terminate certain running processes, and disallow them from executing while this worm resides in the memory. TrendLabs will be releasing the following EPS deliverables: TMCM Outbreak Prevention Policy 154 Official Pattern Release 2.476.00 Damage Cleanup Template 550 For more information on WORM_KELVIR.B and WORM_FATSO.A, you can visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KELVIR.B http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FATSO.A ----------------------------------------------o0o---- IMPORTANT NOTE! TrendLabs will also be releasing a 3-digit pattern file 991 that corresponds with the pattern indicated in this email. This 3-digit pattern is a special release for users running non-NPF compliant products (i.e., old 3-digit pattern format) and is designed to provide protection against the most current malware threats. Users running non-NPF compliant products are still urged to apply the NPF solution . These users may also upgrade to the latest product version. Only NPF-compliant products will be able to update with regular pattern releases. ______________________________________________________________________ This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM). To view our permission marketing policy: http://www.rsvp0.net Copyright 1989-2004 Trend Micro, Inc. All rights reserved Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014 -- <Please delete this line and everything below.> To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk