Trend Micro Newsletters Editor <editor@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:Date: Wed, 16 Feb 2005 21:41:33 -0800 From: "Trend Micro Newsletters Editor" Subject: Trend Micro Medium Risk Virus Alert - WORM_MYDOOM.BB To: wooledge001@xxxxxxxxxxx As of February 16, 2005, 05:31 PM (GMT - 08:00, Pacific Standard Time) TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_MYDOOM.BB. Trendlabs received numerous infection reports indicating that this malware is spreading in Singapore and U.S. This worm was previously detected as WORM_MYDOOM.M. It has very similar characteristics as with WORM_MYDOOM.M. However, this new MYDOOM worm comes compressed with MEW compression tool, whereas WORM_MYDOOM.M is compressed using UPX. Like earlier MYDOOM variants, this worm spreads via email through SMTP (Simple Mail Transfer Protocol), gathering target recipients from the Windows Address Book, the Temporary Internet Files folder, and certain fixed drives. It uses social engineering techniques by sending out email messages with a spoofed sender's name and poses as a failure delivery notification. The email message it sends has varying subjects, message bodies, and attachment file names. Apart from simply spreading via email, this worm also carries backdoor functionalities that leaves the infected machine vulnerable to remote access. It drops a backdoor component named SERVICES.EXE in the Windows folder, which opens TCP port 1034 and waits for outside connections. This routine virtually hands over control of the affected machine to a remote attacker. TrendLabs will be releasing the following EPS deliverables: TMCM Outbreak Prevention Policy 149 Official Pattern Release 2.416.00 Damage Cleanup Template 520 For more information on WORM_MYDOOM.BB, you can visit our Web site at: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.BB You can modify subscription settings for Trend Micro newsletters at: http://www.trendmicro.com/subscriptions/default.asp ----------------------------------------------o0o---- IMPORTANT NOTE! TrendLabs will also be releasing a 3-digit pattern file 989 that corresponds with the pattern indicated in this email. This 3-digit pattern is a special release for users running non-NPF compliant products (i.e., old 3-digit pattern format) and is designed to provide protection against the most current malware threats. Users running non-NPF compliant products are still urged to apply the NPF solution . These users may also upgrade to the latest product version. Only NPF-compliant products will be able to update with regular pattern releases. ______________________________________________________________________ This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM). Copyright 1989-2004 Trend Micro, Inc. All rights reserved Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014 -- <Please delete this line and everything below.> To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk