[virusinfo] Trend Micro Weekly Virus Report - April 8, 2005
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Fri, 08 Apr 2005 12:33:22 -0700
From; TREND MICRO WEEKLY VIRUS REPORT
------------------------------------------------------------------------
Date: Friday April 8, 2005
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VR
Issue Preview:
1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Crowded House - WORM_CROWT.D (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Free Webinar -- Protecting Your Network from Spyware and Adware
5. Protect Yourself from Scams, Hoaxes, & Urban Legends
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.
*******************************************************************
1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 2.548.00
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VS
SCAN ENGINE: 7.510
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VT
2. Crowded House - WORM_CROWT.D (Low Risk)
------------------------------------------------------------------------
WORM_CROWT.D is a non-destructive, memory-resident worm that spreads via
email
using its own Simple Mail Transfer Protocol (SMTP) engine to send email to
those
addresses found in the Windows Address Book. This worm has backdoor
capabilities
that could allow a remote user to perform malicious activities. It also
modifies
the Windows HOSTS File to prevent affected users from accessing specific Web
sites, including Trend Micro, McAfee, Kaspersky, F-Secure, Symantec, and
Sophos. This worm is currently spreading in-the-wild, and infecting systems
running Windows 95, 98, ME, NT, 2000, and XP.
Upon execution, the worm opens the URL http://news.google.com, and drops
the
files SERVICES.EXE and SERVICES.DLL. The file SERVICES.EXE is a copy of the
worm,
which is executed at every system startup. The worm's DLL component,
SERVICES.DLL,
contains a routine that attempts to send copies of itself via email using
its
own Simple Mail Transfer Protocol (SMTP) engine to email addresses found in
the
Windows Address Book (WAB). The email message body may contain information
gathered from the Google Web page.
This worm also has backdoor capabilities, which may allow a remote user to
execute
the following malicious commands:
Copy files
Check operating system version
Execute processes
Delete cookies
Download files
Log & send keystrokes to remote user
Capture screenshots
Terminate processes
Shutdown/restart system
The worm also performs a HOSTS file modification routine that results in a
user
being blocked from accessing specific Web sites, and instead being
redirected
to a specific IP address. The following sites are inaccessible to affected
users
due to this modification routine:
uk.trendmicro-europe.com
www.pandasoftware.com
sandbox.norman.no
grisoft.com
trendmicro.com
rads.mcafee.com
customer.symantec.com
liveupdate.symantec.com
us.mcafee.com
updates.symantec.com
update.symantec.com
nai.com
secure.nai.com
dispatch.mcafee.com
download.mcafee.com
my-etrust.com
mast.mcafee.com
ca.com
networkassociates.com
avp.com
kaspersky-labs.com
kaspersky.com
f-secure.com
viruslist.com
liveupdate.symantecliveupdate.com
mcafee.com
sophos.com
symantec.com
securityresponse.symantec.com
www.grisoft.com
www.trendmicro.com
www.nai.com
www.my-etrust.com
www.ca.com
www.networkassociates.com
www.kaspersky.com
www.avp.com
www.f-secure.com
www.viruslist.com
www.mcafee.com
www.sophos.com
www.symantec.com
If you would like to scan your computer for WORM_CROWT.D or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free, online virus scanner at:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VU
WORM_CROWT.D is detected and cleaned by Trend Micro pattern file #2.543.03
and above.
For additional information about WORM_CROWT.D please visit:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VW
3. Top 10 Most Prevalent Global Malware
(from April 1 to April 7, 2005)
------------------------------------------------------------------------
1. TROJ_SMALL.AFG
2. HTML_NETSKY.P
3. WORM_NETSKY.P
4. JAVA_BYTEVER.A
5. SPYW_CYSNOOP.A
6. TROJ_DLOADER.DH
7. SPYW_GATOR.D
8. WORM_RBOT.GEN
9. TROJ_SMALL.SN
10. ADW_WEBSEARCH.B
4. Protecting Your Network from Spyware and Adware
------------------------------------------------------------------------
Is your network increasingly exposed to phishing attempts, adware, and
spyware attacks? Are you worried that someone might steal your
corporate or private information? What should you do to block spyware
and phishing scams?
Enticed by profit, the computer hacking underground has lost its amateur
status and you are their target. Many virus writers of yesteryear have
turned to writing spyware with the intention of raiding your bank account
and your corporate database.
At the same time, online marketers are running amok with new variations
of ?adware? that monitor your Web surfing habits in order to display more
?profitable? advertisements and pop-up windows.
These monitoring programs have a huge impact on the performance and reliability
of your PCs.
Join Trend Micro on Wednesday, April 20, 2005 at 11:00 am Pacific Time for
a free Webinar that describes these threats and how to manage them.
In this 60-minute webinar you will hear Trend Micro?s spyware experts discuss:
The rise of spyware and other Web-based threats
Backdoors to your system
The rise of the profit motive in the malware underground
Spyware vs. adware: What is the difference?
New techniques to control spyware and adware
Register:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VY
5. Protect Yourself from Scams, Hoaxes, & Urban Legends
------------------------------------------------------------------------
Protect yourself, by educating yourself. Hoaxes are misleading and often
false, but commonly spread via email. Most users inadvertently spread
hoaxes by forwarding them to friends and family.
Scams messages are intentionally sent out to trick unsuspecting
recipients into falling victim to moneymaking schemes. Urban legends
are stories about common things, but incorporate unusual twists in the
form of unlikely facts that are difficult to verify. Designed to elicit
emotional response, the most popular urban legends are health and
animal scares.
Educate yourself, by checking out Trend Micro's hoax encyclopedia --
a repository of common hoaxes, urban legends, scams, and shams:
http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VA
*******************************************************************
______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys
Interact (TM).
To view our permission marketing policy:
http://www.rsvp0.net
Copyright 1989-2004 Trend Micro, Inc. All rights reserved
Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Trend Micro Weekly Virus Report - April 8, 2005
