[HCRA] Fw: Trend Micro Weekly Virus Report - April 26, 2002

Fri, 26 Apr 2002 23:30:07 -0400

For those of you who are still interested or affected:

----- Original Message -----
From: "Trend Virus Info" <[email protected]>
To: <[email protected]>
Sent: Friday, April 26, 2002 7:09 PM
Subject: Trend Micro Weekly Virus Report - April 26, 2002

*********************************************************************
TREND  MICRO  WEEKLY  VIRUS  REPORT

(by TrendLabs Global Antivirus and Research Center)
*********************************************************************
------------------------------------------------------------------------
Date: April 26, 2002
------------------------------------------------------------------------
To read an HTML version of this newsletter, go to:
http://www.antivirus.com/trendsetter/virus_report/

Issue Preview:

1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates
2. Holding Steady - WORM_KLEZ.H (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
4. Trend Micro PC-cillin 2002 is Now Available

NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please cut and paste the URL in your browser.

************************************************************************

1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 269 http://www.antivirus.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.antivirus.com/download/engines/

2. Holding Steady - WORM_KLEZ.H (Low Risk)
------------------------------------------------------------------------
WORM_KLEZ.H continues to hold steady in the #1 position in Trend Micro's
World Virus Tracking Center http://wtc.trendmicro.com/wtc/. At the time of
this writing, more than 134,000 computers worldwide have been infected with
WORM_KLEZ.H. Europe, Asia, and North America have been hardest hit.

This destructive, memory-resident variant of the WORM_KLEZ.A mass-mailing
worm uses SMTP to propagate via email. The subject line of the email it
arrives with is randomly selected from a long list of possible choices. This
worm can change or spoof the original email address in the FROM: field. It
obtains email addresses (that it places in the FROM: field) from the
infected user's address book. This causes a non-infected user to appear as
the person who has sent this worm's malicious email, and hides the real
address of the sender of the infected email.

Upon execution, this worm decodes its data in memory. It then copies itself
to a WINK*.EXE file in the Windows System directory. The copy has a hidden
attribute and the * is a random number of random characters. It also infects
.EXE files.

The worm drops a randomly named file in the ProgramFilesDir (usually
C:\Program Files). Approximately 10KB in size, this program can infect files
in network-shared folders and disable system file protection. Trend Micro
detects this program as PE_ELKERN.D.

The worm also disables the running processes, and occasionally deletes the
executable files, of programs associated with several popular antivirus
products.

On Windows 98/95 systems, the worm registers itself as a service process to
hide itself from the taskbar. On Windows 2000 systems, the worm creates a
system service and registers it as a service control dispatcher. This worm
does not execute its payload on systems running Windows NT 4.0 and earlier
versions, although infection of machines with this operating system is
possible if the machine has shared folders. The dropped virus, PE_ELKERN.D,
infects files in shared drives. When this happens, a full infection of the
system may result, since PE_ELKERN.D executes on any Windows platform.

If you would like to scan your computer for WORM_KLEZ.H or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free online virus scanner at: http://housecall.antivirus.com/

WORM_KLEZ.H is detected and cleaned by Trend Micro pattern file #265 and
above.

For additional information about WORM_KLEZ.H, please visit Trend Micro
at:
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_KLEZ.H

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: April 15, 2002 to April 22, 2002)
------------------------------------------------------------------------
1.  WORM_KLEZ.G
2.  WORM_KLEZ.E
3.  PE_MAGISTR.B
4.  WORM_BADTRANS.B
5.  PE_MAGISTR.A
6.  PE_NIMDA.E
7.  JS_EXCEPTION.GEN
8.  WORM_MYLIFE.J
9.  W97M_APENIX.A
10. PE_NIMDA.A-O

4. Trend Micro PC-cillin 2002 - Antivirus, Anti-Hacker, & PDA Virus
Protection
------------------------------------------------------------------------
Trend Micro is pleased to announce the release of PC-cillin 2002.
PC-cillin 2002 provides award-winning protection against macro viruses,
Trojans,
and other malicious threats. An integrated personal firewall helps secure
desktop computers against illegal access, ping attacks, and even port
scanning
for Internet-era protection. This complete antivirus strategy also includes
security for Palm, Pocket PC, and EPOC devices.

BUY NOW: $39.95
http://www.trendmicro.com/pcc2002_wvr

If you already own PC-cillin, you may purchase an upgrade to PC-cillin 2002
for
just $19.95 at:
http://www.antivirus.com/pc-cillin/products/upgrade.htm

************************************************************************
You are receiving this email from Trend Micro, because you have either
downloaded a Trend Micro product or have signed up for our "Weekly Virus
Report." If you would like to change the way you receive email from
Trend Micro, please make changes in your account page at
http://www.antivirus.com/subscriptions/[email protected]
om

To UNSUBSCRIBE go to:
http://www.antivirus.com/subscriptions/default.asp?format=unsubscribe

For questions, comments and suggestions about the Weekly Virus Report
please contact our editor at [email protected].
************************************************************************