************************************************************************
V I R U S R E P O R T
(by the Trend Micro US Virus Research Group)
************************************************************************
------------------------------------------------------------------------
Date: January 11, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.antivirus.com/trendsetter/virus_report/
Issue Preview:
1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates
2. A New JavaScript Worm -- JS_GIGGER.A (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Infecting .NET Files -- PE_DONUT.A (Low Risk)
5. Test Your Virus Knowledge & Scan Your Computer FREE!
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please cut and paste the URL in your browser.
************************************************************************
1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 199 http://www.antivirus.com/download/pattern.asp
SCAN ENGINE: 5.630 http://www.antivirus.com/download/engines/
2. A New JavaScript Worm -- JS_GIGGER.A (Low Risk)
------------------------------------------------------------------------
JS_GIGGER.A is a mass mailing worm that was created using JavaScript. It requires
Windows Scripting Host to be installed in a system to execute properly. Upon execution,
this worm drops files in the Windows system directory and then propagates via
Microsoft Outlook, Outlook Express, MAPI and mIRC. It infects HTML and ASP files
by appending its code to the files.
This worm can arrive in two different kind of emails.
Email Sample 1:
Subject: Outlook Express Update
Message Body: MSNSofware Co.
Attachment: MMSN_OFFLINE.HTM
Email Sample 2:
Subject: (email address of recipient)
Message Body: Microsoft Outlook 98
Attachment: MMSN_OFFLINE.HTM
During infection, while JS_GIGGER.A goes through all the files in the infected
system's hard drive and network drives, if the system date is 1, 5, 10, 15, or 20,
the worm resets the attribute of that file and deletes its contents so that the
file becomes zero in size.
For additional information about JS_GIGGER.A, please visit the
Trend Micro Virus Information Center at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=JS_GIGGER.A
Trend Micro considers JS_GIGGER.A to be a very low risk virus and detection will be
available in the next official pattern release, #200 on or before January 15.
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro in the US
(week of: December 31, 2001 through January 6, 2001)
------------------------------------------------------------------------
1. WORM_BADTRANS.B
2. PE_MAGISTR.B
3. PE_MAGISTR.A
4. TROJ_DLDER.A
5. WORM_BADTRANS.A
6. WORM_SIRCAM.A
7. JS_EXCEPTION.GEN
8. PE_NIMDA.A
9. PE_NIMDA.A-O
10. PE_CIH
SPECIAL OFFER:
Webmasters, add free virus information updates to your Web site with our
Virus Info Feed. Simply copy and paste a small piece of code to give your
visitors a real-time top 10 list and the latest virus advisories.
Setup takes approximately 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site. http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr
4. Infecting .NET Files -- PE_DONUT.A (Low Risk)
------------------------------------------------------------------------
PE_DONUT.A is the first known virus that infects EXE files created for Microsoft's
.NET framework. This is a proof-of-concept virus and there is little chance of it
becoming wide spread. This worm is an indication that virus writers are creating
malicious code to infect the new .NET framework, which will soon be available in
systems.
For additional information about PE_DONUT.A, please visit the Trend Micro Virus
Information Center at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_DONUT.A
Trend Micro considers PE_DONUT.A to be a very low risk virus and detection will be
available in the next official pattern release, #200 on or before January 15.
5. Test Your Virus Knowledge & Scan Your Computer FREE!
------------------------------------------------------------------------
Do you think you know enough about viruses? Try our new HouseCall quiz as
you scan your computer FREE for viruses and other malicious code. At the end
of the quiz you will be eligible to purchase Trend Micro PC-cillin 2000 for
20% OFF!!
SCAN NOW at http://housecall.antivirus.com
************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up for our "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
To UNSUBSCRIBE go to:
http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe
For questions regarding viruses, please contact the Virus Doctor at
Virus_Doctor@trendmicro.com.
For questions regarding products, please contact Tech Support at
support@trendmicro.com.
For questions, comments and suggestions about the Weekly Virus Report
please contact our editor at Newsletters@trendmicro.com.
************************************************************************
Received on Sat Jan 12 01:31:35 2002
This archive was generated by hypermail 2.1.8 : Mon 29 May 2006 - 05:33:31 CEST