Trend Micro Weekly Virus Report - December 2001 Issue #4

From: Trend Micro Virus Info <VirusInfo_at_trendmicro-newsletters.com>
Date: Sat 29 Dec 2001 - 00:11:15 CET
Message-ID: <055f41511231cc1BLACKBOX3@blackbox3.trendmicro.com> 



************************************************************************


V I R U S      R E P O R T 


    


(by the Trend Micro US Virus Research Group) 


************************************************************************


------------------------------------------------------------------------


Date: December 28, 2001 


------------------------------------------------------------------------


All of us at Trend Micro, Inc. wish you a happy and virus-free New Year!



Issue Preview: 



1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates 


2. Using an IE Exploit -- WORM_SHOHO.A and WORM_ZOHER.A


3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US


4. Forgot to Buy Someone a Gift -- Get FREE PC-cillin 2000



NOTE: Long URLs may break into two lines in some mail readers. 


Should this occur, please cut and paste the URL in your browser.



************************************************************************



1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates 


------------------------------------------------------------------------


PATTERN FILE: 191 or 991 http://www.antivirus.com/download/pattern.asp 


SCAN ENGINE: 5.630 http://www.antivirus.com/download/engines/ 



2. Using an IE Exploit -- WORM_SHOHO.A and WORM_ZOHER.A (Low Risk)


------------------------------------------------------------------------ 



WORM_SHOHO.A and WORM_ZOHER.A both use a known vulnerability in Internet 


Explorer-based email clients to execute the file attachment automatically. 


This vulnerability is also known as Automatic Execution of Embedded MIME type. 



WORM_SHOHO.A is destructive as it randomly deletes files in the current directory. 


It propagates by sending itself to all e-mail addresses obtained by connecting to 


SMTP servers. A sample of the email it arrives in is:



Subject: Welcome to Yahoo! Mail


Message Body: Welcome to Yahoo! Mail


Attachment: README.TXT______________.PIF 



Upon execution, WORM_ZOHER connects to a Web site from where it downloads a 


text message. This text message contains the email message and subject used by 


the worm to propagate, which vary. The email message is in MIME format and in it 


is an embedded copy of the worm itself. The worm propagates by sending an email to 


all addresses listed in the Windows Address Book via the default SMTP server. 



For additional information about WORM_SHOHO.A and WORM_ZOHER.A, please visit the 


Trend Micro Virus Information Center at: 


http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_SHOHO.A


http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_ZOHER.A



WORM_SHOHO.A is detected by Trend Micro pattern file #188 or #988 and WORM_ZOHER 


is detected by pattern file #190 or #990. 



3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro in the US 


(week of: December 17, 2001 through December 23, 2001)


------------------------------------------------------------------------


1.  WORM_BADTRANS.B


2.  PE_MAGISTR.B				


3.  WORM_SIRCAM.A			


4.  PE_MAGISTR.A			


5.  JS_PLAY.A				


6.  PE_NIMDA.A				


7.  WORM_BADTRANS.A			


8.  PE_CIH					


9.  TROJ_HYBRIS.M			


10. PE_MAGISTR.DAM	



SPECIAL OFFER:


Webmasters, add free virus information updates to your Web site with our 


Virus Info Feed. Simply copy and paste a small piece of code to give your 


visitors a real-time top 10 list and the latest virus advisories.  


Setup takes approximately 10 minutes and requires no server-side code on 


your Web site. All content is updated automatically from Trend Micro's Web 


site. http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr



4. Forgot to Buy Someone a Gift -- Get FREE PC-cillin 2000


------------------------------------------------------------------------


There is still time to protect yourself and give a wonderful gift to a loved one. 


Buy one copy of Trend Micro PC-cillin 2000, the best desktop antivirus on the market, 


and get a second copy FREE. Save $29.95!



Trend Micro PC-cillin 2000 makes a wonderful gift for yourself and those you care 


about. Buy NOW at


http://www.antivirus.com/trendsetter/promotions/pcc.htm



************************************************************************


You are receiving this email from Trend Micro, because you have either


downloaded a Trend Micro product or have signed up for our "Weekly Virus


Report." If you would like to change the way you receive email from


Trend Micro, please make changes in your account page at


http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com


 


To UNSUBSCRIBE go to:


http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe


 


For questions regarding viruses, please contact the Virus Doctor at


Virus_Doctor@trendmicro.com.


 


For questions regarding products, please contact Tech Support at


support@trendmicro.com.


 


For questions, comments and suggestions about the Weekly Virus Report


please contact our editor at Newsletters@trendmicro.com.


************************************************************************


Received on Sat Dec 29 00:15:27 2001














This archive was generated by hypermail 2.1.8 
: Mon 29 May 2006 - 05:33:31 CEST