Trend Micro Weekly Virus Report - October 18, 2002

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: October 18, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File, Scan Engine, & Antispam Updates
2. UNIX Backdoor – UNIX_ALUTAPS.A (Low Risk)
3. Gone in 60 Seconds - WORM_RODOK.A (Low Risk)
4. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
5. Special Offer – 20% Discount on PC-cillin 2002

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File, Scan Engine, & Antispam Updates
------------------------------------------------------------------------
PATTERN FILE: 367 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/
ANTISPAM RELEASES: 479-492

2. UNIX Backdoor – UNIX_ALUTAPS.A (Low Risk)
------------------------------------------------------------------------
UNIX_ALUTAPS.A is a Trojanized version of Sendmail 8.12.6 that compromises security on affected UNIX systems.

This backdoor malware compromises security on affected systems. It is contained in the hacker-modified file, /libsm/t-shm.c, of the Sendmail 8.12.6 package. Once a user builds the package and runs the Sendmail program, this malware is extracted from the Trojanized file.

It connects to an IP address via TCP port 6667 and then waits for instructions from its remote user. It allows the user to open a remote shell that runs in the context of the affected system. It grants the remote user the same access rights as the regular user of the compromised system.

If you would like to scan your computer for UNIX_ALUTAPS.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.trendmicro.com/

UNIX_ALUTAPS.A is detected and cleaned by Trend Micro pattern file #366 and above.

For additional information about UNIX_ALUTAPS.A please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=UNIX_ALUTAPS.A

3. Gone in 60 Seconds – WORM_RODOK.A (Low Risk)
------------------------------------------------------------------------
WORM_RODOK.A, which prompted a Medium Risk virus alert last week, has quickly run its course. Asia was hardest hit with this worm, specifically Korea and Taiwan.

WORM_RODOK.A is a memory-resident worm that propagates via Microsoft Messenger (MSN). It opens MSN Messenger and immediately sends out a message to all active or online contacts in the infected user’s MSN contact list. The message asks recipients to click on a particular URL. Recipients of the message are not automatically infected with this worm. Infection occurs when the recipient clicks the URL, which downloads the worm and executes it on the system.

WORM_RODOK.A is detected and cleaned by Trend Micro pattern file #364 and above.

For additional information about WORM_RODOK.A please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RODOK.A

4. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: October 7, 2002 to October 13, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. WORM_BUGBEAR.A
3. JS_EXCEPTION.GEN
4. JS_TRAFFICHBAR.A
5. WORM_OPASOFT.A
6. JS_NOCLOSE.E
7. REG_STARTPAGE.A
8. TROJ_SUA.A
9. JS_NOCLOSE.A
10. HTML_IFRMEXP.GEN

5. Special Offer – 20% Discount on PC-cillin 2002
------------------------------------------------------------------------
Gift your friends and family with a 20% discount on PC-cillin 2002 - complete Internet Security software.

Here's a quick way to show your friends and family you care. Simply pass on this URL to anyone you know and they will automatically receive a special 20% discount on the purchase of PC-cillin 2002:

http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?CID=61746&PN=21&SP=10007&SID=16269&PID=916311.

PC-cillin 2002 is a complete Internet-era virus and hacker security solution for your computer and PDA that protects against viruses, hacker attacks, and other Internet security threats. With one click, your friends and family can begin to enjoy the benefits of:

-Enhanced antivirus scanning
-A Personal Firewall for Internet connection security
-Integrated security for your Personal Digital Assistants (PDAs)

Send your friends and family this URL and help them secure their computer: http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?CID=61746&PN=21&SP=10007&SID=16269&PID=916311

**Offer applies to residents of the U.S. and Canada only.

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.trendmicro.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
 
To UNSUBSCRIBE go to:
http://www.trendmicro.com/subscriptions/default.asp?format=unsubscribe
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************
Received on Sat Oct 19 06:10:43 2002