************************************************************************
V I R U S R E P O R T
(by the Trend Micro US Virus Research Group)
************************************************************************
------------------------------------------------------------------------
Date: 03.30.2001 Issue Number: 03/05
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.antivirus.com/trendsetter/virus_report/
If you're a corporate user and want to assess your virus protection,
check out Trend's Virus Risk Assessment Web site at:
http://www.antivirus.com/free_tools/edoctor/
Issue Preview:
1. TREND UPDATES: Pattern File and Scan Engine Update
2. Infecting Linux Systems As Well -- PE_LINDOSE.A & ELF_LINDOSE.A
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend US
4. Top 10 Viruses Trend US Customers are Most Concerned About
5. Invalid VeriSign Certificates
6. Protect Your Groupware Servers from Viruses
NOTE: Long URLs may break into two lines in some mail readers.
Cut and paste, should this occur.
************************************************************************
1. TREND UPDATES: Scan Engine and Pattern File Updates
------------------------------------------------------------------------
PATTERN FILE: 871 http://www.antivirus.com/download/pattern.asp
SCAN ENGINE: 5.300 http://www.antivirus.com/download/engines/
2. Infecting Linux Systems As Well -- PE_LINDOSE.A & ELF_LINDOSE.A
------------------------------------------------------------------------
PE_LINDOSE.A and ELF_LINDOSE are non-destructive Windows 32 and Linux
viruses respectively, that infect in Microsoft OS and Linux OS environments.
These are direct infector viruses that infect PE EXE and ELF files in
the current directory.
These viruses have not been found in the wild, however other antivirus
vendors have been hyping them due to their ability to infect in Linux
systems.
For additional information about PE_LINDOSE.A and ELF_LINDOSE.A please refer to our Web site at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_LINDOSE.A
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=ELF_LINDOSE.A
Both PE_LINDOSE.A and ELF_LINDOSE.A are detected with Trend pattern #870 and above.
3. 10 Most Prevalent In-The-Wild Malware Surveyed by Trend US
(week of: 03/19/2001 to 03/25/2001)
------------------------------------------------------------------------
1. TROJ_MTX.A
2. VBS_KAKWORM.A
3. TROJ_HYBRIS.B
4. JS_SEEKER.E
5. PE_MTX.A
6. TROJ_BYMER
7. TROJ_SUB7.BONUS
8. TROJ_HYBRIS.A
9. JOKE_FLIPPED
10. TROJ_SKA
Trend Micro also offers the first real-time World Virus Tracking Center,
which shows the regional distribution of viruses worldwide during the
past 24 hours, past 7 days, and past 30 days. The World Virus Tracking
Center can be accessed at: http://wtc.trendmicro.com/wtc/
4. Top 10 Viruses Trend US Customers are Most Concerned About
(where systems were not infected)
------------------------------------------------------------------------
1. TROJ_MTX.A
2. PE_FUNLOVE.4099
3. VBS_KAKWORM.A
4. PE_MTX.A
5. PE_KRIZ.4029
6. W97M_ETHAN_FROME
7. TROJ_SKA
8. TROJ_NAVIDAD.E
9. TROJ_NAVIDAD.C
10. TROJ_NAVIDAD.B
5. Invalid VeriSign Certificates
------------------------------------------------------------------------
VeriSign has announced on its Web site that the company has discovered two
digital signing certificates issued to an individual posing as a
representative of Microsoft Corporation. The Class-3 digital
signing certificates were obtained separately on January 29 and 30, 2001,
with the common name assigned as "Microsoft Corporation."
Although these fraudulent certificates may be used maliciously, this code
is not a virus. The problem stems from VeriSign erroneously issuing digital
signing privileges to an individual who could use the authentication
mechanism to send out fraudulently signed malware to unsuspecting users.
As of now, Trend Micro has received no reports of users being affected by
fraudulently authenticated code. These certificates were issued in late
January, 2001.
For more on these invalid certificates, please refer to our Web site at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=CERT_VERISIGN
6. Protect Your Groupware Servers from Viruses
------------------------------------------------------------------------
Trend ScanMail for Lotus Notes automatically blocks viruses at the server level
before they can spread. Install it now to protect your groupware clients against
all virus threats. Download a 30-day free trial copy:
http://www.antivirus.com/banners/tracking.asp?si=63&bi=197&ul=/products/smln/
************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend product or have signed up for our "Weekly Virus
Report." If you would like to change the way you receive email from
Trend, please make changes in your account page at
http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
To UNSUBSCRIBE go to:
http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe
For questions regarding viruses, please contact the Virus Doctor at
Virus_Doctor@trendmicro.com.
For questions regarding products, please contact Tech Support at
support@trendmicro.com.
For questions, comments and suggestions about the Weekly Virus Report
please contact our editor at Newsletters@trendmicro.com.
************************************************************************
Received on Sun, 1 Apr 2001 12:14:55 -0700
This archive was generated by hypermail 2.1.8 : Mon 29 May 2006 - 05:33:31 CEST