Virus!

[MontanaRocknReefer]

To: Johnnypatriots



Trend Micro Weekly Virus Report
(by TrendLabs Global Antivirus and Research Center)

Date: January 17, 2003
Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. It's Huge - WORM_SOBIG.A (Medium Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US

1. Trend Micro Updates - Pattern File and Scan Engine Updates

PATTERN FILE: 443
SCAN ENGINE: 6.510

2. It's Huge - WORM_SOBIG.A (Medium Risk) WORM_SOBIG.A is a memory-resident, multi-threaded worm that propagates via email and shared network folders. It sends copies of itself via email using its own Simple Mail Transfer Protocol (SMTP) engine and obtains its target recipients from addresses found in files with the following extensions:

WAB
DBX
HTM
HTML
EML
TXT

The details of the email that it sends are as follows:

Sender: big@boss.com
Subject:

Re: Movies
Re: Sample
Re: Document
Re: Here is that sample


Attachment:

Movie_0074.mpeg.pif
Document003.pif
Untitled1.pif
Sample.pif

The worm also copies itself to shared folders on the Local Area Network that contain the following folders: :

Windows\All Users\Start Menu\Programs\StartUp\
Documents and Settings\All Users\Start Menu\Programs\Startup

WORM_SOBIG.A downloads files from remote Web sites, and saves them to the Windows folder as DWN.DAT. This download contains a link to another file on the Internet. The worm downloads this file, which may be changed anytime, and then executes it on the host system. If you would like to scan your computer for WORM_SOBIG.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at:http://housecall.trendmicro.comWORM_SOBIG.A is detected and cleaned by Trend Micro pattern file #436 and above.

3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
(week of: January 6, 2003 to January 12, 2003)

WORM_KLEZ.H
WORM_YAHA.K
JS_EXCEPTION.GEN
JS_NOCLOSE.E
JS_SEEKER.E1
WORM_OPASERV.E
WORM_BUGBEAR.A
WORM_OPASERV.H
WORM_OPASERV.A
WORM_OPASER

[cyberchef]

Johnny I have Trend Micros PC Cillin on my computer and it has already stopped to emails from the emial addy (big@boss.com) your post mentions.

[asmith]

Hmm. I have been recieving lots of messages from that address. I didn't realize it was a virus. I always delete emails from people I don't know, or with strange subject lines. I am glad I deleted those emails. Thanks for the heads up!

Andrew

[Rick O]

Norton interceped an e-mail this week that contained the W32-Klez virus. I don't remember the sender but it had an off the wall subject line and an attachment. I never open attachments unless I know the sender and there is text in their e-mail that assures me it's from them.

[cyberchef]

Yeah I don't open email from anyone I don't recognize either. But it looks like there is someone out there who must have a vi*us and my email addy. I've been getting at least 1 email a day now that is stopped by PcCillin because of Kle* or some other vi*us...

[FishDaddy]

Can I get it by reading this thread????

I just sprayed my monitor with Lysol just to be sure!!!

I haven't received any of those but hope Norton is on guard!

Thanks for the warning, Johnny.
Dick

[ShirleyM]

Quote:

Originally posted by FishDaddy
Can I get it by reading this thread????
I just sprayed my monitor with Lysol just to be sure!!!

You crack me up, Dick! I just told someone yesterday that if they don't wipe their Norton icon with a Q-tip dipped in alcohol at least once a week, it wouldn't stop the viruses anymore. (they told me Norton wasn't working and yes that it was on their taskbar and turned on)

Anyhow, MY Norton has Q'd about 5 of the Klez virus in the past three weeks.

Shirley