[virusinfo] Trend Weekly Virus Report - May 14, 2004

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Fri, 14 May 2004 17:57:19 -0700

From; Trend Micro Newsletters:

TREND  MICRO  WEEKLY  VIRUS  REPORT
    
(by TrendLabs Global Antivirus and Research Center) 

------------------------------------------------------------------------
Date: Friday May 14, 2004
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to: 
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview: 

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Wallowing in Wallon? =96 WORM_WALLON.A (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Tell Your Friends and Family about Trend Micro=92s Newsletters 

NOTE: Long URLs may break into two lines in some mail readers. 
Should this occur, please copy and paste the URL into your browser window.



1. Trend Micro Updates - Pattern File & Scan Engine Updates 
------------------------------------------------------------------------
PATTERN FILE: 889 (1.889.00) http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 7.000 http://www.trendmicro.com/download/engine.asp 

2. Wallowing in Wallon =96 WORM_WALLON.A (Low Risk)
------------------------------------------------------------------------
WORM_WALLON.A is a non-destructive, mass-mailing worm that is currently 
spreading in-the-wild. This worm exploits a vulnerability within Outlook 
Express that allows downloading of files without the user=92s knowledge. It 
gathers email addresses from the infected user=92s Windows Address Book, and

uses the email account details of the user who is currently logged on, to 
send email. The email it sends is an HTML-based email message that
redirects 
users to a Web site that downloads some of the worm=92s components into the 
user=92s computer system. This worm runs on Windows 95, 98, ME, 2000, and
XP. 
Information on this vulnerability can be found by visiting Microsoft=92s Web

site at: http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx.

Upon execution, this worm checks for the existence of a specific registry 
entry, which serves as the worm=92s infection marker. If this entry is not 
found, the worm displays an error message. While gathering email addresses 
to send email to, this worm skips email addresses with the following 
substrings:

admin
microsoft
postmaster
software
support
webmaster

Once it has gathered email addresses it sends email using the currently
logged 
on users=92 email account details. Once a user clicks on the link specified
in 
the malware=92s email, a series of downloads and remote file executions
occur.

Occasionally this malware attempts to download an adware file. It saves the 
downloaded file as COOL.EXE in the root directory. If the download is
successful, 
it sleeps for two minutes and executes the downloaded file. 
This worm then sleeps for thirty minutes then runs a specific CGI script
eleven 
times consecutively, sleeping 10 minutes between each execution. It then
executes 
the file COOL.EXE again. 

This worm attempts to contact the following email address, possibly for
notification purposes: 1@xxxxxxxxxxxxxxxx

If you would like to scan your computer for WORM_WALLON.A or thousands of
other 
worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's
free, 
online virus scanner at: http://housecall.trendmicro.com/

WORM_WALLON.A is detected and cleaned by Trend Micro pattern file #890 and
above. 

For additional information about WORM_WALLON.A please visit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=3DWORM_WALLON
.A

3. Top 10 Most Prevalent Global Malware 
(from May 7, 2004 to May 13, 2004)
------------------------------------------------------------------------
1. PE_ELKERN.D
2. WORM_NETSKY.P
3. HTML_NETSKY.P
4. PE_VALLA.A
5. WORM_NETSKY.D
6. PE_FUNLOVE.4099
7. WORM_NETSKY.B
8. WORM_NETSKY.Z
9. PE_PARITE.A
10. WORM_NETSKY.C
        
4. Tell Your Friends and Family about Trend Micro=92s Newsletters
------------------------------------------------------------------------ 
If you would like to share the benefits of up-to-date virus information,
with 
your family and friends, tell them about Trend Micro=92s free newsletters!

Trend Micro=92s Virus Alerts keep subscribers informed of the latest virus
outbreaks, 
as they happen.

Trend Micro=92s Weekly Virus Report compiles information about the latest
virus 
activity around the globe, to keep subscribers informed of malicious worms, 
Trojans, security threats, and other malware.

Share your copy of Trend Micro=92s educational, up-to-date virus information

newsletters, and encourage your friends and family to subscribe =96
they=92ll
stay 
in-the-know and stay protected.

Subscribe to Trend Micro=92s free newsletters:
www.trendmicro.com/subscriptions

Trend Micro, Inc., 10101 N. De Anza Blvd., Suite 200, Cupertino, CA 95014
-----------------------------------------------------------------------------
---------------
*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=3Dsubscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Trend Weekly Virus Report - May 14, 2004

1. Home
2. virusinfo
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---