-=PCTechTalk=- Trend Micro Medium Risk Virus Alert - WORM_MYDOOM.BB
- From: "David F. Wooledge" <wooledge001@xxxxxxxx>
- To: "@freelistts PCTechTalk" <pctechtalk@xxxxxxxxxxxxx>, accmail Juno <juno_accmail@xxxxxxxxxxxxx>
- Date: Thu, 17 Feb 2005 18:54:04 -0800 (PST)
Trend Micro Newsletters Editor <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:Date:
Wed, 16 Feb 2005 21:41:33 -0800
From: "Trend Micro Newsletters Editor"
Subject: Trend Micro Medium Risk Virus Alert - WORM_MYDOOM.BB
To: wooledge001@xxxxxxxxxxx
As of February 16, 2005, 05:31 PM (GMT - 08:00, Pacific Standard Time)
TrendLabs has declared a Medium Risk Virus Alert to control the spread of
WORM_MYDOOM.BB.
Trendlabs received numerous infection reports indicating that this malware is
spreading in Singapore and U.S. This worm was previously detected as
WORM_MYDOOM.M.
It has very similar characteristics as with WORM_MYDOOM.M. However, this new
MYDOOM worm comes compressed with MEW compression tool, whereas WORM_MYDOOM.M
is compressed using UPX.
Like earlier MYDOOM variants, this worm spreads via email through SMTP (Simple
Mail Transfer Protocol), gathering target recipients from the Windows Address
Book, the Temporary Internet Files folder, and certain fixed drives. It uses
social engineering techniques by sending out email messages with a spoofed
sender's name and poses as a failure delivery notification. The email message
it sends has varying subjects, message bodies, and attachment file names.
Apart from simply spreading via email, this worm also carries backdoor
functionalities that leaves the infected machine vulnerable to remote access.
It drops a backdoor component named SERVICES.EXE in the Windows folder, which
opens TCP port 1034 and waits for outside connections. This routine virtually
hands over control of the affected machine to a remote attacker.
TrendLabs will be releasing the following EPS deliverables:
TMCM Outbreak Prevention Policy 149
Official Pattern Release 2.416.00
Damage Cleanup Template 520
For more information on WORM_MYDOOM.BB, you can visit our Web site at:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.BB
You can modify subscription settings for Trend Micro newsletters at:
http://www.trendmicro.com/subscriptions/default.asp
----------------------------------------------o0o----
IMPORTANT NOTE!
TrendLabs will also be releasing a 3-digit pattern file 989 that corresponds
with the pattern indicated in this email. This 3-digit pattern is a special
release for users running non-NPF compliant products (i.e., old 3-digit pattern
format) and is designed to provide protection against the most current malware
threats. Users running non-NPF compliant products are still urged to apply the
NPF solution . These users may also upgrade to the latest product version. Only
NPF-compliant products will be able to update with regular pattern releases.
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
Copyright 1989-2004 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
- » -=PCTechTalk=- Trend Micro Medium Risk Virus Alert - WORM_MYDOOM.BB
