From; TREND MICRO WEEKLY VIRUS REPORT (by TrendLabs Global Antivirus and Research Center) ------------------------------------------------------------------------ Date: Friday April 29, 2005 ------------------------------------------------------------------------ To read an HTML version of this newsletter, go to: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCAQTVupsLIpsLxlLtmkQgLlV2VR Issue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates 2. No Peer-to-Peer - WORM_NOPIR.B (Low Risk) 3. Top 10 Most Prevalent Global Malware 4. Roundup: April Virus Activity & Analysis 5. Spies Among Us - Read the IDC Whitepaper on the Growing Threat of Spyware NOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window. 1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------ PATTERN FILE: 2.604.00 http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCAQTVupsLIpsLxlLtmkQgLlV2VS SCAN ENGINE: 7.510 http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCAQTVupsLIpsLxlLtmkQgLlV2VT 2. No Peer-to-Peer - WORM_NOPIR.B (Low Risk) ------------------------------------------------------------------------ WORM_NOPIR.B is a non-destructive, memory-resident worm that propagates via peer-to-peer networks. It searches for availabe peer-to-peer applications and then sends copies of itself to all available or online users. This worm is spreading in-the-wild and infecting computers running Windows 95, 98, ME, NT, 2000, and XP. Upon execution, this memory-resident worm creates the folder %Program Files%\Restore. It then drops a copy of itself in this folder as VXST.EXE. It also drops a copy of itself as %Program Files%\Projects Visual Studio.NET\Nctrup.exe, and searches for and deletes files with the extensions .com and .mp3. This worm also creates several registry entries that perform the following: -ensure its automoatic execution at every Windows startup -Disable registry tools -Prevents the user from accessing the Control Panel to edit the registry This worm does not check for memory-residency, so multiple instances of it may run on a computer system. If you would like to scan your computer for WORM_NOPIR.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCAQTVupsLIpsLxlLtmkQgLlV2VU WORM_NOPIR.B is detected and cleaned by Trend Micro pattern file #2.591.03 and above. For additional information about WORM_NOPIR.B please visit: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCAQTVupsLIpsLxlLtmkQgLlV2VW 3. Top 10 Most Prevalent Global Malware (from April 22 to April 28, 2005) ------------------------------------------------------------------------ 1. HTML_NETSKY.P 2. JAVA_BYTEVER.A 3. HKTL_BRUTFORCE.A 4. WORM_NETSKY.P 5. TSPY_SMALL.SN 6. TSPY_LINEAGE.GEN 7. SPYW_GATOR 8. SPYW_DASHBAR.300 9. SPYWARE_GATOR.D 10. TROJ_BAGLE.BH 4. Roundup: April Virus Activity & Analysis ------------------------------------------------------------------------ April can now lay claim to the title of being the first month of this year without a virus outbreak. In addition to an alert-free month, TrendLabs documented an astounding amount of malware -- 3,222 in the last 30 days. Trojans continue to dominate, but BOT worms are holding steady. Read the full roundup of April activity: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCAQTVupsLIpsLxlLtmkQgLlV2VY 5. Spies Among Us - Read the IDC Whitepaper on the Growing Threat of Spyware ------------------------------------------------------------------------ It is no secret that spyware is a growing problem, and it's not going away. It threatens network security, increases cost, reduces productivity, and only benefits and enriches the lives of criminals. According to a 2004 study conducted by IDC, spyware was ranked as the fourth greatest threat to network security -- ahead of spam, hackers, and cyberterrorism. Increasingly, more malicious types of spyware are being installed without users' consent. This white paper will help you gain insight into the impact of spyware and the challenges of managing it. It discusses Trend Micro's integrated, multilayered security solutions that secure spyware, worms, viruses, and other malicious code. -Read the IDC Spyware White Paper: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCAQTVupsLIpsLxlLtmkQgLlV2VA -Learn more about Trend Micro's anti-spyware products and services: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYCAQTVupsLIpsLxlLtmkQgLlV2VB To view our permission marketing policy: http://www.rsvp0.net Copyright 1989-2005 Trend Micro, Inc. All rights reserved Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014 *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member