Search for:

Articles 

Contact us 

Media 

News 

Events 

Links 

Free Downloads 

 

Virus Report > Back Home

  

 
TREND MICRO WEEKLY VIRUS REPORT:
Friday November 11, 2005  
Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. WormS Create Their own Bot Network - ELF_LUPPER.A & ELF_LUPPER.B (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Webinar: The Latest Innovations in Worry-Free Computing Security for Small and Medium Business
5. Stop Spam & Internet Threats with Unified, Layered Security - InterScan Messaging Security Suite 5.7, Spam Prevention Solution 2.5, & Network Reputation Services Now Available!

1. Trend Micro Updates - Pattern File & Scan Engine Updates
  • Pattern File : 2.939.00
  • Scan engine : 7.510

    2. Worms Create Their own Bot Network - ELF_LUPPER.A & ELF_LUPPER.B (Low Risk)
    Earlier this week, researchers at antivirus and content security firm Trend Micro warned users to remain extra vigilant regarding the patching of systems, following the recent family of worms which targeted the Linux operating system. ELF_LUPPER.A and ELF_LUPPER.B, which were discovered at the beginning of the week, were built to exploit vulnerabilities in certain web applications, rather than anything inherent in the Linux kernel. Though the worms were compiled to attack Linux, it is important to note that the source code could potentially be recompiled for other systems that are related to Linux.

    According to Ivan Macalintal, Senior Threat Analyst at Trend Micro, both worms utilized the same set of vulnerabilities, especially the XML-RPC which was first made public on June 27, 2005. The corresponding exploits to these vulnerabilities were posted a month later to a well-known public Web site for viewing and posting new exploits. Macalintal adds that these were network worms, capable of self-propagation, with no interaction from the user necessary.

    "These network worms exploited vulnerabilities that enabled them to stealthily connect to a Web site, where they could download and execute copies of themselves to a victim's system" says Macalintal. "The worms focused on building their own bot network, which can give the writer more information that could be utilized to launch a larger attack in the future."

    Both worms utilized the base code of the Linux Slapper worm, which was discovered in September, 2002. The writer(s) of the ELF_LUPPER worms removed the SSL exploit, replacing it with two known vulnerabilities - AWStat and XML-RPC. These worms are believed to be related to a hacker tool, HKTL_CALLBACK, discovered November 3, 2005. According to Trend Micro analyses, the probable purpose of the hack tool was to bypass victims' firewalls and surreptitiously collect information to aid the worm attacks.

    Macalintal advises users to ensure their systems contain the most recent security patches and to remain vigilant, regardless of which operating system they use. "It's important to remember that this is open source, so it may be relatively easy to supplement the current malware with additional exploit code, capabilities, etc., thereby generating future variants".

    Even though Linux is still second to Windows, with regards to customer usage, users are strongly advised to be aware of the security issues concerning their systems. Security experts at Trend Micro added that this attack is really just an example that nearly every system has vulnerabilities, and that users should remain vigilant at all times, irrelevant of their OS.

    Security experts at Trend Micro recommend that users take the following measures to protect against the ELF_LUPPER family of worms as well as other attacks:

    - Ensure your system is patched with the most current system update

    - Ensure your antivirus definitions are updated

    - Existing Trend Micro customers can utilize the network virus wall and vulnerability assessment modules*, which are built into most of our products, to help keep their system updated

    * The Network Viruswall (NVW) pattern stops this worm from spreading throughout the network and infecting other machines. A network that is protected by the NVW pattern is assured that any presence of the code at the network layer is immediately filtered out before it causes any damage.

    The Vulnerability Assessment (VA) pattern detects all machines in the network that have not been patched against the vulnerability exploited by these worms. This enables system administrators to be notified immediately of machines that require protection and to take necessary actions to assure that damage is not magnified on a network-wide scale.

    3. Top 10 Most Prevelant Global Malware
    (from November 4 to November 10, 2005)
    1. TROJ_BAGLE.AB  
    2. WORM_NETSKY.P  
    3. JAVA_BYTEVER.A
    4. SPYW_DASHBAR.300 
    5. SPYW_GATOR.F 
    6. HTML_NETSKY.P 
    7. TROJ_ISTBAR.FN 
    8. PE_PARITE.A 
    9. TSPY_SMALL.SN 
    10. WORM_MOFEI.B 
    4. Webinar: The Latest Innovations in Worry-Free Computing Security for Small and Medium Business**

    Join Trend Micro on November 15th from 11am - 12pm PST for a free Web Event, and a chance to win an AppleT iPod Nano.

    Trend Micro invites you to attend this complimentary 60-minute web event to learn how the most advanced enterprise techniques for addressing virus outbreaks can now be applied to a small or medium business for the first time ever. Introducing the latest SMB offerings for securing everything from the desktop to the email server in a small to medium business environment.

    -24/7 Automatic Threat Protection: Real-time security from Trend Micro's experts relieves you of IT activities that distract you from the more critical activities of growing your business

    -All-in-one Integrated Security: Viruses, spam, and hacker threats are all addressed with a "One Purchase, One Install, One Console" solution

    -Zero Administration: Solution that manages and proactively notifies you if something needs your attention. An easy-to-use "manage at a glance" console allows you to know the solution is working

    Speaker:
    Bob Hansmann, Trend Micro Sr. Product Marketing Manager. With 15 years experience in the security industry and a decade in antivirus technology, Mr. Hansmann is a uniquely qualified speaker in the area of threat education, best practices, and the effectiveness of both current and future technologies to secure today's business environments.

    We hope you'll join us on November 15th. If you have colleagues who want to more proactively protect network assets, please share this email with them after you register.

    Register now

    5. Stop Spam & Internet Threats with Unified, Layered Security - InterScan Messaging Security Suite 5.7, Spam Prevention Solution 2.5, & Network Reputation Services Now Available!

    InterScanT Messaging Security Suite and Spam Prevention Solution (licensed separately) integrate in a single platform at the Internet messaging gateway for a unified defense against viruses, spam, phishing, and mixed threat attacks. And now, the suite fully supports Trend MicroT Network Reputation Services (licensed separately) - IP-level anti- spam security - for a 3-in-1 defense. By blocking spam before it hits the network perimeter, the services relieve the burden on gateway security - allowing optimal performance.

    Download a 30-day free trial

    Read more:
    InterScanT Messaging Security Suite

    Spam Prevention Solution

    Network Reputation Services  

    		•
    < Back

    © IMPIRE Communications, LLC All Rights Reserved.  Website designed & managed by Oculus Networks