Trend Micro Weekly Virus Report - October 25, 2002

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: October 25, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File, Scan Engine, & Antispam Updates
2. Not Bugbear – WORM_HOBBIT.G (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Gartner Group Research: ROI for Trend Micro Antivirus Software & Services

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File, Scan Engine, & Antispam Updates
------------------------------------------------------------------------
PATTERN FILE: 369 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/
ANTISPAM RELEASES: 493-507

2. Not Bugbear – WORM_HOBBIT.G (Low Risk)
------------------------------------------------------------------------
WORM_HOBBIT.G is a Win32 worm that propagates via Microsoft Outlook and the KaZaa network. In Microsoft Outlook, it sends itself as an email message with the following details:

Subject: Fwd: Scan your computer for this new virus threat...

Message Body: This is a fix and removal for the new internet worm known as BugBear. 1 in ever 4 computers in infected with this virus. When run, it will scan your computer and notify you if you're infected or not, then clean if infected.

Attachment: Anti-Bug.exe

To make itself easily accessible over the Kazaa network, this worm copies itself to the following folders:
C:\KaZaa\My Shared Folders
C:\Program Files\KaZaa\My Shared Folders

Upon execution, it displays a message box with the title “kn0x 0wnz” and the message “System Not Infected with Bugbear”.

This worm creates copies of itself in the Windows directory as shizzle.exe and Anti-Bug.exe, and it adds a registry entry that allows it to execute at every Windows startup.

It drops a number of files by certain names, which could have the extensions .EXE, .PIF, .BAT, or .SCR. It also may choose filenames from a lengthy list of specific possibilities.

This worm also attempts to perform a DoS (Denial of Service) attack on a certain Web site by continuously sends PING requests to this site, each containing 10,000 Bytes.

If you would like to scan your computer for WORM_HOBBIT.G or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.trendmicro.com/

WORM_HOBBIT.G is detected and cleaned by Trend Micro pattern file #368 and above.

For additional information about WORM_HOBBIT.G please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOBBIT.G

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: October 14, 2002 to October 20, 2002)
------------------------------------------------------------------------
1. WORM_BUGBEAR.A
2. WORM_KLEZ.H
3. WORM_OPASOFT.A
4. JS_TRAFFICHBAR.A
5. WORM_YAHA.E
6. JS_EXCEPTION.GEN
7. JS_NOCLOSE.E
8. WORM_OPASOFT.D
9. PE_NIMDA.E
10. WORM_KLEZ.E

4. Gartner Group Research: ROI for Trend Micro Antivirus Software & Services
------------------------------------------------------------------------
To help customers justify costs in deploying Trend Micro product-line strategy at three tiers of virus protection, namely Gateway, Server and Desktop, Trend Micro commissioned a report to uncover the benefits and ROI of its virus protection strategy.

Research revealed that the ROI ranged from 19% to 67% during a payback period of 6 to 10 months. The research was based on data gathered from cross-sections of eight companies, located in various geographical regions of the world.

Download a free copy of this White Paper NOW!

http://www.trendmicro.com/en/security/white-papers/overview.htm#customer-roi

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.trendmicro.com/subscriptions/default.asp?email=trendmicro_pattern@netzwerk-aktiv.com
 
To UNSUBSCRIBE go to:
http://www.trendmicro.com/subscriptions/default.asp?format=unsubscribe
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************
Received on Sat Oct 26 01:16:43 2002