Trend Micro Virus Report - November 2001 #3

From: Trend Virus Info <VirusInfo_at_trendmicro-newsletters.com>
Date: Sat 17 Nov 2001 - 03:23:40 CET
Message-ID: <0396640230211b1BLACKBOX4@blackbox4> 



************************************************************************


V I R U S      R E P O R T 


    


(by the Trend Micro US Virus Research Group) 


************************************************************************


------------------------------------------------------------------------


Date: November 16, 2001 


------------------------------------------------------------------------



If you're a corporate user and want to assess your virus protection, 


check out Trend Micro's Virus Risk Assessment Web site at: 


http://www.antivirus.com/free_tools/edoctor/ 



Issue Preview: 



1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates 


2. Worm Ways - TROJ_KLEZ.C (Low Risk)


3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 


4. InterScan Messaging Security Suite for SMTP Version 5.0 Now Available 



NOTE: Long URLs may break into two lines in some mail readers. 


Should this occur, please cut and paste the URL in your browser.



************************************************************************



1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates 


------------------------------------------------------------------------


PATTERN FILE: 167 or 967 http://www.antivirus.com/download/pattern.asp 


SCAN ENGINE: 5.600 http://www.antivirus.com/download/engines/ 



2. Worm Ways - TROJ_KLEZ.C (Low Risk) 


------------------------------------------------------------------------ 


This destructive worm, a variant of TROJ_KLEZ.A, sends itself via email 


and arrives as an embedded executable or PIF file (shortcut file). It 


uses bogus email addresses in the "From:" field of the email it sends, 


and uses a known vulnerability in Internet Explorer-based email clients 


that executes file attachments automatically. This vulnerability is known 


as Automatic Execution of Embedded MIME type. 



This worm also propagates through local area networks by dropping copies 


on folders with write access. On the 13th day of any odd-numbered month (January, March, May, July, September, November), the worm attempts to 


execute its destructive payload. For all fixed and remote drives it 


overwrites all files with zeroes. There is a small probability that this 


payload will execute regardless of the system date. 



For additional information about TROJ_KLEZ.C, please visit Trend Micro at:


http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_KLEZ.C. 



TROJ_KLEZ.C is detected by Trend Micro pattern file #167 or 967. 



3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 


(week of: November 5, 2001 to November 11, 2001)


------------------------------------------------------------------------


1. PE_MAGISTR.B


2. PE_MAGISTR.A


3. TROJ_SIRCAM.A


4. PE_MAGISTR.DAM


5. VBS_HAPTIME.A


6. PE_NIMDA.A


7. JS_KAKWORM.A


8. TROJ_HYBRIS.M


9. TROJ_BLKSTONE.A


10. PE_NIMDA.E



SPECIAL OFFER:


Webmasters, add free virus information updates to your Web site with our 


Virus Info Feed. Simply copy and paste a small piece of code to give your 


visitors a real-time top 10 list and the latest virus advisories.  


Setup takes approximately 10 minutes and requires no server-side code on 


your Web site. All content is updated automatically from Trend Micro's Web 


site. http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr



4. InterScan Messaging Security Suite for SMTP Version 5.0 Now Available


------------------------------------------------------------------------


Trend Micro InterScan(r) Messaging Security Suite for SMTP Version 5.0 stops 


and contains email-borne viruses using its advanced content-filtering 


technology and the antivirus expertise of TrendLabs, Trend Micro's worldwide 


research and support organization. InterScan Messaging Security Suite also 


includes a new capability called Outbreak Prevention Policy, a new service 


that provides additional safeguards against new virus infiltration by automatically retrieving virus-blocking, content-filtering policies from TrendLabs. Download a FREE evaluation copy of InterScan Messaging Security 


Suite for SMTP at http://www.antivirus.com/products/ismss/



************************************************************************


You are receiving this email from Trend Micro, because you have either


downloaded a Trend Micro product or have signed up for our "Weekly Virus


Report." If you would like to change the way you receive email from


Trend Micro, please make changes in your account page at


http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com


 


To UNSUBSCRIBE go to:


http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe


 


For questions regarding viruses, please contact the Virus Doctor at


Virus_Doctor@trendmicro.com.


 


For questions regarding products, please contact Tech Support at


support@trendmicro.com.


 


For questions, comments and suggestions about the Weekly Virus Report


please contact our editor at Newsletters@trendmicro.com.


************************************************************************


Received on Sat Nov 17 03:00:17 2001














This archive was generated by hypermail 2.1.8 
: Mon 29 May 2006 - 05:33:31 CEST