Virus Information Center Windows Assistance
Go To
Home
Windows XP
Virus Info Center
Windows Web Sites
Books
Tips From The Past
Searching For
Commentary
Microsoft Security Bulletins
eMail
About This Site
Search Me


Advanced Search

Search The Web


Advanced Search

 

Trend Micro's Virus Information  

Updated Continuously!

 

Weekly Virus Report: April 30, 2004

Issue Preview

  1. Trend Micro Updates - Pattern File & Scan Engine Update
  2. Bite Back BAGLE? – WORM_BAGLE.Z (Medium Risk)
  3. Top 10 Most Prevalent Global Malware
  4. Trend Micro's New Releases
  5. Safe Computing Tips
  6. ICSA Labs' 9th Annual Computer Virus Prevalence Survey

1. Trend Micro Updates - Pattern File & Scan Engine Update

Critical Active Update Service Pack Reminder
Most users of certain older Trend Micro products have already updated their software or applied the Active Update Service Pack. If you are still using one of these older products, it is critical to act now to ensure up-to-date protection against new malicious code. Without minor software modifications, these products will be unable to download new pattern files after #649. To read more information to download this Service Pack, please visit our Web site.

2. Bite Back BAGLE? – WORM_BAGLE.Z (Medium Risk)
 

WORM_BAGLE.Z is a new variant of the BAGLE worm. It is a memory-resident worm that propagates via email and network shares. It is currently spreading in-the-wild and infecting computer systems running Windows 95, 98, ME, NT, 2000, and XP.

Upon execution, it drops a copy of itself in the Windows system folder using any of the following file names:

  • DRVDDLL.EXE
  • DRVDDLL.EXEOPEN
  • DRVDDLL.EXEOPENOPEN

It also displays the fake error message “Can’t find a viewer associated with the file.” It then creates a registry entry that allows it to automatically execute at every system startup.

This worm uses its own Simple Mail Transfer Protocol (SMTP) engine to propagate. It searches for email addresses in files with the following specific extension names:

  • ADB
  • ASP
  • CFG
  • CGI
  • DBX
  • DHTM
  • EML
  • HTM
  • JSP
  • MBX
  • MDX
  • MHT
  • MMF
  • MSG
  • NCH
  • ODS
  • OFT
  • PHP
  • PL
  • SHT
  • SHTM
  • STM
  • TBB
  • TXT
  • UIN
  • WAB
  • WSH
  • XLS
  • XML

It skips those addresses that contain any of the following strings:

  • @avp.
  • @foo
  • @iana
  • @messagelab
  • @microsoft
  • abuse
  • admin
  • anyone@
  • bsd
  • bugs@
  • cafee
  • certific
  • contract@
  • feste
  • free-av
  • f-secur
  • gold-certs@
  • google
  • help@
  • icrosoft
  • info@
  • kasp
  • linux
  • listserv
  • local
  • news
  • nobody@
  • noone@
  • noreply
  • ntivi
  • panda
  • pgp
  • postmaster@
  • rating@
  • root@
  • samples
  • sopho
  • spam
  • support
  • unix
  • update
  • winrar
  • winzip  

The email it sends out contains a message body only if its attachment is a password-protected .ZIP file.

In its attempt to propagate via network shares, this worm drops copies of itself in folders that contain the string shar in their folder names.

This malware also has backdoor capabilities. It listens to a specific port and waits for commands from a remote malicious user. It terminates several antivirus and security programs, and attempts to connect to specific Web sites. It also deletes registry entries that automatically execute variants of WORM_NETSKY.

After January 25, 2005 it deletes a certain registry key and registry entry, in order to uninstall itself.

If you would like to scan your computer for WORM_BAGLE.Z or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

WORM_BAGLE.Z is detected and cleaned by Trend Micro pattern file #877 and above.

3. Top 10 Most Prevalent Global Malware
(from April 23, 2004 to April 29, 2004)

  1. WORM_NETSKY.P
  2. WORM_NETSKY.D
  3. WORM_NETSKY.B
  4. HTML_NETSKY.P
  5. WORM_NETSKY.Q
  6. PE_FUNLOVE.4099
  7. WORM_MOFEI.B
  8. PE_VALLA.A 
  9. WORM_NETSKY.C 
  10. PE_NIMDA.E

4. Trend Micro's New Releases

Trend Micro has recently released several newly upgraded products:

  • InterScan Messaging Security Suite 5.5
  • ScanMail for Lotus Notes 2.6 AIX
  • Spam Prevention Solution 1.1 for Solaris

Trend Micro InterScan Messaging Security Suite 5.5 is an extensible messaging security platform for the gateway that addresses mixed-threat attacks by delivering coordinated policies for antivirus, antispam, and content security.

  • Estimate your Total Cost of Ownership (TCO) savings using our TCO Calculator
  • Download a 30-day trial version of InterScan Messaging Security Suite

Trend Micro Spam Prevention Solution 1.1 for Solaris is a high-performance, antispam application designed to block non-productive and malicious spam at the gateway. It employs patent-pending, heuristic technology that can evaluate, identify, and monitor existing and new messages using multiple spam email characteristics, providing highly accurate spam capture rates with very low false positives.

  • Calculate the cost of spam in your organization with our Spam Calculator
  • Download a free 30-trial version of Spam Prevention Solution

Trend Micro ScanMail for Lotus Notes 2.6 for AIX offers comprehensive virus protection and content security for the Lotus Domino environment. It scans viruses hidden in databases and email attachments, and it also protects collaboration tools such as Lotus Sametime™ and Quickplace™. ScanMail is designed to operate as a native Domino server application and provides administrators with a familiar, intuitive interface.

  • View the readme file to learn more

5. Safe Computing Tips

To reduce the risk of virus infections, and reduce the possibility of inadvertently triggering or spreading viruses to other people, you can make use of some easily implemented "safe computing" practices.

These safe computing practices for Windows 95/98, Me, XP, and 2000 can increase the security of your computer system, and help make your computer less prone to malicious code attacks.

6. ICSA Labs' 9th Annual Computer Virus Prevalence Survey

ICSA Labs (a division of TruSecure Corporation) has released the results of the 9th Annual Computer Virus Prevalence Survey.

Key highlights of the survey results include:

  • 88% of survey respondents think the malicious code problems are worse than the previous year
  • Survery respondents reported more than 2.7 million virus incidents during the year
  • Disaster recovery time is reported as 24 person-days
  • Average outbreak recovery cost among respondents reached $99,000
  • Top 5 impacts from viruses claimed by respondents: loss of productivity, PC unavailable, corrupted files, loss of access to data, and lost data
  • Email attachments accounted for 88% of virus sources

Read more by registering on the TruSecure Web site to download your copy of the survey now.

-30-

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

-30-