Trend Micro Weekly Virus Report - August 23, 2002

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: August 23, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/trendsetter/virus_report/

Issue Preview:

1. Trend Micro Updates - Pattern File and Scan Engine Updates
2. I am Orlok - VBS_ROKOL.A (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. FREE Virus Scan - Clean your PC Online with Trend Micro's HouseCall

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 337 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/

2. I am Orlok - VBS_ROKOL.A (Low Risk)
------------------------------------------------------------------------
This malware propagates via email and arrives in a message with the following:

Subject: I feel sick today!!!
Message Body: I am ORLOK.

Upon execution, it drops the file ORLOK.VBS in the Windows System directory. Then it adds a registry entry that allows it to execute at every Windows startup.

If the value of the registry key does not exist, it uses Mail Application Programming Interface (MAPI) to send a copy of itself to all email addresses listed in the infected system's Microsoft Outlook Address Book.

It also checks whether a MANGE.COM file exists in the Windows System directory. If it does not find the file, it sets the Start page of the infected system's Internet Explorer to: http:\\membres.lycos.fr\aoteam\mange.com. The change downloads a MANGE.COM file from the URL when the user of the infected system opens Internet Explorer.

If the MANGE.COM file already exists, it copies MANGE.COM from the default Internet Explorer download directory to the Windows System directory, executing the file from there. The author of this malware may change the contents of the MANGE.COM file at anytime.

The malware also overwrites all files with .VBS and .VBE extensions in the root directory of each drive. It also continuously runs an instance of the NOTEPAD.EXE application until the infected system eventually hangs, forcing the infected user to restart the system and lose unsaved data on running applications.

If you would like to scan your computer for VBS_ROKOL.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.antivirus.com/

VBS_ROKOL.A is detected and cleaned by Trend Micro pattern file #336 and above.

For additional information about VBS_ROKOL.A please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_ROKOL.A

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: August 12, 2002 to August 18, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_NOCLOSE.A
3. WORM_YAHA.E
4. JS_NOCLOSE.E
5. JS_EXCEPTION.GEN
6. WORM_DANDI.A
7. WORM_KLEZ.E
8. PE_NIMDA.E
9. PE_ELKERN.D
10. WORM_DATOM.A
 
4. FREE Virus Scan - Clean your PC Online with Trend Micro's HouseCall
------------------------------------------------------------------------
Get a quick checkup with HouseCall, Trend Micro's online virus scanner, to see if a computer virus, worm, or Trojan has infected your system. HouseCall scans your computer for new infections and detects, cleans, and removes viruses for FREE. Try it now:

http://housecall.antivirus.com/housecall/start_corp.asp

Note: HouseCall is a one-time, manual virus scanner and does not provide you with continuous protection from viruses. For complete continuous protection, we recommend Trend Micro PC-cillin 2002.

To buy PC-cillin online** visit: http://www.digitalriver.com/dr/v2/ec_MAIN.Entry10?xid=16269&SP=10034&PN=1&V1=889300

**applies to customers in the U.S. and Canada only.

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the
Received on Sat Aug 24 07:45:24 2002