TREND MICRO WEEKLY VIRUS REPORT: Friday September 23, 2005

Issue Preview: 1. Trend Micro Updates - Pattern File & Scan Engine Updates 2. Mobile Malware - SMYBOS.CARDTRP.A (Low Risk) 3. Top 10 Most Prevalent Global Malware 4. Trend Micro Survey - Your Input is Needed 5. Trend Micro Beats McAfee, Webroot, and Computer Associates in Anti-Spyware Review

1. Trend Micro Updates - Pattern File & Scan Engine Updates Pattern File : 2.855.00 Scan engine : 7.510 2. Mobile Malware - SMYBOS.CARDTRP.A (Low Risk) SMYBOS_CARDTRP.A is destructive Symbian malware that affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. The malware is currently spreading in-the-wild and infecting the following phone models: Nokia 3600 Nokia 3620 Nokia 3650 Nokia 3660 Nokia 6600 Nokia 6620 Nokia 7610 Nokia 7650 Nokia N-Gage Panasonic X700 Sendo X Siemens SX1 This malware originates in Symbian Series 60 devices, but has the potential to spread to PCs running the Microsoft Windows Operating System. There are two methods by which the mobile device can be infected: Receiving the malware manually via Bluetooth or MMS Downloading and installing it from the Web Here’s how it works: Like many of its predecessors, SYMBOS_CARDTRP.A propagates via Bluetooth (within a 10 meter range). The infection then resides in the memory card of the mobile device. This malware also overwrites normal applications installed on the affected mobile device with malformed copies, thus preventing those applications from working properly. This malware contains the additional capability to infect Windows-based PCs from the phone. If the user inserts the infected memory card into their PCs card slot, the infection has the potential to infect the PC, then attempts to spread to other PCs from there. SYMBOS_CARDTRP.A drops the following 4 files into the E:\ directory (commonly utilized by the memory card):  fsb.exe, detected by Trend Micro as BKDR_BERBEW.Q, attempts to compromise  machines and steal password information buburuz.ICO, which masquerades as the icon file for the memory card autorun.inf, which attempts to automatically execute fsb.exe SYSTEM.exe, detected by Trend Micro as WORM_WUKILL.B When the memory card is inserted into a Windows computer, the file autorun.inf will attempt to execute fsb.exe. Also, though the file SYSTEM.exe does not contain an automatic startup routine, it has the appearance of a legitimate folder icon to lure users into executing it. If successfully executed, the malware then launches WORM_WUKILL.B, which attempts to spread the infection to other PCs. If you would like to download a free, trial module to protect against this threat, visit www.trendmicro.com/mobilesecurity. 3. Top 10 Most Prevelant Global Malware (from September 16 to September 22, 2005) ADW_BADBITOR.A JAVA_BYTEVER.A TROJ_BAGLE.DA HTML_NETSKY.P WORM_NETSKY.P SPYW_GATOR SPYW_DASHBAR.300 TSPY_SMALL.SN TROJ_DYFUCA.I JS_DLOADER.I 4. Trend Micro Survey - Your Input is Needed Trend Micro would like to invite you to participate in a survey, and provide us your perspective on pattern files and their delivery mechanism. Your opinion on customizable pattern files, benefits of reducing the pattern file size, and suggestions about any alternative pattern delivery methods would be very valuable to Trend Micro for delivering products that better suit your needs. Participate in the study 5. Trend Micro Beats McAfee, Webroot and Computer Associates in Anti-Spyware Review Trend Micro Anti-Spyware for Small and Medium Businesses (SMBs) is the only standalone anti-spyware solution that automatically delivers best-in-class spyware detection and removal capabilities to networked PCs and servers. It safely and accurately blocks and removes spyware including adware, key loggers, security disablers, and browser hijackers, which drain company resources and productivity and steal customer and business information. Read more in this review: http://trendnewsletter.rsc03.net/servlet/cc5?lgLQBWDQTVrjxpuipjLuLKpHQJhuV2VY

< Back