Trend Micro Weekly Virus Report - November 14, 2003

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: Friday November 14, 2003
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Moe – WORM_MOEGA.C (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Trend Micro Launches GateLock 3000 & GateLock 5000

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 680 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.810 http://www.trendmicro.com/download/engine.asp

2. Moe – WORM_MOEGA.C (Low Risk)
------------------------------------------------------------------------
WORM_MOEGA.C is a non-destructive worm that has both worm and backdoor
capabilities. To propagate, it scans for hosts in the affected system’s
domain. This worm then drops a copy of itself in target hosts, which have
shares with weak passwords. As a backdoor, it connects to a remote Internet
Relay Chat (IRC) server and joins a channel. Once it is in the IRC channel,
a malicious user can then send commands, which the malware executes on the
compromised machine. It runs on Windows NT, 2000, and XP.

Upon execution, this memory-resident malware drops a copy of itself using
the file name HTTPS.EXE. Next, it creates two registry entries that allow
it to execute its dropped copy at every system startup.

To propagate, this malware scans for hosts in the affected system’s domain.
First, it connects to port 139 of the target host. If the port responds,
this worm then enumerates the network shares and proceeds to drop copies of
itself in systems with weak user name or password combinations. This worm
uses the following user names:

administrator
database
guest
owner
root
sql
sqlagent
system
user
wwwadmin

These user names are then combined with the following weak passwords:

admin
administrator
asdf
asdfgh
database
guest
hidden
owner
pass123
pass
password123
password
root
secret
server
sql
sqlagent
system
user
wwwadmin
1
111
123
1234
123456
654321
!@#$
!@#$%
!@#$%^
!@#$%^&
!@#$%^&*

Once active, this malware connects to a specific Internet Relay Chat (IRC)
server and then joins a channel. A malicious user can then send commands to
the malware so that it executes any of the following actions on the affected
system:

-Download and execute a file
-Create a redirect (proxy)
-Get network information such as connection type and IP address
-Get system information such as CPU speed, memory size, Windows version, and
uptime
-Visit a specified URL
-Uninstall the malware from the system
-Create clones on a specific IRC channel
-Steal serial numbers and CD keys of popular games

If you would like to scan your computer for WORM_MOEGA.C or thousands of other
worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free,
online virus scanner at: http://housecall.trendmicro.com/

WORM_MOEGA.C is detected and cleaned by Trend Micro pattern file #664 and above.

For additional information about WORM_MOEGA.C please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MOEGA.C

3. Top 10 Most Prevalent Global Malware
(from November 7, 2003 to November 13, 2003)
------------------------------------------------------------------------
1. WORM_LOVGATE.G
2. TROJ_DASMIN.B
3. WORM_SWEN.A
4. WORM_NACHI.A
5. WORM_MSBLAST.A
6. WORM_ANTINNY.A
7. PE_PARITE.A
8. JAVA_BYTVERIFY.A
9. WORM_KLEZ.H
10. PE_FUNLOVE.4099
        
4. Trend Micro Launches GateLock 3000 & GateLock 5000
------------------------------------------------------------------------
A cost-effective, integrated security device, GateLock enables IT managers to
enforce corporate security policies at remote sites, while maximizing IT
resources and network security. GateLock helps protect the enterprise from
security risks and virus re-infections caused by extended enterprise locations
such as home or remote offices. Administrators can configure GateLock via the
Trend Micro OfficeScan console for ease of use, management, and administration.

GateLock 3000 combines Trend Micro’s integrated antivirus technology and
centralized management capabilities with NetScreen’s stateful inspection
firewall and VPN technology, for remote enterprise environments of up to five
users.
GateLock 5000 combines Trend Micro’s integrated antivirus technology and
centralized management capabilities with NetScreen’s deep inspection firewall
and VPN technology, for remote enterprise environments of up to 10 users.

NetScreen Technologies and Trend Micro have partnered to provide comprehensive
end-to-end security solutions that address the complex connectivity and security
requirements of today’s global, distributed enterprise.

Read our white paper for an overview of how firewall, VPN, and antivirus/content
security work together to protect enterprise environments:
http://www.trendmicro.com/en/products/gateway/gatelock5000/evaluate/whitepaper.htm

***********************************************************************************

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:
    
R2pkNlyLihkm_UU_UX

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Sat Nov 15 00:31:51 2003