Spyware Warrior

wawadave

Dear Trend Micro customer,

As of 2:40 AM July 5, 2004 (GMT -07:00; Daylight Savings Time), TrendLabs has
declared a Medium Risk Virus Alert to control the spread of WORM_BAGLE.AD.
TrendLabs has received several infection reports indicating that this worm is
spreading in Japan, Korea, and Taiwan.

This worm is known to spread via email using its own Simple Mail Transfer
Protocol (SMTP) engine. It also spreads via network shares. It drops copies of
itself as the following files in the Windows system folder:

loader_name.exe
loader_name.exeopen
loader_name.exeopenopen

Its email arrives with any of the following lines as subject:

Re: Msg reply
Re: Hello
Re: Yahoo!
Re: Thank you!
Re: Thanks Smile

RE: Text message
Re: Document
Incoming message
Re: Incoming Message
RE: Incoming Msg
RE: Message Notify
Notification
Changes..
Update
Fax Message
Protected message
RE: Protected message
Forum notify
Site changes
Re: Hi
Encrypted document

TrendLabs will be releasing the following EPS deliverables:

TMCM Outbreak Prevention Policy 118
0fficial Pattern Release 927 - released 3:15 AM July 5, 2004
Damage Cleanup Template 367
NVW pattern 10130

For more information on WORM_BAGLE.AD, you can visit our Web site at:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AD

You can modify subscription settings for Trend Micro newsletters at:

http://www.trendmicro.com/subscriptions/default.asp

----------------------------------------------o0o----
CRITICAL PRODUCT UPDATE!
New Pattern File Numbering Format upgrade for Trend Micro products is REQUIRED
by July 2004. Click http://www.trendmicro.com/npf for details!
______________________________________________________________________
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

wawadave · Posted: Mon Jul 05, 2004 9:11 am Post subject:

CERT RECOMMENDS ANYTHING BUT IE
US Computer Emergency Readiness Team is advising people to ditch
Internet Explorer and use a different browser after the latest
security vulnerability in the software was exposed.
http://www.net-security.org/news.php?id=5482

EXPLOIT USED TO SPREAD VIRUS COULD BE USED AGAIN
Computer experts warn that now that a new way to spread computer
viruses has gotten a foothold, it won't be long before others try
similar attacks.
http://www.net-security.org/news.php?id=5483

ISO ENDORSES KEY SECURITY CERTIFICATION
The International Standards Organization last week gave its stamp of
approval to the CISSP security certification for IT workers, and a
half-dozen security managers said the endorsement should help enhance
the certification's legitimacy and acceptance.
http://www.net-security.org/news.php?id=5484

GATES DISHES OUT SECURITY PROMISES
At a news conference in Sydney, Microsoft's chairman said computer
systems must become more secure and must be at least as reliable as
essential physical infrastructure like electricity and water systems.

http://www.net-security.org/news.php?id=5485

AUTHORS OF THE LAST VIRUSES ARE RUSSIANS
The authors of the last malicious action to spread computer viruses
exploiting earlier unknown flaw in the Internet browser are people of
Archangelsk, Russia.
http://www.net-security.org/news.php?id=5487

MICROSOFT BLAMES HACKERS, NOT VULNERABILITY, FOR WEB ATTACK
The evidence now is leading them to accept Microsoft's explanation
that the IIS 5.0 servers were hacked manually and that the server
software doesn't have an unknown vulnerability.
http://www.net-security.org/news.php?id=5488
microsucks pasing the buck on this one!

