Weekly Virus Report:
April 30, 2004
Issue Preview
- Trend Micro Updates
- Pattern File & Scan Engine Update
- Bite Back BAGLE?
WORM_BAGLE.Z (Medium Risk)
- Top 10 Most Prevalent
Global Malware
- Trend Micro's New Releases
- Safe Computing Tips
- ICSA Labs' 9th Annual
Computer Virus Prevalence Survey
1. Trend
Micro Updates - Pattern File & Scan Engine Update
Critical Active Update
Service
Pack Reminder
Most users of certain older Trend Micro products have
already updated their software or applied the Active
Update Service Pack. If you are still using one of these
older products, it is critical to act now to ensure
up-to-date protection against new malicious code. Without
minor software modifications, these products will be
unable to download new pattern files after #649. To
read more information to download this Service Pack,
please visit our Web
site.
2. Bite
Back BAGLE? WORM_BAGLE.Z (Medium Risk)
WORM_BAGLE.Z is a new variant
of the BAGLE worm. It is a memory-resident worm that
propagates via email and network shares. It is currently
spreading in-the-wild and infecting computer systems
running Windows 95, 98, ME, NT, 2000, and XP.
Upon execution, it drops a copy
of itself in the Windows system folder using any of
the following file names:
- DRVDDLL.EXE
- DRVDDLL.EXEOPEN
- DRVDDLL.EXEOPENOPEN
It also displays the fake error
message Cant find a viewer associated with the file.
It then creates a registry entry that allows it to automatically
execute at every system startup.
This worm uses its own Simple
Mail Transfer Protocol (SMTP) engine to propagate. It
searches for email addresses in files with the following
specific extension names:
- ADB
- ASP
- CFG
- CGI
- DBX
- DHTM
- EML
- HTM
- JSP
- MBX
- MDX
- MHT
- MMF
- MSG
- NCH
- ODS
- OFT
- PHP
- PL
- SHT
- SHTM
- STM
- TBB
- TXT
- UIN
- WAB
- WSH
- XLS
- XML
It skips those addresses that
contain any of the following strings:
- @avp.
- @foo
- @iana
- @messagelab
- @microsoft
- abuse
- admin
- anyone@
- bsd
- bugs@
- cafee
- certific
- contract@
- feste
- free-av
- f-secur
- gold-certs@
- google
- help@
- icrosoft
- info@
- kasp
- linux
- listserv
- local
- news
- nobody@
- noone@
- noreply
- ntivi
- panda
- pgp
- postmaster@
- rating@
- root@
- samples
- sopho
- spam
- support
- unix
- update
- winrar
- winzip
The email it sends out contains
a message body only if its attachment is a password-protected
.ZIP file.
In its attempt to propagate via
network shares, this worm drops copies of itself in
folders that contain the string shar in their folder
names.
This malware also has backdoor
capabilities. It listens to a specific port and waits
for commands from a remote malicious user. It terminates
several antivirus and security programs, and attempts
to connect to specific Web sites. It also deletes registry
entries that automatically execute variants of WORM_NETSKY.
After January 25, 2005 it deletes
a certain registry key and registry entry, in order
to uninstall itself.
If you would like to scan your
computer for WORM_BAGLE.Z or thousands of other
worms, viruses, Trojans and malicious code, visit HouseCall,
Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/
WORM_BAGLE.Z is detected
and cleaned by Trend Micro pattern file #877 and above.
3.
Top 10 Most Prevalent Global Malware
(from April 23, 2004 to April 29, 2004)
- WORM_NETSKY.P
- WORM_NETSKY.D
- WORM_NETSKY.B
- HTML_NETSKY.P
- WORM_NETSKY.Q
- PE_FUNLOVE.4099
- WORM_MOFEI.B
- PE_VALLA.A
- WORM_NETSKY.C
- PE_NIMDA.E
4. Trend
Micro's New Releases
Trend Micro has recently released
several newly upgraded products:
- InterScan Messaging Security
Suite 5.5
- ScanMail for Lotus Notes 2.6
AIX
- Spam Prevention Solution 1.1
for Solaris
Trend Micro InterScan Messaging
Security Suite 5.5 is an extensible messaging security
platform for the gateway that addresses mixed-threat
attacks by delivering coordinated policies for antivirus,
antispam, and content security.
- Estimate your Total Cost of
Ownership (TCO) savings using our TCO
Calculator
- Download
a 30-day trial version of InterScan Messaging Security
Suite
Trend Micro Spam Prevention Solution
1.1 for Solaris is a high-performance, antispam application
designed to block non-productive and malicious spam
at the gateway. It employs patent-pending, heuristic
technology that can evaluate, identify, and monitor
existing and new messages using multiple spam email
characteristics, providing highly accurate spam capture
rates with very low false positives.
- Calculate the cost of spam
in your organization with our Spam
Calculator
- Download
a free 30-trial version of Spam Prevention Solution
Trend Micro ScanMail for Lotus
Notes 2.6 for AIX offers comprehensive virus protection
and content security for the Lotus Domino environment.
It scans viruses hidden in databases and email attachments,
and it also protects collaboration tools such as Lotus
Sametime and Quickplace. ScanMail is designed
to operate as a native Domino server application and
provides administrators with a familiar, intuitive interface.
- View
the readme file to learn more
5. Safe
Computing Tips
To reduce the risk of virus infections,
and reduce the possibility of inadvertently triggering
or spreading viruses to other people, you can make use
of some easily implemented "safe computing" practices.
These safe computing practices
for Windows 95/98, Me, XP, and 2000 can increase the
security of your computer system, and help make your
computer less prone to malicious code attacks.
6. ICSA
Labs' 9th Annual Computer Virus Prevalence Survey
ICSA Labs (a division of TruSecure
Corporation) has released the results of the 9th Annual
Computer Virus Prevalence Survey.
Key highlights of the survey results include:
- 88% of survey respondents think
the malicious code problems are worse than the previous
year
- Survery respondents reported
more than 2.7 million virus incidents during the year
- Disaster recovery time is reported
as 24 person-days
- Average outbreak recovery cost
among respondents reached $99,000
- Top 5 impacts from viruses
claimed by respondents: loss of productivity, PC unavailable,
corrupted files, loss of access to data, and lost
data
- Email attachments accounted
for 88% of virus sources
Read
more by registering on the TruSecure Web site to
download your copy of the survey now.
-30-
|