Weekly Virus Report - November 15, 2002

(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: November 15, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. I am INOR – TROJ_INOR.A (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Boost your Internet Speed by up to 200% - Get Net Boost Pro for $19.95

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File, Scan Engine, & Antispam Updates
------------------------------------------------------------------------
PATTERN FILE: 387 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/

2. I am INOR – TROJ_INOR.A (Low Risk)
------------------------------------------------------------------------
This memory-resident Trojan downloads and executes a backdoor malware from a certain Web site. This backdoor, detected by Trend Micro antivirus as BKDR_JEEM.A, configures the system to act as an email server that can be used by a remote user to send email.

This Trojan spreads as an attached file in forged email messages, and is believed to come from a malicious sender. However, this email is spoofed and its properties may be modified anytime by its sender.

Upon execution, this Trojan downloads the file COUNTER.C from a specific Web site and saves this file as OUTPUT.EXE in the current folder. It then executes this file. Trend Micro detects this downloaded OUTPUT.EXE file as BKDR_JEEM.A.
If it fails to download the file, it creates a registry entry that executes the Trojan during Windows startup. This allows it to attempt the download every time Windows starts.

The Trojan's body contains the text “Hello, world Inor”.

If you would like to scan your computer for TROJ_INOR.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.trendmicro.com/

TROJ_INOR.A is detected and cleaned by Trend Micro pattern file #385 and above.

For additional information about WORM_INOR.A please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_INOR.A

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: November 4, 2002 to November 10, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_NOCLOSE.E
3. JS_TRAFFICHBAR.A
4. WORM_OPASERV.E
5. JS_EXCEPTION.GEN
6. WORM_OPASERV.A
7. BKDR_OBLIVION.B1
8. WORM_OPASOFT.A
9. JS_SEEKER.E1
10. JOKE_RUSS.A

4. Boost your Internet Speed by up to 200% - Get Net Boost Pro for $19.95
------------------------------------------------------------------------
Frustrated by slow Internet speed? Fed up with low performance of your computer?

Trend Micro has specially partnered with 3B Software to provide you with an Internet Optimizer Tool. With Net Boost Pro's award-winning technology you will get a boost of 30-200% on your Internet connection.

Net Boost™ Pro optimizes your Windows system giving you superior Internet speed and performance. It runs conveniently in the background automatically enhancing your throughput wasted by Windows®. It lets your Internet connection work more efficiently, giving your system a performance boost without the need for costly upgrades. Net Boost™ Pro powerfully tweaks all of your online applications including games, MP3s, and downloads to run faster and smoother. It has a user-friendly interface and is totally customizable to maximize your Internet connection.

Buy now for $29.95 and get $10 off your purchase (URL)
http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?SP=10007&PN=5&CID=64256&SID=16269&PID=359333&DSP=&CUR=840&PGRP=0&CACHE_ID=64256

**Offer valid for residents of the US and Canada only.

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.trendmicro.com/subscriptions/default.asp?email=%email%
 
To UNSUBSCRIBE go to:
http://www.trendmicro.com/subscriptions/default.asp?format=unsubscribe
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:
mmLkgFgLmSPLkr-HrmpODJhtEf

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Sat Nov 16 18:49:15 2002