Trend Micro Weekly Virus Report -- February 8, 2002

From: Trend Micro Virus Info <VirusInfo_at_trendmicro-newsletters.com>
Date: Sat 09 Feb 2002 - 00:58:36 CET
Message-ID: <0e1773658230822BLACKBOX1@us-blackbox1.trendmicro.com> 



************************************************************************


V I R U S      R E P O R T 


    


(by the Trend Micro US Virus Research Group) 


************************************************************************


------------------------------------------------------------------------


Date: February 8, 2002


------------------------------------------------------------------------


To read an HTML version of this newsletter, go to: 


http://www.antivirus.com/trendsetter/virus_report/ 


 


Issue Preview: 


 


1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates 


2. A Comical Story--WORM_COMICAL.A (Low Risk)


3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US


4. PC-cillin 2000 for 10% OFF!!


 


NOTE: Long URLs may break into two lines in some mail readers. 


Should this occur, please cut and paste the URL in your browser.


 


************************************************************************


 


1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates 


------------------------------------------------------------------------


PATTERN FILE: 220 http://www.antivirus.com/download/pattern.asp 


SCAN ENGINE: 5.630 http://www.antivirus.com/download/engines/ 


 


2. A Comical Story -- WORM_COMICAL.A (Low Risk)


------------------------------------------------------------------------ 


WORM_COMICAL.A arrives as an email attachment COMICAL_STORY.DOC, which contains 


the worm and a Visual Basic Script file, that obtains email addresses from an 


infected user's address book and sends itself as an attachment. 


When the .DOC attachment is opened, it displays a fake message box and creates 


a VB Script file, which Trend Micro antivirus detects as VBS_COMICAL.A.


 


Upon execution, the worm creates a BACKUP.WIN file in the root directory. 


This file contains the email addresses found in an infected user's Microsoft 


Outlook application. The worm then drops an .EXE file that Trend Micro antivirus 


detects as WORM_COMICAL.A.


 


VBS_COMICAL.A drops and then executes WORM_COMICAL.A. Upon execution WORM_COMICAL.A 


sends an email to all addresses listed in the infected user's address book. The details 


of the email it sends are as follows:


 


SUBJECT: A comical story for you.


MESSAGE BODY: I send you a comical story found on the Net.Best Regards. 


Your friend.


ATTACHMENT: comical_story.doc


 


For additional information about WORM_COMICAL.A  and its variants, please visit 


the Trend Micro Virus Information Center at: 


http://www.antivirus.com/vinfo/virusencyclo/default2.asp?m=q&virus= WORM_COMICAL.A 


 


WORM_COMICAL.A is detected and cleaned by Trend Micro pattern file #219 and


above.


 


3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro in the US 


(week of: January 28 through February 3, 2002)


------------------------------------------------------------------------


1.  WORM_MYPARTY.A


2.  WORM_BADTRANS.B


3.  PE_MAGISTR.B


4.  PE_MAGISTR.A


5.  WORM_SIRCAM.A


6.  PE_NIMDA.A


7.  VBS_HAPTIME.A


8.  JS_KAKWORM.A


9.  PE_NIMDA.E


10.  WORM_KLEZ.E


 


SPECIAL OFFER:


Webmasters, add free virus information updates to your Web site with our 


Virus Info Feed. Simply copy and paste a small piece of code to give your 


visitors a real-time top 10 list and the latest virus advisories.  


Setup takes approximately 10 minutes and requires no server-side code on 


your Web site. All content is updated automatically from Trend Micro's Web 


site. http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr


 


4. Get PC-cillin 2000 for 10% OFF!


------------------------------------------------------------------------


Today is the last day you can get Trend Micro PC-cillin 2000 for 10% off. 


You can take advantage of this promotion at:


http://www.digitalriver.com/trendpccillin


 


NOTE: This offer expires on February 8, 2002 and is valid for residents of the 


US & Canada only.



************************************************************************


You are receiving this email from Trend Micro, because you have either


downloaded a Trend Micro product or have signed up for our "Weekly Virus


Report." If you would like to change the way you receive email from


Trend Micro, please make changes in your account page at


http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com


 


To UNSUBSCRIBE go to:


http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe


 


For questions regarding viruses, please contact the Virus Doctor at


Virus_Doctor@trendmicro.com.


 


For questions regarding products, please contact Tech Support at


support@trendmicro.com.


 


For questions, comments and suggestions about the Weekly Virus Report


please contact our editor at Newsletters@trendmicro.com.


************************************************************************


Received on Sat Feb  9 14:34:01 2002














This archive was generated by hypermail 2.1.8 
: Mon 29 May 2006 - 05:33:31 CEST