Trend Micro Weekly Virus Report - May 24, 2002

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: May 24, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.antivirus.com/trendsetter/virus_report/

Issue Preview:

1. Trend Micro Updates - Pattern File and Scan Engine Updates
2. WORM_BENJAMIN.A Makes Itself Known (Low Risk)
3. Many Components with Many Functions - TROJ_SQLSPIDA.B (Low Risk)
4. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
5. Trend Micro PC-cillin 2002 is Now Available

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please cut and paste the URL in your browser.

************************************************************************

1. Trend Micro Updates - Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 289 http://www.antivirus.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.antivirus.com/download/engines/

2. WORM_BENJAMIN.A Makes Itself Known (Low Risk)
------------------------------------------------------------------------
This destructive worm propagates through the Kazaa network, a peer-to-peer file exchange network. It runs in the

background and continuously drops slightly altered copies of itself, filling infected hard disk drives. It also

repetitively connects to a remote site, congesting an infected system's network connection.

It drops copies of itself with different filenames and copies that are padded with data, making the size of these

dropped files vary. Some of the dropped files are corrupted copies. These corrupted samples cannot be processed

accordingly and do not pose any threat to infected systems. Also, a significant portion of the headers of these

corrupted files are damaged, therefore antivirus software is unable to identify them.

Upon execution, this worm stays in memory to continuously process its destructive payload, which fills an infected

user's hard disk drive for as long as Windows permits the creation of files.

If you would like to scan your computer for WORM_BENJAMIN.A or thousands of worms, viruses, Trojans and malicious

code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.antivirus.com/

WORM_BENJAMIN.A is detected and cleaned by Trend Micro pattern file #284 and above.

For additional information about WORM_BENJAMIN.A, please visit Trend Micro at:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.A

3. Many Components with Many Functions - TROJ_SQLSPIDA.B (Low Risk)
------------------------------------------------------------------------
This non-destructive Trojan is dropped by JS_SQLSPIDA.B as the file SERVICES.EXE. It is a port scanner that

JS_SQLSPIDA.B uses to search the network for Internet Protocol (IP) addresses of SQL Servers via Transmission

Control Protocol (TCP) port 1433. For each IP address, it uses 100 threads to access the port and makes 10,000

connection attempts, thereby resulting in increased network traffic. It saves the data that the active ports return

in a file, RDATA.TXT.

JS_SQLSPIDA.B then runs one of its components, BAT_SQLSPIDA.B. To execute, BAT_SQLSPIDA.B uses this Trojan which

provides the hacked IP address, and another component of JS_SQLSPIDA.B which provides the randomly generated

password.

After the batch file has executed and installed the component files, JS_SQLSPIDA.B sleeps. When it wakes, it deletes

the RDATA.TXT file and then uses this Trojan to generate a new IP address.

TROJ_SQLSPIDA.B is detected and cleaned by Trend Micro pattern file #288 and above.

For additional information about TROJ_SQLSPIDA.B, please visit Trend Micro at:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BENJAMIN.B

4. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: May 13, 2002 to May 19, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. WORM_KLEZ.E
3. PE_MAGISTR.B
4. JS_EXCEPTION.GEN
5. WORM_SIRCAM.A
6. WORM_BADTRANS.B
7. TROJ_FILLHDD.A
8. PE_MAGISTR.A
9. BKDR_EMULBOX.A
10. WORM_HYBRIS.M

5. Trend Micro PC-cillin 2002 - Antivirus, Anti-Hacker, & PDA Virus Protection
------------------------------------------------------------------------
Trend Micro is pleased to announce the release of PC-cillin 2002.
PC-cillin 2002 provides award-winning protection against macro viruses, Trojans,
and other malicious threats. An integrated personal firewall helps secure
desktop computers against illegal access, ping attacks, and even port scanning
for Internet-era protection. This complete antivirus strategy also includes
security for Palm, Pocket PC, and EPOC devices.

BUY NOW: $39.95
http://www.trendmicro.com/pcc2002_wvr

If you already own PC-cillin, you may purchase an upgrade to PC-cillin 2002 for
just $19.95 at:
http://www.antivirus.com/pc-cillin/products/upgrade.htm

These prices apply to customers in the U.S. and Canada only.

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.antivirus.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
 
To UNSUBSCRIBE go to:
http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************
Received on Sat May 25 14:45:16 2002