[CTRL] Fw: Trend Virus Report
-Caveat Lector- - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 22, 1999 11:26 PM Subject: Trend Virus Report * V I R U S R E P O R T (by The Trend Micro US Virus Research Group) * - Date: 09.21.99 Issue: 9.5 - HERE IS YOUR CHANCE TO WIN A TREND GOLF SHIRT AND PEN. FIND OUT HOW http://www.antivirus.com/trendsetter/virus_report/gift.htm THIS WEEKS WINNER IS DEBBIE COOPER. CONGRATULATIONS For the html version of this report: http://www.antivirus.com/trendsetter/virus_report/ Issue Preview: W97M_SUPPL and TROJ_SUPPL 10 Most Prevalent ITW Viruses Surveyed by Trend US Top 10 Viruses that most concern Trend US Customers September'99 Watch for Christmas and Y2K malware * 1. W97M_SUPPL/TROJ_SUPPL - 163 hours until destructive payload activates - This new virus is distributed via e-mail in an empty Word 97 document. Upon opening the SUPPL.DOC file, W97M_SUPPL activates and copies itself to the Windows directory (as ANTHRAX.INI). Once an infected system is rebooted, TROJ_SUPPL starts to spread itself by attaching the SUPPL.DOC file to every outgoing message. After a system has been infected for 163 hours, TROJ_SUPPL runs its destructive payload, which tries to open all files with the .DOC, .XLS, .TXT, .RTF, .DBF, .ZIP, .ARJ and .RAR extentions and truncate them. To avoid any potential data loss, we advise all our customers to update to Trend pattern file 591 or later, which detects and cleans this virus. Additional information about W97M_SUPPL and TROJ_SUPPL is available on our website at: http://www.trend.com/vinfo/virusencyclo/default5.asp?VName=W97M_SUPPL 2. 10 Most Prevalent In-The-Wild Viruses Surveyed by Trend US (week of: 09/13/99 to 09/19/99) - 1. TROJ_SKA 2. JOKE_FLIPPED 3. JOKE_WOW 4. JOKE_GESCHENK 5. PE_CHOLERA.CTX 6. TROJ_Y2KCOUNT 7. W97M_CLASS 8. TROJ_SMALL.JOKE 9. XM_LAROUX 10. PE_CIH For the most prevalent viruses for the month of August'99, please visit our website at: http://www.antivirus.com/vinfo/most_prevalent.htm 3. Top 10 Viruses Trend customers are most concerned about (where systems were not infected) - 1. TROJ_Y2KCOUNT 2. PE_CHOLERA.CTX 3. W97M_MARKER 4. TROJ_SMALL.JOKE 5. TROJ-AVENGE-1 6. TROJ_AVENGE-2 7. Lump of Coal Hoax 8. W97M_PSD 9. W97M_PAGE.A 10. JOKE_FLIPPED * SPECIAL CHRISTMAS and Y2K VIRUS, TROJAN, and HOAX WATCH September'99 Edition * 1. TROJ_Y2KCOUNT -- (Fake email from [EMAIL PROTECTED]) - The TROJ_Y2KCOUNT virus is distributed in a fake email from Microsoft that claims it to be a Microsoft Year 2000 Counter. Upon execution of the Y2KCOUNT.EXE file, which is attached to an email message apparently from [EMAIL PROTECTED], TROJ_Y2KCOUNT displays the following WINZIP error message: "Password protection error or invalid CRC32!" TROJ_Y2KCOUNT then drops several files to the Windows System directory, it modifies the SYSTEM.INI file, and overwrites the WSOCK32.DLL file in order to intercept password, login, and username information. A detailed virus description of TROJ_Y2KCOUNT is available on Trend's website at: http://www.antivirus.com/vinfo/security/sa091699.htm TROJ_Y2KCOUNT is detected with Trend pattern file 589 or above. 2. TROJ_FIX2001 - TROJ_FIX2001 is an email worm, that claims to fix the Y2K Internet Connection problem. However, instead of performing a system check, TROJ_FIX2001 copies itself to the Windows system folder and modifies the Windows registry. Once an infected system is rebooted, TROJ_FIX2001 starts to spread itself in a second email, which follows every outgoing message. For additional information about TROJ_FIX2001, please refer to: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_FIX2001 3. LUMP OF COAL -- (Fake email warning) - Just like many other hoaxes, the Lump of Coal hoax claims to warn users about an email message, which may arrive on December 25th. According to the hoax, the
[CTRL] Fw: Trend Virus Report
-Caveat Lector- * V I R U S R E P O R T (by the Trend US Virus Research Group) * - Date: 08.31.99 Issue: 8.6 - Issue Preview: TOADIE (Variant 6810, 6585, 7800.A, and 7800.B) 10 Most Prevalent In-The-Wild Viruses Surveyed by Trend US, Top 10 Viruses Trend US Customers are Concerned About, W97M_OZWER * 1. Beware Pegasus Mail Users - here comes TOADIE! - TOADIE is a new virus family, which spreads itself by attaching infected files to outgoing email messages. While several other viruses do this, including the infamous W97M_MELISSA virus, the TOADIE virus family is the first one to use Pegasus Mail. All previous viruses used Microsoft Outlook to spread via email. Besides spreading via email, TOADIE.6810, 7800.A and 7800.B also spread as a worm through Internet Relay Chat (IRC). While TOADIE does not contain any harmful payload, we advise all customers to upgrade to the latest Trend pattern file, which detects all four known variants of TOADIE. To read more about the TOADIE virus family, please visit our website at: http://www.antivirus.com/vinfo/security/sa082799.htm 2. 