Trend Micro Weekly Virus Report -- March 1, 2002

************************************************************************
   T R E N D M I C R O W E E K L Y V I R U S R E P O R T
    
         (by TrendLabs, Global Antivirus and Research Center)
************************************************************************
------------------------------------------------------------------------
Date: March 1, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.antivirus.com/trendsetter/virus_report/
 
Issue Preview:
 
1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates
2. .NET Worm--WORM_BLUNT.A a.k.a. Sharpei (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Mass-mailing VBS Worm--VBS_BRITNEYPIC.A (Low Risk)
5. Test Your Virus Knowledge & Scan Your Computer FREE!
 
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please cut and paste the URL in your browser.
 
************************************************************************
 
1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 233 http://www.antivirus.com/download/pattern.asp
SCAN ENGINE: 5.630 http://www.antivirus.com/download/engines/
 
2. .NET Worm--WORM_BLUNT.A a.k.a Sharpei (Low Risk)
------------------------------------------------------------------------
WORM_BLUNT.A is a non-destructive worm that propagates via Microsoft Outlook.
Upon execution, this worm checks whether the Microsoft .NET framework is installed.
If so, it then copies itself to C:\MS02-010.exe. It also drops the file "sharp.vbs"
that contains codes that allow it to send itself through Microsoft Outlook. This
worm uses the following email to spread:
 
SUBJECT: Important: Windows update
MESSAGE BODY: Hey, at work we are applying this update because it makes Windows over
50% faster and more secure. I thought I should forward it as you may like it.
ATTACHMENT: MS02-010.exe
 
This worm also drops the file "cs.exe" in the Windows directory, which is the
.NET component of the virus. Trend Micro detects this as PE_BLUNT.A. PE_BLUNT.A
will infect if the Microsoft .NET framework is installed. Upon next startup,
PE_BLUNT.A displays the following message box:
 
TITLE: Sharp
MESSAGE: You're infected with Win32.HLLP.Sharp, written in C#,
by Gigabyte/Metaphase
 
For additional information about WORM_BLUNT.A, please visit
the Trend Micro Virus Information Center at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BLUNT.A
 
Trend Micro considers WORM_BLUNT.A to be a very low risk virus and detection
will be available in the next official pattern release, #234, on or before March 5.
 
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro in the US
(week of: February 18 through February 24, 2002)
------------------------------------------------------------------------
1. WORM_BADTRANS.B
2. PE_MAGISTR.B
3. PE_MAGISTR.A
4. WORM_BADTRANS.A
5. JS_EXCEPTION.GEN
6. WORM_SIRCAM.A
7. WORM_KLEZ.E
8. WORM_HYBRIS.M
9. WORM_HYBRIS.B
10. JS_SEEKER.R
 
SPECIAL OFFER:
Webmasters, add free virus information updates to your Web site with our
Virus Info Feed. Simply copy and paste a small piece of code to give your
visitors a real-time top 10 list and the latest virus advisories.
Setup takes approximately 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site. http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr
 
4. Mass-mailing VBS Worm--VBS_BRITNEYPIC.A (Low Risk)
------------------------------------------------------------------------
VBS_BRITNEYPIC.A is a CHM (Compiled HTML help file) Trojan that arrives as an
mscompressed file, which has an embedded VBS script inside its body. This Trojan
overwrites files, and is capable of mass mailing. It also spreads through MIRC.

A sample of the email this Trojan sends using MAPI is as follows:
SUBJECT: RE: Britney Pics
MESSAGE BODY: Take a look at these pics ...
Regards,
ATTACHMENT: <link to the infected host>

For additional information about VBS_BRITNEYPIC.A, please visit
the Trend Micro Virus Information Center at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_BRITNEYPIC.A
 
Trend Micro considers VBS_BRITNEYPIC.A to be a very low risk virus and detection
will be available in the next official pattern release, #234, on or before March 5.

5. Test Your Virus Knowledge & Scan Your Computer FREE!
------------------------------------------------------------------------
Do you think you know enough about viruses? Try our new HouseCall quiz as
you scan your computer FREE for viruses and other malicious code. At the end
of the quiz you will be eligible to purchase Trend Micro PC-cillin 2000 for
20% OFF!!
 
SCAN NOW at http://housecall.antivirus.com

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up for our "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
 
To UNSUBSCRIBE go to:
http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe
 
For questions regarding viruses, please contact the Virus Doctor at
Virus_Doctor@trendmicro.com.
 
For questions regarding products, please contact Tech Support at
support@trendmicro.com.
 
For questions, comments and suggestions about the Weekly Virus Report
please contact our editor at Newsletters@trendmicro.com.
************************************************************************
Received on Sat Mar 2 12:49:49 2002