[virusinfo] Trend Micro Weekly Virus Report - April 1, 2005
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Fri, 01 Apr 2005 12:57:41 -0800
From; TREND MICRO WEEKLY VIRUS REPORT
(by TrendLabs Global Antivirus and Research Center)
------------------------------------------------------------------------
Date: Friday April 1, 2005
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYUDQTVupsLIpsLxlLtmkQgLlV2VR
Issue Preview:
1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Like Kryptonite? - WORM_KRYNOS.B (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Free Webinar -- Protecting Your Network from Spyware and Adware
5. Quarterly Virus Roundup
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.
1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 2.528.00
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYUDQTVupsLIpsLxlLtmkQgLlV2VS
SCAN ENGINE: 7.510
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYUDQTVupsLIpsLxlLtmkQgLlV2VT
2. Like Kryptonite? - WORM_KRYNOS.B (Low Risk)
------------------------------------------------------------------------
WORM_KRYNOS.B is a destructive, memory-resident worm that propagates via
peer-to-peer applications by dropping a .ZIP copy of itself in a certain
folder. It may also spread via email by sending itself as an attachment.
This worm has backdoor capabilities, allowing remote users to access and
perform malicious tasks on affected machines. It can also prevent
affected users from accessing certain antivirus and security Web sites by
modifying the HOSTS file. WORM_KRYNOS.B is currently spreading in-the-wild,
and infecting computers running Windows NT, 2000, and XP.
Upon execution, this memory-resident worm drops the following files in the
Windows folder:
%Windows%\Help\svchost.dat
%Windows%\Help\svchost.exe
%Windows%\Help\svchost.lce
It then displays the following message:
Can't open mfc73rp.dll
It creates a registry entry that allows it to automatically execute the
dropped file svchost.exe at every system startup.
This worm propagates via P2P applications by making a .ZIP copy of itself
in
a specific folder -- the file name depends on the names of the currently
saved files in that folder.
The worm may also propagate by sending itself as an attachment to an email
message. It searches files with the extensions HTM and TXT for target email
addresses. However, it first queries www.google.com to check for an
Internet
connection, before it sends the email.
The email it sends contains the following details:
From: security@xxxxxxxxxxxxx
To: (recipient email address harvested from affected system)
Subject: Microsoft Security Update
Message body:
* "Vulnerability in Windows Explorer Could Allow Remote Code Execution
(612827)"
Affected Software:
* Impact of Vulnerability: Remote Code Execution
* Importance: High
* Maximum Severity Rating: Critical
* Recommendation: Customers should apply the attached update at the
earliest
opportunity
* Summary:
* Who should read this document: Customers who use Microsoft Windows
* X-Mailer: Secure Microsoft Client, Build 2.1
* X-MimeOLE: Produced By Secure Microsoft Client V2.1
* X-MSMail-Priority: High
* X-Priority: 1 (Highest)
Attachment:
* ARC
* ARJ
* GZ
* LZH
* TGZ
* ZIP
* ZOO
The worm avoids worm avoids sending email to addresses containing certain
strings. Visit
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYUDQTVupsLIpsLxlLtmkQgLlV2VU
for the complete list.
The following backdoor capabilities are enabled by the worm:
Get, upload, download, or delete a file
List files in a folder
Disconnect current user
Restart the system
Run a program
Create or delete a folder
This worm also modifies the system's HOSTS, which contains the host name to
IP
address mappings. This modification prevents affected users from accessing
specific
sites related to antivirus companies.
If you would like to scan your computer for WORM_KRYNOS.B or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free, online virus scanner at:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYUDQTVupsLIpsLxlLtmkQgLlV2VW
WORM_KRYNOS.B is detected and cleaned by Trend Micro pattern file #2.523.05
and above.
For additional information about WORM_KRYNOS.B please visit:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYUDQTVupsLIpsLxlLtmkQgLlV2VY
3. Top 10 Most Prevalent Global Malware
(from March 25 to March 31, 2005)
------------------------------------------------------------------------
1. WORM_NETSKY.P
2. HTML_NETSKY.P
3. JAVA_BYTEVER.A
4. TROJ_DLOADER.DH
5. TROJ_SMALL.SN
6. SPYW_GATOR.D
7. TROJ_DFC.A
8. PE_PARITE.A
9. TROJ_DLOADER.DG
10. WORM_ANIG.A
4. Protecting Your Network from Spyware and Adware
------------------------------------------------------------------------
Is your network increasingly exposed to phishing attempts, adware, and
spyware attacks? Are you worried that someone might steal your corporate
or private information? What should you do to block spyware and phishing scams?
Enticed by profit, the computer hacking underground has lost its amateur
status and you are their target. Many virus writers of yesteryear have turned
to writing spyware with the intention of raiding your bank account and your
corporate database.
At the same time, online marketers are running amok with new variations of
?adware? that monitor your Web surfing habits in order to display more
?profitable? advertisements and pop-up windows. These monitoring programs
have a huge impact on the performance and reliability of your PCs.
Join Trend Micro on Wednesday, April 20, 2005 at 11:00 am Pacific Time for
a free Webinar that describes these threats and how to manage them. In this
60-minute webinar you will hear Trend Micro?s spyware expert Jack Marsal
discuss:
The rise of spyware and other Web-based threats
Backdoors to your system
The rise of the profit motive in the malware underground
Spyware vs. adware: What is the difference?
New techniques to control spyware and adware
Register:
https://trendmicro.webex.com/trendmicro/mywebex/epmainframe.php?rlink=https%3A%2F%2Ftrendmicro.webex.com%2Ftrendmicro%2Fonstage%2Fmainframe.php%3Fmainurl%3D%2Ftrendmicro%2Fonstage%2Ftool%2Fevent%2Fevent_detail.php%3FEventID%3D322267263%26FirstEnter%3D1%26GuestTimeZone%3D%26SourceId%3D&Rnd0738=0.18220175555220624
5. Quarterly Virus Roundup
------------------------------------------------------------------------
The past few months have brought some interesting developments. Instant
messenger and mobile phone worms are experiencing a growth spurt.
Apparently malwarea authors are looking into other avenues to propagate
their deeds other than email, as solutions for these have already saturated the
market.
With the advent of spyware with the capability to steal different kinds of
information, including banking details, we're seeing criminal organizations
taking even more interest in this area, in addition to dipping their hands into
malware and spam as seen in the past few years.
Read the full roundup of malware activity from the past few months:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYUDQTVupsLIpsLxlLtmkQgLlV2VA
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
To view our permission marketing policy:
http://www.rsvp0.net
Copyright 1989-2004 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Trend Micro Weekly Virus Report - April 1, 2005
