Trend Micro Weekly Virus Report - May 3, 2002

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: May 3, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.antivirus.com/trendsetter/virus_report/

Issue Preview:

1. Trend Micro Updates - Pattern File and Scan Engine Updates
2. A Hacker's Tool - BKDR_INTRUZZO.A (Low Risk)
3. A Variant of PE_CIH - PE_CIH.1049 (Low Risk)
4. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
5. Trend Micro PC-cillin 2002 is Now Available

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please cut and paste the URL in your browser.

************************************************************************

1. Trend Micro Updates - Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 271 http://www.antivirus.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.antivirus.com/download/engines/

2. A Hacker's Tool - BKDR_INTRUZZO.A (Low Risk)
------------------------------------------------------------------------
This backdoor hacking tool is comprised of a server component and a client component. The server component installs itself on the target computer, which enables the hacker, using the client component, to gain access to the target computer.

Upon execution, the server component copies itself into the Windows System directory. The filename it copies itself to varies. It also adds itself to the registry so that its dropped file executes upon Windows startup. The server component runs this backdoor hacking tool in silent mode. Upon first execution it displays a message box and a walking man. The server component also sends an email message containing information about the open port number and Internet Protocol (IP) address of the infected system to the hacker.

Hackers use the client component to gain full access to the system running the server component. The client component enables hackers to execute any or all of the following on a system running the server component:

- Open/Close CD-ROM tray
- Chat with the infected user
- PWL Reader: open and read PWL files on server
- Shutdown the computer
- Control the mouse
- Taskman
- Print a message
- Take a screen capture
- Obtain System info
- Write on the desktop

If you would like to scan your computer for BKDR_INTRUZZO.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.antivirus.com/

BKDR_INTRUZZO.A is detected and cleaned by Trend Micro pattern file #270 and above.

For additional information about WORM_KLEZ.H, please visit Trend Micro
at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=BKDR_INTRUZZO.A

3. A Variant of PE_CIH - PE_CIH.1049 (Low Risk)
------------------------------------------------------------------------
Trend Micro has received infection reports of executable files for WORM_KLEZ.H being infected with PE_CIH.1049. PE_CIH.1049 is a destructive, memory-resident virus that infects all *.EXE files that are executed. It uses VXD programming to become memory resident and therefore, does not infect on Windows NT systems (the VXD technique is only available on Windows 9x systems).

Similar to other CIH variants, this is a cavity-type virus. To infect, it inserts its code into the free spaces in the target file therefore the file size of an infected file does not change.

When the system date is August 2 of any year, this virus overwrites garbage data to destroy the FLASH BIOS and to corrupt the hard disk of the infected system.

PE_CIH.1049 is detected and cleaned by Trend Micro pattern file #270 and above.

For additional information about PE_CIH.1049, please visit Trend Micro
at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_CIH.1049

4. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: April 22, 2002 to April 28, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.G
2. W97M_ETHAN.A
3. WORM_KLEZ.E
4. WORM_KLEZ.H
5. TROJ_KILLCMOS.M
6. PE_MAGISTR.B
7. TROJ_SUA.A
8. JS_EXCEPTION.GEN
9. PE_NIMDA.A-O
10. PE_ELKERN.D

5. Trend Micro PC-cillin 2002 - Antivirus, Anti-Hacker, & PDA Virus Protection
------------------------------------------------------------------------
Trend Micro is pleased to announce the release of PC-cillin 2002.
PC-cillin 2002 provides award-winning protection against macro viruses, Trojans,
and other malicious threats. An integrated personal firewall helps secure
desktop computers against illegal access, ping attacks, and even port scanning
for Internet-era protection. This complete antivirus strategy also includes
security for Palm, Pocket PC, and EPOC devices.

BUY NOW: $39.95
http://www.trendmicro.com/pcc2002_wvr

If you already own PC-cillin, you may purchase an upgrade to PC-cillin 2002 for
just $19.95 at:
http://www.antivirus.com/pc-cillin/products/upgrade.htm

************************************************************************
You are receiving this email from Trend Micro because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
 
To UNSUBSCRIBE go to:
http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************
Received on Sat May 4 00:15:19 2002