Trend Micro Weekly Virus Report - February 21, 2003

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: February 21, 2003
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. No Love Lost - WORM_LOVEGATE.B (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. It's Tax Time! - Get TaxCut from H&R Block FREE with PC-cillin 2003*

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 465 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.510 http://www.trendmicro.com/download/engine.asp

2. No Love Lost - WORM_LOVEGATE.B (Low Risk)
------------------------------------------------------------------------
WORM_LOVEGATE.B is both a worm and a backdoor program. As a worm, it propagates copies of itself via network shared folders. It drops copies of itself in shared folders and in all subfolders that exist within the shared folders.

This worm drops multiple copies of itself using any of the following file names in the Windows system folder:

WinRpcsrv.e
syshelp.exe
winrpc.exe
WinGate.exe
rpcsrv.exe

Then, it adds registry entries that allow it to execute on subsequent Windows startups.

It modifies the default entries in a certain registry key so that it is executed whenever a text file is opened. By replacing the original data in this registry key, it sets itself as the default application for opening text files that are double-clicked in Windows.

In shared folders and subfolders, it drops copies of itself using any of the following file names:

winrpc.exe
syshelp.exe
fun.exe
humor.exe
docs.exe
s3msong.exe
midsong.exe
billgt.exe
card.exe
setup.exe
searchURL.exe
tamagotxi.exe
hamster.exe
news_doc.exe
PsPgame.exe
joke.exe
images.exe
pics.exe
crklist.exe
source.exe
sex.exe
roms.exe
docs.exe
patch.exe
LUPdate.exe
pack.exe
wingate.exe
stg.exe
ssrv.exe

As a backdoor, this malware opens port 10168 and immediately sends an email notifying a remote user that the infected machine is online and can be accessed. By sending commands via the backdoor port, a remote user can execute programs on the infected machine, obtain information, and reconfigure the running backdoor program.

If you would like to scan your computer for WORM_LOVEGATE.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

WORM_LOVEGATE.B is detected and cleaned by Trend Micro pattern file #462 and above.

For additional information about WORM_LOVEGATE.B please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName= WORM_LOVEGATE.B

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: February 10, 2003 to February 16, 2003)
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. WORM_YAHA.K
3. PE_PARITE.A
4. PE_DUPATOR.1503
5. PE_FUNLOVE 4099
6. WORM-SOBIG.A
7. PE_PARITE.B
8. WORM_OPASERV.E
9. WORM_BUGBEAR.A
10. TROJ_SMALL.J

4. It's Tax Time! - Get TaxCut from H&R Block FREE with PC-cillin 2003*
------------------------------------------------------------------------
This year, file your taxes with TaxCut Deluxe. TaxCut Deluxe from H&R Block allows you to seamlessly import your financial data from last year's TurboTax®, Quicken®, and Microsoft® Money. It offers one FREE State program, one FREE electronic filing (after mail-in rebate), FREE H&R Block Financial Planners, and a NEW 9-Year Tax Preview planning feature so you can maximize your tax savings and plan for the future.
 
With newly released PC-cillin™ 2003 you can protect your PC, PDA and wireless devices from viruses, hacker attacks, and other Internet security threats.

PC-cillin offers the benefits of:
-Enhanced Antivirus Scanning - Secure your computer against viruses transmitted through the Internet, email, and Instant Messaging

-Personal Firewall Protection - Fend off hackers and malicious programs with a personal firewall

-Integrated Wireless Security for PDAs - Protect the important information on your personal digital assistant and secure your PC during synchronization

New features like Wi-Fi protection help to secure your computer when connecting to a wireless LAN network, and Outbreak Alert gives you early warning about new viruses.

For a limited time, Trend Micro is offering you TaxCut Deluxe absolutely free with the purchase of PC-cillin 2003 or PC-cillin 2003 Upgrade.

Start saving now! Buy PC-cillin 2003: http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?SP=10007&PN=5&CID=70268&SID=16269&PID=498729&DSP=&CUR=840&PGRP=0&CACHE_ID=702680000070666

Upgrade to PC-cillin 2003: http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?SP=10007&PN=5&CID=70666&SID=16269&PID=500849&DSP=&CUR=840&PGRP=0&CACHE_ID=70666

 * Offer expires April 21, 2003 and is valid in the U.S. and Canada only.

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up to receive the "Weekly Virus Report."
 
For questions, comments, and suggestions about the Weekly Virus Report
please contact the Newsletters Editor at newsletters@trendmicro.com.
************************************************************************

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Fri Feb 21 23:44:01 2003