Trend Micro Weekly Virus Report - January 17, 2003

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: January 17, 2003
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. It’s Huge – WORM_SOBIG.A (Medium Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 441 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.510 http://www.trendmicro.com/download/engines/

2. It’s Huge – WORM_SOBIG.A (Medium Risk)
------------------------------------------------------------------------
WORM_SOBIG.A is a memory-resident, multi-threaded worm that propagates via email and shared network folders. It sends copies of itself via email using its own Simple Mail Transfer Protocol (SMTP) engine and obtains its target recipients from addresses found in files with the following extensions:

WAB
DBX
HTM
HTML
EML
TXT

The details of the email that it sends are as follows:

Sender: big@boss.com

Subject: <could be any of the following>
Re: Movies
Re: Sample
Re: Document
Re: Here is that sample

Attachment: <could be any of the following>
Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif

The worm also copies itself to shared folders on the Local Area Network that contain the following folders:

Windows\All Users\Start Menu\Programs\StartUp\
Documents and Settings\All Users\Start Menu\Programs\Startup

WORM_SOBIG.A downloads files from remote Web sites, and saves them to the Windows folder as DWN.DAT. This download contains a link to another file on the Internet. The worm downloads this file, which may be changed anytime, and then executes it on the host system.

If you would like to scan your computer for WORM_SOBIG.A.C or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

WORM_SOBIG.A is detected and cleaned by Trend Micro pattern file #436 and above.

For additional information about WORM_SOBIG.A please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SOBIG.A

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: January 6, 2003 to January 12, 2003)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. WORM_YAHA.K
3. JS_EXCEPTION.GEN
4. JS_NOCLOSE.E
5. JS_SEEKER.E1
6. WORM_OPASERV.E
7. WORM_BUGBEAR.A
8. WORM_OPASERV.H
9. WORM_OPASERV.A
10. WORM_OPASERV.G

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Sat Jan 18 01:59:13 2003