Trend Micro Weekly Virus Report - December 2001 Issue #1

From: Trend Virus Info <VirusInfo_at_trendmicro-newsletters.com>
Date: Mon 10 Dec 2001 - 07:51:37 CET
Message-ID: <0d0ed3851060ac1BLACKBOX3@blackbox3.trendmicro.com> 



************************************************************************


V I R U S      R E P O R T 


    


(by the Trend Micro US Virus Research Group) 


************************************************************************


------------------------------------------------------------------------


Date: December 7, 2001 


------------------------------------------------------------------------


If you're a corporate user and want to assess your virus protection, 


check out Trend Micro's Virus Risk Assessment Web site at: 


http://www.antivirus.com/free_tools/edoctor/ 



Issue Preview: 



1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates 


2. Topping the Charts - WORM_GONE.A (High Risk)


3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 


4. Buy a Copy of Trend Micro PC-cillin 2000 & Get a Second Copy FREE!



NOTE: Long URLs may break into two lines in some mail readers. 


Should this occur, please cut and paste the URL in your browser.



************************************************************************



1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates 


------------------------------------------------------------------------


PATTERN FILE: 177 or 977 http://www.antivirus.com/download/pattern.asp 


SCAN ENGINE: 5.630 http://www.antivirus.com/download/engines/ 



2. Topping the Charts - WORM_GONE.A (High Risk) 


------------------------------------------------------------------------ 


This destructive, memory-resident worm is a Visual Basic-compiled Windows executable that propagates via email using Microsoft Outlook and through ICQ. 


It finds certain files in memory and then terminates the processes of these found files. Thereafter, it executes its destructive payload of deleting files. 



The worm arrives in an email with the following: 



Subject: Hi



Message Body: How are you ?


When I saw this screensaver, I immediately thought about you


I am in a harry, I promise you will love it!



Attachment: GONE.SCR



It creates an Outlook Application Object, and uses MAPI script commands to create and send bogus emails to all recipients found in the infected user's address book. Thereafter, it deletes these bogus emails. 



This worm is currently spreading in-the-wild, and is classified as high risk. As of December 7, there have been more than 126,000 infections of WORM_GONE.A worldwide, according to Trend Micro's World Virus Tracking Center at: http://wtc.trendmicro.com/wtc/



WORM_GONE.A is detected by Trend Micro pattern file #177 or #977. 



For additional information about WORM_GONE.A, please visit Trend Micro 


at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=GONE.A. 



3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US 


(week of: November 26, 2001 to December 2, 2001)


------------------------------------------------------------------------


1.  WORM_BADTRANS.B


2.  PE_MAGISTR.B


3.  TROJ_HYBRIS.B


4.  PE_MAGISTR.A


5.  JS_EXCEPTION.GEN


6.  JS_KAKWORM.A


7.  WORM_BADTRANS.A


8.  TROJ_SIRCAM.A


9.  WORM_SIRCAM.A


10. PE_MAGISTR.DAM



SPECIAL OFFER:


Webmasters, add free virus information updates to your Web site with our 


Virus Info Feed. Simply copy and paste a small piece of code to give your 


visitors a real-time top 10 list and the latest virus advisories.  


Setup takes approximately 10 minutes and requires no server-side code on 


your Web site. All content is updated automatically from Trend Micro's Web 


site. http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr



4. Buy a Copy of Trend Micro PC-cillin 2000 & Get a Second Copy FREE!


-------------------------------------------------------------------------


Do you have a friend or family member who keeps sending you email viruses? Here is your chance to protect yourself and give a wonderful gift to a loved one. Buy one copy of Trend Micro PC-cillin 2000, the best desktop antivirus on the market, and get a second copy FREE. Save $29.95!



Trend Micro PC-cillin 2000 makes a wonderful gift for yourself and those you care about. Buy NOW at http://www.antivirus.com/trendsetter/promotions/pcc.htm



************************************************************************


You are receiving this email from Trend Micro, because you have either


downloaded a Trend Micro product or have signed up for the FREE "Weekly Virus


Report." If you would like to change the way you receive email from


Trend Micro, please make changes in your account page at


http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com


 


To UNSUBSCRIBE go to:


http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe


 


For questions regarding viruses, please contact the Virus Doctor at


Virus_Doctor@trendmicro.com.


 


For questions regarding products, please contact Tech Support at


support@trendmicro.com.


 


For questions, comments, and suggestions about the Weekly Virus Report


please contact our editor at Newsletters@trendmicro.com.


************************************************************************


Received on Mon Dec 10 11:58:31 2001














This archive was generated by hypermail 2.1.8 
: Mon 29 May 2006 - 05:33:31 CEST