Trend Micro Weekly Virus Report - November 21, 2003

*********************************************************************
TREND MICRO WEEKLY VIRUS REPORT
    
(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: Friday November 21, 2003
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.trendmicro.com/en/security/report/overview.htm

Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. eCard Worm – WORM_WOZER.A (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Trend Micro Introduces New Products for Small & Medium Businesses

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser window.

************************************************************************

1. Trend Micro Updates - Pattern File & Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 688 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.810 http://www.trendmicro.com/download/engine.asp

2. eCard Worm – WORM_WOZER.A (Low Risk)
------------------------------------------------------------------------
WORM_WOZER.A is a non-destructive, memory-resident worm that propagates
via email, network shares, and mIRC. It mass-mails copies of itself to
email addresses found in certain files on the target system. It also
attempts to terminate certain processes and functions of certain
antivirus programs. It runs on Windows 95, 98, ME, NT, 2000, and XP.

Upon execution, it checks whether a copy of itself is already running in
memory. If not, it proceeds with its execution. On Windows NT, 2000, and
XP it creates a registry entry to ensure that it is automatically executed
at every system startup. On Windows 95, 98 and ME it modifies the SYSTEM.INI
file.

This worm uses its own SMTP (Simple Mail Transfer Protocol) engine to send a
zipped copy of itself named ECARD.ZIP. The email message contains the
following characteristics:

From: Superzone eCard
Subject: Superzone eCard from secret admirer
Attachment: eCard.zip (23.2)
Message Body:
eCard@Superzone is an online service for sending eCards.

Dear reader,

You have been sent an eCard from 'Secret Admirer'!

To see the eCard, simply open the attachment.

Send an eCard to someone that you care. It's free!

eCard@Superzone
http://eCard.Superzone.com/

Save trees, send eCards.

eCard@Superzone: part of the Superzone Network.
http://www.superzone.com/

It obtains its target email addresses from files with the following
extensions:

HTM
HTML
WAB
EML
ODS
MMF
NCH
MBX
TBB
CPP
DPR
FRM
BAS
DOC
RTF
VBS
TXT
ASP

This worm drops a copy of itself as WINUPDATE.EXE in mapped network drives
to propagate across the network. To propagate via mIRC, the worm also drops
a malicious SCRIPT.INI file in the mIRC folder. This dropped file sends
“ECARD.ZIP” to all users who are in the same mIRC channel as the infected user.
Trend Micro detects the dropped SCRIPT.INI file as IRC_WOZER.A.

This worm drops the file CROW.TXT in the root directory of drive C. The file
contains the following text string:

“I love you crow …. I do.“

The worm also attempts to kill running processes of certain antivirus programs.

If you would like to scan your computer for WORM_WOZER.A or thousands of other
worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's
free, online virus scanner at: http://housecall.trendmicro.com/

WORM_WOZER.A is detected and cleaned by Trend Micro pattern file #687 and above.

For additional information about WORM_WOZER.A please visit: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WOZER.A

3. Top 10 Most Prevalent Global Malware
(from November 14, 2003 to November 20, 2003)
------------------------------------------------------------------------
1. TROJ_DASMIN.B
2. WORM_LOVGATE.G
3. WORM_SWEN.A
4. WORM_NACHI.A
5. WORM_ANTINNY.A
6. JAVA_BYTVERIFY.A
7. PE_PARITE.A
8. WORM_KLEZ.H
9. WORM_MIMAIL.J
10. ADW_RULEDOR.C
        
4. Trend Micro Introduces New Products for Small & Medium Businesses
------------------------------------------------------------------------
Many growing businesses benefit from the ability to focus and execute at a
fast pace, but often suffer from a lack IT resources. This can pose a serious
challenge for smaller businesses that need to broaden their security strategy.

Enterprise antivirus and anti-spam products, designed for companies with
extensive IT resources, are too expensive and unwieldy for smaller organizations
to manage. Rather than struggling with cumbersome point products created for large
corporate networks, small and medium-sized businesses deserve a practical solution
tailored to fit their distinct security and spam-fighting needs.

Learn more about Trend Micro’s Small and Medium Business products: http://www.trendmicro.com/en/products/us/smb.htm

Enter to win a small business security makeover from the Trend Micro Security
Dream Team: http://www.trendmicro.com/offers/banners/click.asp?bannerID=US-SMB-Sweepstakes&dcsreportid=en&gotoURL=http%3A//sweepstakesonline.com/trendmicro/

***********************************************************************************

______________________________________________________________________
This message was sent by Trend Micro's Newsletters Editor using Responsys Interact (TM).

If you prefer not to receive future e-mail from Trend Micro's Newsletters Editor:
    
R2pkNlyLihkm_UU_VU

To view our permission marketing policy:
    http://www.rsvp0.net
Received on Sat Nov 22 03:22:51 2003