Trend Micro Weekly Virus Report - November 2001 Issue #5

[Guest guest]

NON-TEXT REMOVED

************************************************************************

V I R U S R E P O R T

(by the Trend Micro US Virus Research Group)

************************************************************************

------------------------------------------------------------------------

Date: November 30, 2001

------------------------------------------------------------------------

If you're a corporate user and want to assess your virus protection,

check out Trend Micro's Virus Risk Assessment Web site at:

http://www.antivirus.com/free_tools/edoctor/

NOTE: Long URLs may break into two lines in some mail readers.

Should this occur, please cut and paste the URL in your browser.

************************************************************************

1. TREND MICRO UPDATES: Pattern File and Scan Engine Updates

------------------------------------------------------------------------

PATTERN FILE: 173 or 973 http://www.antivirus.com/download/pattern.asp

SCAN ENGINE: 5.600 http://www.antivirus.com/download/engines/

2. New Variant Infecting Thousands - WORM_BADTRANS.B (Medium Risk)

------------------------------------------------------------------------

This memory-resident Internet worm is a variant of WORM_BADTRANS.A. It

propagates via MAPI32, has a Key Logger component, and arrives with randomly

selected double-extension filenames.

It does not require the email receiver to open the attachment for it to

execute. It uses a known vulnerability in Internet Explorer-based email

clients (Microsoft Outlook and Microsoft Outlook Express) to automatically

execute the file attachment. This is also known as Automatic Execution of

Embedded MIME type.

This worm is currently spreading in-the-wild, and is classified as medium

risk. As of November 30, there have been more than 20,000 infections of

WORM_BADTRANS.B worldwide, according to Trend Micro's World Virus Tracking

Center at: http://wtc.trendmicro.com/wtc/

WORM_BADTRANS.B is detected by Trend Micro pattern file #170 or #970.

For additional information about WORM_BADTRANS.B, please visit Trend Micro

at:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_BADTRANS

..B.

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US

(week of: November 19, 2001 to November 25, 2001)

------------------------------------------------------------------------

1. PE_MAGISTR.B

2. PE_MAGISTR.A

3. JS_EXCEPTION.GEN

4. WORM_BADTRANS.B

5. VBS_HAPTIME.A

6. TROJ_SIRCAM.A

7. JS_KAKWORM.A

8. WORM_SIRCAM.A

9. PE_MAGISTR.DAM

10. PE_CIH

SPECIAL OFFER:

Webmasters, add free virus information updates to your Web site with our

Virus Info Feed. Simply copy and paste a small piece of code to give your

visitors a real-time top 10 list and the latest virus advisories.

Setup takes approximately 10 minutes and requires no server-side code on

your Web site. All content is updated automatically from Trend Micro's Web

site. http://www.antivirus.com/syndication/vinfo/default.asp?ref=nwsltr

4. Top 5 Viruses Trend Micro's US Customers are Most Concerned About

(where systems were not infected)

------------------------------------------------------------------------

1. JOKE_FLIPPED

2. JS_EXCEPTION.GEN

3. PE_MAGISTR.B

4. PE_SPACES.1445

5. WORM_BADTRANS.A

5. Buy a Copy of Trend Micro PC-cillin 2000 & Get a Second Copy FREE!

Trend Micro PC-cillin 2000 makes a wonderful gift for yourself and those you

care about. Buy NOW at

http://www.antivirus.com/trendsetter/promotions/pcc.htm