Trend Micro Weekly Virus Report - October 31, 2003

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: Friday October 31, 2003 HAPPY HALLOWEEN!
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Yellow Alert – WORM_MIMAIL.C (Medium Risk)
3. Top 10 Most Prevalent Global Malware
4. Now Available! Trend Micro PC-cillin Internet Security 2004

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 667 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.510 http://www.trendmicro.com/download/engine.asp

2. Yellow Alert – WORM_MIMAIL.C (Medium Risk)
------------------------------------------------------------------------
As of 8:02 a.m. U.S. Pacific Time, Trend Micro has declared a Yellow Alert
to control the spread of WORM_MIMAIL.C. This memory-resident Internet worm
propagates via email using its own SMTP engine. It runs on Windows 95, 98,
ME, NT, 2000, and XP. The email arrives with the following:

To: admin@???

Subject: Re[2]: our private photos ???

Message Body:
Hello Dear!,
Finally i've found possibility to right u, my lovely girl :) All our photos
which i've made at the beach (even when u're without ur bh:)) photos are
great! This evening i'll come and we'll make the best SEX :)

Right now enjoy the photos.
Kiss, James.
??? (Note: ??? is a variable string)

Attachment: photos.zip

Upon execution, this memory-resident worm drops a copy of itself as
NETWATCH.EXE in the Windows folder. It then creates a registry entry so that
its dropped copy executes at every system startup.

This malware also creates the following files in the %Windows% directory:
EML.TMP – contains the compiled and gathered email addresses from the local
machine
ZIP.TMP – the .ZIP file that this worm sends as a mail attachment
EXE.TMP – a UPX-compressed Win32 .EXE file

This mass-mailing worm arrives as an email attachment, which is a .ZIP
file containing an .HTML file and a UPX-compressed Win32 .EXE file.

When the .HTML file is opened, the malware code is executed and exploits
Internet Explorer’s security system vulnerability. It then launches the
.EXE file, which carries the worm program.

It also uses Simple Mail Transfer Protocol (SMTP) servers and user names
gathered from files not having the following extensions:

COM
WAV
CAB
PDF
RAR
ZIP
TIF
PSD
OCX
VXD
MP3
MPG
AVI
DLL
EXE
GIF
JPG
BMP

It performs a Denial of Service (DoS) attack against the IP address
63.246.128.180 (http://www.darkprofits.com) by sending the following data:

ICMP packets (garbage data? – This is still under investigation.)
HTTP packets (garbage data? – This is still under investigation.)

It performs this routine using several threads, resulting in an increase or
flooding of ICMP messages in the infected host network.

If you would like to scan your computer for WORM_MIMAIL.C or thousands of other
worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free,
online virus scanner at: http://housecall.trendmicro.com/

WORM_MIMAIL.C is detected and cleaned by Trend Micro pattern file #666 and above.

For additional information about WORM_MIMAIL.C please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.C

3. Top 10 Most Prevalent Global Malware
(from October 24, 2003 to October 30, 2003)
------------------------------------------------------------------------
1. WORM_LOVGATE.G
2. WORM_MSBLAST A
3. TROJ_DASMIN.B
4. WORM_SWEN.A
5. WORM_NACHI.A
6. JAVA_BYTVERIFY.A
7. WORM_KLEZ.H
8. WORM_ANTINNY.A
9. PE_PARITE.A
10. PE_DUMARU.A
        
4. Now Available! Trend Micro PC-cillin Internet Security 2004
------------------------------------------------------------------------
Trend Micro PC-cillin Internet Security provides comprehensive and easy-to-use
protection from viruses, hackers, and other Internet-based threats.

Its new advanced features go far beyond standard antivirus and firewall
protection, helping to safeguard your PC from new emerging threats like network
viruses, spam email, inappropriate Web content, and spyware programs that can
compromise your privacy.

This new and enhanced version provides you with more exciting features,
including:

-Comprehensive Virus Protection
-Enhanced Personal Firewall
-Integrated PDA Virus Protection
-Network Virus Emergency Center-New!
-Anti-spam Filtering-New!
-URL Filtering/Parental Controls -New!
-Privacy Threat Protection-New!
-Spyware Detection and Removal-New!
-Profile-based Security-New!

Keep your computer “simply secure” from viruses, hackers, privacy threats,
and spam email with PC-cillin Internet Security.

Buy Now for only $49.95! http://www.digitalriver.com/dr/v2/ec_MAIN.Entry17c?SP=10007&PN=5&CID=0&SID=16269&PID=618129&DSP=&CUR=840&PGRP=0&CACHE_ID=0

or

Try the 30-day evaluation copy for FREE http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/trial.htm

Already own PC-cillin? Upgrade now and get 50% off. http://www.trendmicro.com/en/products/desktop/pc-cillin/buy/us/upgrade.htm

***********************************************************************************

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:
    
R2pkNlyLihkm_UT_WU

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Sat Nov 1 02:07:25 2003