TREND MICRO WEEKLY VIRUS REPORT: Friday September 2, 2005

Issue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates 2. Email Worm - WORM_SAVAGE.A (Low Risk) 3. Top 10 Most Prevalent Global Malware 4. Trend Micro's Award-winning Legacy Continues 5. Whitepaper - The Spyware Battle -- Privacy vs. Profit

1. Trend Micro Updates - Pattern File & Scan Engine Updates Pattern File : 2.817.00 Scan engine : 7.510 2. Email Worm - WORM_SAVAGE.A (Low Risk) WORM_SAVAGE.A is a non-destructive, memory-resident worm that propagates via email and through peer-to-peer (P2P) networks. It spreads via email by sending copies of itself with the file name TMP.ZIP to target addresses. It gathers target recipients from an affected system's Windows Address Book (WAB). This worm is currently spreading in-the-wild and infecting systems running Windows 95, 98, ME, 2000, XP, and Server 2003. This worm also propagates by dropping a copy of itself in accessible network shares, enabling other users to download this worm. However, on systems using the P2P applications, LimeWire and eDonkey2000, this worm drops its copy in locations specific to these applications. This worm utilizes a common social engineering technique to avoid early detection. It uses file names that usually pertain to legitimate software, such as Nero and winamp5. Thus, this worm tricks users into thinking that it is a harmless file, possibly affecting its prolonged presence on the system. It modifies the affected system's HOSTS file by appending a list of URLs, which are related to antivirus and security applications, to the said file. It directs the said URLs to the local machine, preventing the user from accessing the listed Web sites. This worm has backdoor capabilities that connect to a remote Web site, where it awaits for commands from a remote malicious user, such as the downloading of files that may be malicious. It then executes the said commands locally, therefore compromising the machine's security. This worm also carries a malware retaliation routine, particularly against NETSKY, BLASTER, MYDOOM, BAGLE, and SOBIG variants. It removes the corresponding registry entries of the said variants if found on the system. If you would like to scan your computer for WORM_SAVAGE.A, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQBTCQTVrjxpuipjLuLKpHQJhuV2VW WORM_SAVAGE.A is detected and cleaned by Trend Micro pattern file #2.813.00 and above. For additional information about WORM_MYTOB.JX please visit: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQBTCQTVrjxpuipjLuLKpHQJhuV2VU 3. Top 10 Most Prevelant Global Malware (from August 26 to September 1, 2005) WORM_NETSKY.P WORM_SDBOT.BKW  HTML_NETSKY.P JAVA_BYTEVER.A  WORM_SOBER.S  TROJ_ROOTKIT.N  ADW_BADBITOR.A  SPYW_GATOR  SPYW_DASHBAR.300  TSPY_SMALL.SN 4. Trend Micro's Award-winning Legacy Continues Since its inception in 1988, Trend Micro has won various awards for its excellence in products and services, support, and corporate achievement. Follow the link below to see some of the latest accolades: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQBTCQTVrjxpuipjLuLKpHQJhuV2VSU 5. Whitepaper - The Spyware Battle -- Privacy vs. Profit For the past three years, antivirus vendors have toiled over how to handle the removal of spyware - software that logs information on user activity, collects Web browsing histories, on-line purchases, etc. Spyware programs run in the background, with their activities transparent to most users. In this paper, Trend Micro provides some insights into the problem, to educate users about spyware threats and how to minimize the risk of infection. This includes sound advice on safe Internet practices, to avoid many of the most common spyware "traps". Follow Link Below to View Acrobat PDF White Paper: http://www.trendmicro.com/NR/rdonlyres/B72C189F-BD03-45BF-8696-32B046F8F98E/17123/SpywarePaper_FINAL.pdf

< Back