Trend Virus Report - June 2001 Issue # 1

************************************************************************
V I R U S R E P O R T
    
(by the Trend Micro US Virus Research Group)
************************************************************************
------------------------------------------------------------------------
Date: 06.01.2001 Issue Number: 06/01
------------------------------------------------------------------------
    
To read an HTML version of this newsletter, go to:
http://www.antivirus.com/trendsetter/virus_report/
  
If you're a corporate user and want to assess your virus protection,
check out Trend Micro's Virus Risk Assessment Web site at:
http://www.antivirus.com/free_tools/edoctor/
    
Issue Preview:
    
1. TREND MICRO UPDATES: Pattern File and Scan Engine Update
2. Not Really Dangerous -- VBS_LOVELETTER.CN a.k.a. The Jennifer Lopez Worm
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Top Viruses Trend Micro US Customers are Most Concerned About
5. SULFNBK -- It REALLY is a Hoax!
6. Trend Micro Invites You to a FREE Security Webcast
  
NOTE: Long URLs may break into two lines in some mail readers.
Cut and paste, should this occur.
  
************************************************************************
    
1. TREND MICRO UPDATES: Scan Engine and Pattern File Updates
------------------------------------------------------------------------
PATTERN FILE: 895 http://www.antivirus.com/download/pattern.asp
SCAN ENGINE: 5.300 http://www.antivirus.com/download/engines/
  
2. Not Really Dangerous -- VBS_LOVELETTER.CN a.k.a. The Jennifer Lopez Worm
------------------------------------------------------------------------
VBS_LOVELETTER.CN propagates via Microsoft Outlook by sending the following
email and infected attachment to all addresses listed in the infected user's
address book:
 
Subject: Where are you?
Message Body: This is my pic in the beach!
Attachment: JENNIFERLOPEZ_NAKED.JPG.VBS
 
Upon execution, this worm searches all local hard drives and mapped drives
and goes through all folders and sub-folders for files with specific extensions
(VBS, .VBE, .JS, .JSE, .CSS, .WSH, .SCT, .HTA, JPG, .JPEG, .MP2 and .MP3). It
destroys these files by overwriting their content with its own code and changes
the filename to "Filename.extension.vbs." This action causes the original content
to become irretrievable.
 
In addition to this, the worm also drops and executes a file named "CIH_14.EXE"
in the Windows directory. This executable is infected by the destructive PE_CIH
virus, which is already detected and cleaned by Trend Micro antivirus.
 
NOTE: Trend Micro has deemed VBS_LOVELETTER.CN to be a low risk threat.
The virus writer sent a sample of VBS_LOVELETTER.CN to an antivirus vendor
who then hyped this worm.
 
Trend Micro pattern file #894 and above detects and cleans VBS_LOVELETTER.CN.
 
You can read more about VBS_LOVELETTER.CN and PE_CIH at the Trend Micro Web site
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_LOVELETTR.CN
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_CIH
 
3. 10 Most Prevalent In-The-Wild Malware Surveyed by Trend Micro US
(week of: 05/21/2001 to 05/27/2001)
------------------------------------------------------------------------
1. PE_MAGISTR.A
2. TROJ_BADTRANS.A
3. TROJ_HYBRIS.B
4. VBS_HAPTIME.A
5. VBS_KAKWORM.A
6. JOKE_SCROLL.A
7. TROJ_MTX.A
8. TROJ_BYMER
9. PE_MAGISTR.DAM
10. PE_MTX.A
 
SPECIAL OFFER:
Webmasters, add free virus information updates to your Web site with our
Virus Info Feed. Simply copy and paste a small piece of code to give your
visitors a real-time top 10 list and the latest virus advisories.
Setup takes approximately 10 minutes and requires no server-side code on your
Web site. All content is updated automatically from Trend Micro's Web site.
http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr
  
4. Top Viruses Trend Micro US Customers are Most Concerned About
   (where systems were not infected)
------------------------------------------------------------------------
1. VBS_KAKWORM.A
2. PE_MAGISTR.DAM
3. TROJ_BADTRANS.A
4. PE_MAGISTR.A
5. VBS_KAKWORM.A-M
6. VBS_HOMEPAGE.A
7. TROJ_MTX.A.DLL
8. TROJ_MTX.A
 
5. SULFNBK -- It is REALLY a Hoax!
------------------------------------------------------------------------
This hoax warns against a virus contained in a file called SULFNBK.EXE, which
is a Windows file in the Windows Command folder. Its presence does not
necessarily mean that your system is infected. This file is not destructive or malicious, but like all files, it can be infected with a virus and be send
as email to you. The virus PE_MAGISTR.A is capable of using SULFNBK.EXE to propagate.
 
If you receive an email with the attachment SULFNBK.EXE, we advise users to
delete the message and also scan the system with an up-to-date antivirus
program. To do this, Trend Micro customers can automatically download the latest
pattern file and scan their system. Other email users may use HouseCall,
Trend Micro's free online virus scanner. If you receive an email without an
attachment warning you about SULFNBK.EXE, please delete it and do not forward
it to anyone.
 
You can read more about the SULFNBK Hoax at the Trend Micro Web site
http://www.antivirus.com/vinfo/hoaxes/hoax5.asp?HName=SULFNBK%20Hoax
 
You can scan your computer with Trend Micro HouseCall at:
http://housecall.antivirus.com
 
6. SECRETS TO DEVELOPING A SOUND SECURITY PLAN: FREE WEBCAST
------------------------------------------------------------------------
Trend Micro invites you to join Trend Micro's Bob Hansmann, along with
security experts from NetIQ and Check Point Software Technologies in a
discussion on how to develop and implement a successful security strategy
to protect your corporate network infrastructure.
When: June 12 at 11:00 AM Central time.
Where: REGISTER NOW FOR THIS FREE WEBCAST AT
http://webevents.road-show.com/netiq/6122001/start/register.asp?

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up for our "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
 
To UNSUBSCRIBE go to:
http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe
 
For questions regarding viruses, please contact the Virus Doctor at
Virus_Doctor@trendmicro.com.
 
For questions regarding products, please contact Tech Support at
support@trendmicro.com.
 
For questions, comments and suggestions about the Weekly Virus Report
please contact our editor at Newsletters@trendmicro.com.
************************************************************************
Received on Fri, 1 Jun 2001 13:03:20 -0700