10 Most Prevalent In-The-Wild Viruses Surveyed by Trend US (week of: 08/23/99 to 08/29/99) - 1. TROJ_SKA 2. JOKE_FLIPPED 3. JOKE_DOH 4. JOKE_GESCHENK 5. JOKE_WOW 6. TROJ_DMSETUP.D 7. W97M_ETHAN.A 8. PE_CIH 9. W97M_MARKER 10. W97M_MELISSA For the most prevalent viruses for the month of July'99, please visit our website at: http://www.antivirus.com/vinfo/most_prevalent.htm 3. Top 10 Viruses US Customers are Concerned About (where systems were not infected) - 1. TOADIE 2. W97M_NOHOPE 3. JOKE_FLIPPED 4. PE_KRIZ.3740 5. TROJ_SKA 6. JOKE_GESCHENK 7. California/Wobbler Hoax 8. W97M_GROOV.B 9. Win a holiday Hoax 10. Join the Crew Hoax 4. W97M_OZWER - malicious code for Word 97 - Also reported this week was W97M_OZWER, a macro virus with a destructive payload. While W97M_OZWER does not delete any files, it moves the text inside documents around. Microsoft Word users whose systems are infected by this virus can easily end up with a document full of incorrect sentences. In order to avoid getting infected with this virus (or any other virus), we advise Trend customers scan all incoming files with the latest Trend pattern file. W97M_OZWER is detected and cleaned with Trend pattern file 577 or later. - As a subscriber to this newsletter, Trend Micro would like to extend you a 10% discount on our top-rated desktop virus package, PC-cillin. Give your desktop the best protection around, at a full 10% off either the downloadable or the physical CD versions. To buy PC-cillin at a discount, please visit our website at: For Windows 95-98 http://www.antivirus.com/offers/vb.htm For Windows NT http://www.antivirus.com/offers/vbnt.htm + Have you got friends or colleagues who would like to receive the Trend Virus Report? Forward this email and direct them to click on URL to subscribe: http://www.antivirus.com/subscriptions/default.asp?[EMAIL PROTECTED] To unsubscribe to this newsletter, go to : http://www.antivirus.com/subscriptions/default.asp?[EMAIL PROTECTED] + DECLARATION DISCLAIMER == CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substancenot soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ To subscribe to Conspiracy Theory Research
[CTRL] Fw: Trend Virus Report
-Caveat Lector- - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 26, 1999 12:21 PM Subject: Trend Virus Report * V I R U S R E P O R T (by Trend US Virus Research Group) * - Date: 08.24.99 Issue: 8.5 - Issue Preview: O97M_TRIPLICATE, 10 Most Prevalent In-The-Wild Viruses Surveyed by Trend US, Top 10 Viruses Trend US Customers are concerned about, PE_KRIZ Update, W97M_SHANKAR, W97M_CONT, W97M_AKUMA. * 1. One stone to kill three birds: The hunt for O97M_TRIPLICATE - O97M_TRIPLICATE is a macro virus that infects Microsoft Word, Excel and PowerPoint data files. Even though we have added detection and cleaning for O97M_TRIPLICATE several months ago, we continue to receive reports of new infections. This week, O97M_TRIPLICATE even made it back to Trend's "10 Most Prevalent In-the-Wild Viruses" list. In this regard, we want to remind our customers to update their product to the latest Trend pattern file and to scan their system for the O97M_TRIPLICATE virus. In addition, we advise all our users to scan all Microsoft Office files before opening them. A detailed description of O97M_TRIPLICATE is available on Trend's website at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_TRIPLICA TE 2. 10 Most Prevalent In-The-Wild Viruses Surveyed by Trend US (week of: 08/16/99 to 08/22/99) - 1. TROJ_SKA 2. JOKE_WOW 3. JOKE_GESCHENK 4. O97M_TRIPLICATE 5. TROJ_CAIN.15 6. TROJ_DOH 7. W97M_MARKER 8. W97M_ETHAN 9. NE_SMALL.JOKE For the most prevalent viruses for the month of July'99, please visit our website at: http://www.antivirus.com/vinfo/most_prevalent.htm 3. Top 10 viruses customers are most concerned about (where systems were not infected) - 1. PE_KRIZ 2. PE_KRIZ.3740 3. TROJ_CAIN.15 4. TROJ_SKA 5. VBS_MONOPOLY 6. JOKE_LANCHECK 7. TROJ_COOLGAME 8. VBS_FREELINK 9. TROJ_NETBUS 10. TROJ_NE_AOL.CJ 4. PE_KRIZ - A real threat or just another virus hyped up by some antivirus vendors? - Now that it has been one week since the appearance of PE_KRIZ, we would like to inform our customers that we still have not received any reports of infection from our customers. At this point, PE_KRIZ seems to be another virus, very similar to PE_EMPEROR, that received too much media attention but didn't do any damage. Even though PE_KRIZ is not likely to spread widely (or at all), we want to let our customers know that Trend pattern file 574 or later can detect this virus. For additional information about PE_KRIZ, please refer to our Virus Encyclopedia at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_KRIZ.3740 5. W97M_SHANKAR - W97M_SHANKAR (a.k.a. Marker.O) is a very simple macro virus, which infected several users in the past two month. While it has no destructive payload, W97M_SHANKAR displays a message box during the month of July. For a detailed virus description, please visit our website at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_SHANKAR W97M_SHANKAR can be detected and cleaned with Trend pattern file 575 or later. 