Weekly Virus Report - February 7, 2003

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: February 7, 2003
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Sludge in your Computer - VBS_SLUDGE.A (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. New Version of Trend Micro OfficeScan Now Available

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 455 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.510 http://www.trendmicro.com/download/engine.asp

2. Sludge in your Computer - VBS_SLUDGE.A (Low Risk)
------------------------------------------------------------------------
VBS_SLUDGE.A is a Visual Basic script worm that spreads using the peer-to-peer file sharing application Kazaa Lite.

Upon execution, this worm drops a copy of itself in the Windows temporary folder using the file name "_uninst12.vbs." It then adds a registry entry so that its dropped copy is executed at every Windows startup.

This virus creates copies of itself using one of 12 specific file names. These copies are dropped in %Program Files%\kazaa lite\my shared folder, a common shared folder of Kazaa Lite.

This worm is intended to also propagate through Kazaa, Bearshare, Edonkey2000 and Morpheus, but fails to do so due to flaws in its script code. Although the script checks for the existence of the shared folders of these peer-to-peer, file-sharing applications, it incorrectly copies the dropped files to Kazaa Lite's shared folder. The folders checked are:
 
%Program Files%\bearshare\shared
%Program Files%\edonkey2000\incoming
%Program Files%\kazaa\my shared folder
%Program Files%\morpheus\my shared folder

When the infected user's system date is March 3, this worm displays a message box with the following text:

Address violation at 030303x
03/03/03 exception error. Please reboot.

If you would like to scan your computer for VBS_SLUDGE.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

VBS_SLUDGE.A is detected and cleaned by Trend Micro pattern file #454 and above.

For additional information about VBS_SLUDGE.A please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_SLUDGE.A

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: January 27, 2003 to February 2, 2003)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_EXCEPTION.GEN
3. JS_NOCLOSE.B
4. WORM_BUGBEAR.A
5. WORM_NETSPREE.A
6. WORM_SOBIG.A
7. WORM_YAHA.K
8. WORM_OPASERV.I
9. JS_SEEKER.E1
10. WORM_OPASERV.A

4. New Version of Trend Micro OfficeScan Now Available
------------------------------------------------------------------------
OfficeScan Corporate Edition provides comprehensive virus protection for desktop and mobile clients. Its centralized management features allow administrators to fully manage and enforce antivirus policies across the entire organization. Incorporated in it, is our robust damage cleanup services which help remove and repair system damage caused by malicious code.

With this new version of OfficeScan Corporate Edition, IT security administrators have the capability to deliver attack-specific policies to all points of the network running Trend Micro products, from the Internet gateway down to file servers and individual client systems. Specifically, administrators can automatically deploy outbreak prevention policies to block threats that may enter through, exploit, or harm a client system or file server.

Download 30-day Trial Version: http://www.trendmicro.com/en/products/desktop/osce/evaluate/trial.htm

Buy Now: http://www.trendmicro.com/buy/us/enterprise.asp

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly Virus
Report."
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Sat Feb 8 01:13:44 2003