Trend Micro Weekly Virus Report - September 13, 2002

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: September 13, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/trendsetter/virus_report/

Issue Preview:

1. Trend Micro Updates - Pattern File, Scan Engine, and Antispam Updates
2. All is Quiet - WORM_CHET.A (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Current Virus Trends – KLEZ, KLEZ, KLEZ!
5. Special Promotion: 10% off PC-cillin 2002

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File, Scan Engine, and Antispam Updates
------------------------------------------------------------------------
PATTERN FILE: 349 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/
ANTISPAM RELEASES: 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423

2. All is Quiet - WORM_CHET.A (Low Risk)
------------------------------------------------------------------------
WORM_CHET.A intends to send copies of itself via email, but due to some deficiencies in its code, it fails to do so. It uses a network icon to hide its real extension, and it displays no window or alert message upon execution, leaving the infected user unaware of its existence.

This worm intends to send itself in an email with the following details:

From: Main@World.Com

Subject: All people!!

Message Body: Dear ladies and gentlemen! The given letter does not contain viruses, and is not Spam. We ask you to be in earnest to this letter. As you know America and England have begun bombardment of Iraq, cause of its threat for all the world. It isn't the truth. The real reason is in money laundering and also to cover up traces after acts of terrorism September, 11, 2001. Are real proofs of connection between Bush and Al-Qaeda necessary for you? Please! There is a friendly dialogue between Bin Laden and the secretary of a state security of USA in the given photos. In the following photo you'll see, how FBI discusses how to strike over New York to lose people as much as possible. And the document representing the super confidential agreement between CIA and Al-Qaeda is submitted to your attention. All this circus was specially played to powder brains!! You'll find out the truth. Naked truth, instead of TV showed. For your convenience, and to make letter less, all documentary materials (photos and MS Word
 documents) are located in one EXE file. Open it, and all materials will be installed on your computer. You will receive the freshest and classified documents automatically from our site. It isn't a virus! You can trust us absolutely. We hope, that it will open your eyes on many things occurring in this world.

Attachment: '11september.exe ' (note there is a trailing space) Text

Due to some bug in its codes, however, it fails to execute this routine.
 
Upon execution, this worm drops the files BOOT.TXT and SYNCHOST1.EXE. BOOT.TXT is a zero-byte file while SYNCHOST1.EXE is a copy of the worm itself.

To ensure its automatic execution upon system startup, the worm adds a registry entry. This registry entry deletes the original worm file that was executed and also deletes itself on the first system restart after the original infection occurs.

If you would like to scan your computer for WORM_CHET.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.antivirus.com/

WORM_CHET.A is detected and cleaned by Trend Micro pattern file #347 and above.

For additional information about WORM_CHET.A please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_CHET.A

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: September 2, 2002 to September 8, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JOKE_RUSS.A
3. PE_NIMDA.E
4. JS_NOCLOSE.E
5. WORM_YAHA.E
6. PE_MAGISTR.A
7. JS_EXCEPTION.GEN
8. WORM_HYBRIS.A
9. VBS_MOMMA.A2
10. PE_WEIRD
 
4. Current Virus Trends – KLEZ, KLEZ, KLEZ!
------------------------------------------------------------------------
The KLEZ.H worm continues its overwhelming domination of the Top Ten, accounting for approximately 75% of all support queries to TrendLabs' Virus Doctor last week. KLEZ.H is the most widespread virus of all time, according to numerous antivirus firms. It has been number one almost continuously since it appeared in April 2002. Its strength continues on the home user/consumer side, but KLEZ has less impact on corporate networks, which are typically much better protected by antivirus software. The Russian joke program, JOKE_RUSS.A, was in heavy circulation last week. It is a prank that claims to destroy all of the data on an infected PC.

5. Special Promotion: 10% off PC-cillin 2002
------------------------------------------------------------------------
PC-cillin 2002 is a complete Internet-era virus and hacker security solution for your computer and PDA , that protects your computer from viruses, hacker attacks, and other internet security threats. Get it now for 10% off.

With PC-cillin you can begin to enjoy the benefits of:
-Enhanced antivirus scanning
-A Personal Firewall for Internet connection security
-Integrated security for your Personal Digital Assistant (PDA)

Don't Delay. BUY NOW: http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?CID=60874&PN=21&SP=10007&SID=16269&PID=916311

Offer valid for residents of the U.S. and Canada only.

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.trendmicro.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
 
To UNSUBSCRIBE go to:
http://www.trendmicro.com/subscriptions/default.asp?format=unsubscribe
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************
Received on Sat Sep 14 05:00:35 2002