6. W97M_CONT (Potential data loss on the 17th of each month) - Also reported this week was W97M_CONT, a destructive macro virus which executes its payload on the 17th of each month. On that day, W97M_CONT adds the following text to C:\AUTOEXEC.BAT: " deltree /Y f:\* " " deltree /Y e:\* " " deltree /Y d:\* " " deltree /Y c:\* " " rem Created by Dream Blaster " " rem Minny, you are simply a bx " Upon rebooting, all files on the C, D, E and F drives are deleted. In order to prevent this from happening, we have added detection and cleaning for W97M_CONT to Trend's latest bandage pattern file as well as to the next release pattern file. For more information about W97M_CONT please go to our website at: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_CONT.A 7. W97M_AKUMA - a second destructive macro virus: - Just
[CTRL] Fw: Trend Virus Report - August Issue # 2
-Caveat Lector- ** V I R U SR E P O R T (by Trend US Virus Research Group) *** --- Date: 08.09.99 Issue: 8.2 --- Issue Preview: VBS_Monopoly, 10 Most Prevalent In-The-Wild Viruses, Top Viruses that concern Trend customers, W97M_YUGOSLAV and TROJ_BO2K.PLUG *** 1. Another Melissa re-write: VBS_MONOPOLY If there was a popularity contest for viruses, we would have to give the most recent Award to the Melissa virus. In recent weeks, we have seen several viruses inspired by Melissa. Among the most recent ones is VBS_MONOPOLY, a rewrite of Melissa in Visual Basic Script language. Just like many of the other Melissa viruses, VBS_MONOPOLY tries to send an email message (with an attachment) to all addresses in the Microsoft Outlook address book. For additional payload information, please go to: http://www.antivirus.com/vinfo/virusencyclo/default3.asp?VCode =3263 While we have not seen any reports of VBS_MONOPOLY infections, we advise all our customers to upgrade to Trend pattern file 567 or later, which detects this virus. 2. 10 Most Prevalent In-The-Viruses Surveyed by Trend US (week of: 08/02/99 to 08/08/99) - 1. TROJ_SKA 2. JOKE_SMALLPENIS 3. TROJ_GESCHENK 4. W97M_ETHAN.A 5. TROJ_BKDOOR-G 6. W97M_MARKER 7. TROJ_WOW 8. W97M_GROOVIE 9. W97M_CLASS 10. TROJ_BO2K For the most prevalent viruses for the month of June'99, please visit our website at: http://www.antivirus.com/vinfo/most_prevalent.htm 3. Top Viruses that Trend Customers are Concerned About (where systems were not infected) 1. TROJ_PROMAIL121 2. CALIFORNIA/WOBBLER HOAX 3. JOKE_LANCHECK 4. TROJ_BKDOOR-G 5. TROJ_SKA 6. How to give a cat a colonic (HOAX) 7. MATRIX 8. TROJ_NETBUS 4. W97M_YUGOSLAV (a.k.a. W97M.Marker.X) W97M_YUGOLAV is another polymorphic macro virus, which infects Word 97 documents. It triggers a destructive payload on February 22nd, and deletes all files in the C:\ root directory. For a detailed virus description, please refer to our website at: http://www.antivirus.com/vinfo/virusencyclo/default3.asp?VCode =3256 W97M_YUGOSLAV is detected and cleaned with Trend pattern file 567 or later. 5. Another plug-in for Back Orifice 2000: TROJ_BO2K.PLUG - Last week L0pht Heavy Industries released a new hacking tool, which adds a point-and-click graphical interface and remote registry editor to Back Orifice 2000. To detect this new plug-in, please update your Trend pattern file to version 567 or later. Information about BO2K (Back Orifice 2000)is available on our website at: http://www.antivirus.com/vinfo/virusencyclo/default3.asp?VCode =3215 + If you would like to subscribe to this newsletter, go to : http://www.antivirus.com/subscriptions/sub_vreport.asp?[EMAIL PROTECTED] To unsubscribe to this newsletter, go to : http://www.antivirus.com/subscriptions/un_vreport.asp?[EMAIL PROTECTED] + DECLARATION DISCLAIMER == CTRL is a discussion and informational exchange list. Proselyzting propagandic screeds are not allowed. Substancenot soapboxing! These are sordid matters and 'conspiracy theory', with its many half-truths, misdirections and outright frauds is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credeence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om