From; TREND MICRO WEEKLY VIRUS REPORT ------------------------------------------------------------------------ Date: Friday April 8, 2005 ------------------------------------------------------------------------ To read an HTML version of this newsletter, go to: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VR Issue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates 2. Crowded House - WORM_CROWT.D (Low Risk) 3. Top 10 Most Prevalent Global Malware 4. Free Webinar -- Protecting Your Network from Spyware and Adware 5. Protect Yourself from Scams, Hoaxes, & Urban Legends NOTE: Long URLs may break into two lines in some mail readers. Should this occur, please copy and paste the URL into your browser window. ******************************************************************* 1. Trend Micro Updates - Pattern File & Scan Engine Updates ------------------------------------------------------------------------ PATTERN FILE: 2.548.00 http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VS SCAN ENGINE: 7.510 http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VT 2. Crowded House - WORM_CROWT.D (Low Risk) ------------------------------------------------------------------------ WORM_CROWT.D is a non-destructive, memory-resident worm that spreads via email using its own Simple Mail Transfer Protocol (SMTP) engine to send email to those addresses found in the Windows Address Book. This worm has backdoor capabilities that could allow a remote user to perform malicious activities. It also modifies the Windows HOSTS File to prevent affected users from accessing specific Web sites, including Trend Micro, McAfee, Kaspersky, F-Secure, Symantec, and Sophos. This worm is currently spreading in-the-wild, and infecting systems running Windows 95, 98, ME, NT, 2000, and XP. Upon execution, the worm opens the URL http://news.google.com, and drops the files SERVICES.EXE and SERVICES.DLL. The file SERVICES.EXE is a copy of the worm, which is executed at every system startup. The worm's DLL component, SERVICES.DLL, contains a routine that attempts to send copies of itself via email using its own Simple Mail Transfer Protocol (SMTP) engine to email addresses found in the Windows Address Book (WAB). The email message body may contain information gathered from the Google Web page. This worm also has backdoor capabilities, which may allow a remote user to execute the following malicious commands: Copy files Check operating system version Execute processes Delete cookies Download files Log & send keystrokes to remote user Capture screenshots Terminate processes Shutdown/restart system The worm also performs a HOSTS file modification routine that results in a user being blocked from accessing specific Web sites, and instead being redirected to a specific IP address. The following sites are inaccessible to affected users due to this modification routine: uk.trendmicro-europe.com www.pandasoftware.com sandbox.norman.no grisoft.com trendmicro.com rads.mcafee.com customer.symantec.com liveupdate.symantec.com us.mcafee.com updates.symantec.com update.symantec.com nai.com secure.nai.com dispatch.mcafee.com download.mcafee.com my-etrust.com mast.mcafee.com ca.com networkassociates.com avp.com kaspersky-labs.com kaspersky.com f-secure.com viruslist.com liveupdate.symantecliveupdate.com mcafee.com sophos.com symantec.com securityresponse.symantec.com www.grisoft.com www.trendmicro.com www.nai.com www.my-etrust.com www.ca.com www.networkassociates.com www.kaspersky.com www.avp.com www.f-secure.com www.viruslist.com www.mcafee.com www.sophos.com www.symantec.com If you would like to scan your computer for WORM_CROWT.D or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VU WORM_CROWT.D is detected and cleaned by Trend Micro pattern file #2.543.03 and above. For additional information about WORM_CROWT.D please visit: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VW 3. Top 10 Most Prevalent Global Malware (from April 1 to April 7, 2005) ------------------------------------------------------------------------ 1. TROJ_SMALL.AFG 2. HTML_NETSKY.P 3. WORM_NETSKY.P 4. JAVA_BYTEVER.A 5. SPYW_CYSNOOP.A 6. TROJ_DLOADER.DH 7. SPYW_GATOR.D 8. WORM_RBOT.GEN 9. TROJ_SMALL.SN 10. ADW_WEBSEARCH.B 4. Protecting Your Network from Spyware and Adware ------------------------------------------------------------------------ Is your network increasingly exposed to phishing attempts, adware, and spyware attacks? Are you worried that someone might steal your corporate or private information? What should you do to block spyware and phishing scams? Enticed by profit, the computer hacking underground has lost its amateur status and you are their target. Many virus writers of yesteryear have turned to writing spyware with the intention of raiding your bank account and your corporate database. At the same time, online marketers are running amok with new variations of ?adware? that monitor your Web surfing habits in order to display more ?profitable? advertisements and pop-up windows. These monitoring programs have a huge impact on the performance and reliability of your PCs. Join Trend Micro on Wednesday, April 20, 2005 at 11:00 am Pacific Time for a free Webinar that describes these threats and how to manage them. In this 60-minute webinar you will hear Trend Micro?s spyware experts discuss: The rise of spyware and other Web-based threats Backdoors to your system The rise of the profit motive in the malware underground Spyware vs. adware: What is the difference? New techniques to control spyware and adware Register: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VY 5. Protect Yourself from Scams, Hoaxes, & Urban Legends ------------------------------------------------------------------------ Protect yourself, by educating yourself. Hoaxes are misleading and often false, but commonly spread via email. Most users inadvertently spread hoaxes by forwarding them to friends and family. Scams messages are intentionally sent out to trick unsuspecting recipients into falling victim to moneymaking schemes. Urban legends are stories about common things, but incorporate unusual twists in the form of unlikely facts that are difficult to verify. Designed to elicit emotional response, the most popular urban legends are health and animal scares. Educate yourself, by checking out Trend Micro's hoax encyclopedia -- a repository of common hoaxes, urban legends, scams, and shams: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQYYRQTVupsLIpsLxlLtmkQgLlV2VA ******************************************************************* ______________________________________________________________________ This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM). To view our permission marketing policy: http://www.rsvp0.net Copyright 1989-2004 Trend Micro, Inc. All rights reserved Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014 *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member