[virusinfo] Trend Micro Weekly Virus Report - May 21, 2004

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Fri, 21 May 2004 13:06:26 -0700

From;  TREND  MICRO  WEEKLY  VIRUS  REPORT
    
(by TrendLabs Global Antivirus and Research Center) 
------------------------------------------------------------------------
Date: Friday May 21, 2004
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to: 
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview: 

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. LSASS =3D BOBAX =96 WORM_BOBAX.C (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Tell Your Friends and Family about Trend Micro=92s Newsletters 

NOTE: Long URLs may break into two lines in some mail readers. 
Should this occur, please copy and paste the URL into your browser window.



1. Trend Micro Updates - Pattern File & Scan Engine Updates 
------------------------------------------------------------------------
PATTERN FILE: 893 (1.893.00) http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 7.000 http://www.trendmicro.com/download/engine.asp 

2. LSASS Equals BOBAX =96 WORM_BOBAX.C (Low Risk)
------------------------------------------------------------------------
WORM_BOBAX.C is a non-destructive worm that exploits the Windows LSASS 
vulnerability. This buffer overrun vulnerability allows an attacker to gain 
full control of an infected system. For more information on this
vulnerability, please visit Microsoft=92s Web site:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
 
This worm is currently spreading in-the-wild and runs on Windows 95, 98,
ME, NT, 2000, and XP.

Upon execution, this worm installs itself in the Windows system folder
using random file names. It also drops a .DLL file in the Windows Temp 
folder with the name <random number>.TMP.

It creates a registry entry that allows it to automatically execute at
every system startup. 

This malware also checks whether the following mutex exists, and to ensure
that only one instance of itself is running in memory: 
06:08:07:<random>

It then deletes its executed copy. 

It sends a specially crafted packet to a specific port. This packet  of
data instructs the target machine to download the worm copy from 
an HTTP server.
It saves this downloaded file as SVC.EXE. 


If you would like to scan your computer for WORM_BOBAX.C or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend 
Micro's free, online virus scanner at:
 http://housecall.trendmicro.com/

WORM_BOBAX.C is detected and cleaned by Trend Micro pattern file #892 and
above. 

For additional information about WORM_BOBAX.C please visit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3DWORM_BOBAX.
C

3. Top 10 Most Prevalent Global Malware 
(from May 14, 2004 to May 20, 2004)
------------------------------------------------------------------------
1. PE_ELKERN.D
2. PE_FUNLOVE.4099
3. WORM_NETSKY.P
4. HTML_NETSKY.P
5. WORM_NETSKY.D
6. WORM_SASSER.E
7. WORM_BOBAX.C
8. WORM_NETSKY.Z
9. WORM_SOBOT.KW
10. WORM_SOBER.G
        
4. Tell Your Friends and Family about Trend Micro=92s Newsletters
------------------------------------------------------------------------ 
If you would like to share the benefits of up-to-date virus information,
with your family and friends, tell them about Trend Micro=92s free
newsletters!

Trend Micro=92s Virus Alerts keep subscribers informed of the latest virus
outbreaks, as they happen.

Trend Micro=92s Weekly Virus Report compiles information about the latest
virus activity around the globe, to keep subscribers informed of malicious
worms,
Trojans, security threats, and other malware.

Share your copy of Trend Micro=92s educational, up-to-date virus information
newsletters, 
and encourage your friends and family to subscribe =96 they=92ll stay
in-the-know and stay protected.

-Subscribe to Trend Micro=92s free newsletters:
http://www.trendmicro.com/subscriptions

______________________________________________________________________
To view our permission marketing policy:
    http://www.rsvp0.net

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Trend Micro Weekly Virus Report - May 21, 2004

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---