Trend Micro Weekly Virus Report - December 6, 2002

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: December 6, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Backdoor Trojan – TROJ_FLOOD.BI.DR (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. New! PC-cillin 2003 – Virus Protection and Internet Security for Home Users

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 407 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/

2. Backdoor Trojan – TROJ_FLOOD.BI.DR (Low Risk)
------------------------------------------------------------------------
TROJ_FLOOD.BI.DR is a backdoor Trojan package that drops and installs a multi-component backdoor in the System directory. The dropped multi-component backdoor allows malicious users to remotely take control of infected systems.

This backdoor package can force infected systems to behave as FTP servers, allowing remote users to upload and download files to and from infected machines. It also contains IRC scripts that may be used to launch a Distributed Denial of Service (DDoS) attack. With the scripts installed, malicious users can manipulate infected systems into flooding certain targets within IRC by continuously pinging these targets.

This Trojan arrives as an Installation/Setup program, and runs on Windows 9x, ME, 2000, and XP. Upon execution, it creates the folder, STDE9, in the Windows system directory and then drops the following files in the created folder:

SVCHOST32.EXE
BOOTDRV.DLL
EXPLORE.DAT
EXPLORER.EXE
EXPLORE.EXE
IISCACHE.DLL
WEB.SWF
LIBPARSE.EXE
NAVDB.DBX
PSEXEC.EXE
RCFG.INI
RCONNECT.EXE
RCONNECT.CONF
STR.VXD
SECURE.BAT
V32DRIVER.BAT

It then creates the folder, www, in STDE9. The following files, which are dropped in the www folder, are IRC scripts that allow sharing of files via mIRC:

www\MDX.DLL
www\MOO.DLL
www\VIEWS.MDX
www\WEBSERV.MRC
www\HTDOCS
www\htdocs\README.HTM
www\htdocs\SHIK.GIF
www\WWWLOGS

This Trojan dropper also creates a registry entry so that one of its dropped files, EXPLORER.EXE, automatically executes at every Windows startup.

If you would like to scan your computer for TROJ_FLOOD.BI.DR or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free online virus scanner at: http://housecall.trendmicro.com/

TROJ_FLOOD.BI.DR is detected and cleaned by Trend Micro pattern file #402 and above.

For additional information about TROJ_FLOOD.BI.DR please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_FLOOD.BI.DR

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: November 25, 2002 to December 1, 2002)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. WORM_BUGBEAR.A
3. WORM_OPASERV.A
4. WORM_OPASERV.E
5. WORM_OPASERV.F
6. WORM_OPASERV.G
7. WORM_OPASERV.H
8. JS_EXCEPTION.GEN
9. PE_FUNLOVE.4099
10. WORM_OPASERV.D

4. New! PC-cillin 2003 – Virus Protection and Internet Security for Home Users
------------------------------------------------------------------------
Protect your computer and PDA from viruses at home or on the go with PC-cillin 2003. PC-cillin combines advanced virus detection and cleaning with an integrated firewall to safeguard your system from hackers and malicious code threats in email and instant messaging, and while browsing the Internet.

With PC-cillin 2003 you get the benefits of:
-Comprehensive Antivirus Protection
-New! Secure Wireless Internet Access
-New! Proactive Virus Outbreak Notification
-Integrated PDA Protection

New features like Wi-Fi protection helps secure your computer when connecting to a wireless LAN network, and Outbreak Alert gives you early warning about new viruses.

Buy now* and get all-in-one antivirus security, personal firewall, and PDA protection for 20% off** on single user PC-cillin licenses.
http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?CID=64779&PN=21&SP=10007&SID=16269&PID=1047203

Already a PC-cillin user? You can upgrade to the new version for only $24.95
http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?CID=0&PN=21&SP=10007&SID=16269&PID=1046260

*Offer valid for residents of the US and Canada only.
**Offer expires December 15, 2002

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Sat Dec 7 02:20:54 2002