Trend Micro Weekly Virus Report - January 24, 2003

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: January 24, 2003
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Outlook and mIRC Malware – VBS_MOON.K (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Trend Micro Expands Enterprise Protection Strategy (EPS)

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 445 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.510 http://www.trendmicro.com/download/engine.asp

2. Outlook and mIRC Malware – VBS_MOON.K (Low Risk)
------------------------------------------------------------------------
VBS_MOON.K propagates via email in Microsoft Outlook, but may also arrive via the Web.

Upon execution, it drops a copy of itself as FOTOMPG.VBS in the Windows directory. It checks whether it has already infected the machine by checking for the existence of a specific registry key. If the registry key does not exist, it creates registry entries that allow it to execute automatically upon Windows startup.

It also sends the following email to all addresses in the Microsoft Outlook address book:

Subject: Hi
Message Body: Hi, look at this funny photo.......
Attachment: FOTOMPG.VBS

This worm also checks whether mIRC is installed in the system by looking for the file MIRC.INI in the following folders:

%Program Files%\mirc
%Program Files%\mirc32
C:\mirc
C:\mirc32

The worm’s code is designed to create the file SCRIPT.INI in folders where the file is found, and to use this script file to send copies of itself to all users who are connected to the same IRC channel. However, due to certain bugs, this worm fails to drop the IRC script.

VBS_MOON.K also checks whether the file XXX_ADULT.EXE exists in the default Windows directory. If this file exists, it executes the file. The contents of this file may change and can either be malicious or not. If the said file does not exist, the worm modifies the infected user’s Internet Explorer home page to a pornographic adult Web site.

If you would like to scan your computer for VBS_MOON.K or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

VBS_MOON.K is detected and cleaned by Trend Micro pattern file #442 and above.

For additional information about VBS_MOON.K please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_MOON.K

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: January 13, 2003 to January 19, 2003)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_EXCEPTION.GEN
3. JS_NOCLOSE.E
4. WORM_SOBIG.A
5. WORM_BUGBEAR.A
6. JS_SEEKER.E1
7. WORM_YAHA.K
8. BKDR_IRCFLOOD.BI
9. WORM_OPASERV.A
10. PE_HANTANER.A

4. Trend Micro Expands Enterprise Protection Strategy (EPS)
------------------------------------------------------------------------
Trend Micro's Enterprise Protection Strategy (EPS) is an industry-unique approach to addressing mixed-threat attacks based on the coordination of any Trend Micro products and services, and the expertise of TrendLabs, to address each stage of what the company has termed the outbreak lifecycle: outbreak prevention, virus response, and assessment and restoration.

With the expansion of EPS, IT Managers can take advantage of a range of new products, services, and architectural enhancements that assist in the management of outbreaks across multiple points of the corporate network. Products and services announced are designed to further address the common challenges faced by IT Managers when dealing with virus and malicious code outbreaks, from coordinating security policies across many different devices, platforms, and systems in different geographic locations to determining the overall effectiveness of current security investments and procedures.
Read more about Trend Micro's Enterprise Protection Strategy at http://www.trendmicro.com/en/products/eps/eps/evaluate/overview.htm]
Read what Industry Analysts are saying at http://www.trendmicro.com/en/products/eps/eps/evaluate/industry-quotes.htm

************************************************************************
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Fri Jan 24 23:22:00 2003