ANTI-PHISHING GROUP BACKS EMAIL AUTHENTICATION
A group attempting to stop the new scourge of phishing fraud on the
Web says email authentication technology could do the job, a concept
backed by Microsoft.
http://www.net-security.org/news.php?id=5489
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

wawadave · Posted: Mon Jul 05, 2004 9:16 am Post subject:

VIRUS HITS INDIAN BPO NETWORKS
Infosys Technologies, a leading Bangalore-based software and business
process outsourcing (BPO) company, had to bring down its network,
following detection of a virus attack on some machines on the
network.
http://www.net-security.org/news.php?id=5497

UK LAWMAKERS WANT MORE COMPUTER HACKERS BEHIND BARS
Computer hacking, an offence police once dismissed as a teenage
prank, would carry a maximum two-year prison term as part of a
revised cybercrime law proposed by British MPs on Wednesday.
http://www.net-security.org/news.php?id=5498

SEVEN HABITS OF HIGHLY SECURE COMPANIES
Companies, like the humans who make them run, are creatures of habit.
Some of those habits can make information systems more secure, rather
than less. The seven best practices of highly secure companies are a
standard against which CEOs can measure their organizations.
http://www.net-security.org/news.php?id=5500

BHO SCANNING TOOL AND NEW SCAM TARGETS BANK CUSTOMERS
On June 24th, a visitor to the SANS Internet Storm Center reported
that his company was "in the middle of a very disturbing ... issue
regarding the adware/spyware/IE exploit genre".
http://www.net-security.org/news.php?id=5501

MAGOLD VIRUS WRITER SENTENCED
Sophos is reporting that the creator of the Magold worm has been
found guilty and sentenced to two years of probation as well as a
fine equivalent to around £1300 to cover court costs.
http://www.net-security.org/news.php?id=5502

HACKER COUGHS UP ADVICE
You've got to "understand the dark side" to be a good guy in the
computer-hacking world, says ethical hack specialist Mike Sues, and
most computer users don't have the first clue about the dangers they
face.
http://www.net-security.org/news.php?id=5506

VIRUSES PUTTING SMALL BUSINESS OFF INTERNET
Small businesses in Wales are being put off internet trading by
computer viruses and spam, a report has revealed.
http://www.net-security.org/news.php?id=5507

VIRUSES, VIRUSES EVERYWHERE
I never thought I would pine for the good old days in computing when
me and my buddies would take turns typing in the peeks and pokes in
endless listings from "RUN" magazine to make my Commodore 64 actually
do something.

http://www.net-security.org/news.php?id=5508

FBI OPENS NEW COMPUTER CRIME LAB
The FBI opened a new lab Tuesday dedicated to detecting
computer-related crimes and training federal, state and local police
to catch Internet pedophiles, frauds and thieves.
http://www.net-security.org/news.php?id=5509

SECURE ENOUGH FOR A BANK
In its New York location alone, the Fed maintains more that 10,000
discrete devices, including AS/400, HP-UX, Linux, Novell NetWare, and
Sun Solaris servers, as well as a huge installed base of Microsoft
Windows. The awesome responsibility of managing these assets falls on
the shoulders of Sean Mahon, the New York Fed's vice president of
system management.
http://www.net-security.org/news.php?id=5510
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

wawadave · Posted: Mon Jul 05, 2004 9:31 am Post subject:

----------------------------------------------------------------

Weekly Report On Viruses And Intruders - Webber Backdoors, Bankhook
and Scob Trojans and Korgo Variants
http://www.net-security.org/virus_news.php?id=428

Top Ten Viruses Most Frequently Detected by Panda ActiveScan in June
http://www.net-security.org/virus_news.php?id=427

Top Ten Viruses And Hoaxes Reported To Sophos In June 2004
http://www.net-security.org/virus_news.php?id=426
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

wawadave · Posted: Tue Jul 06, 2004 4:35 pm Post subject:

4. 7/6: Evaman.A Worm a 'Medium' Threat
Several security vendors have issued medium-level threat alerts for Evaman.A, a
worm
without damaging effects that spreads via e-mail, in a message that seems to be
returned
to sender because of a false error.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,6xdq,31mj,9s3s,a9gz
------------------------------------------------------------
5. 7/6: Beagle.Z@mm Worm Uses SMTP Engine
W32.Beagle.Z@mm is a mass-mailing worm that uses its own SMTP engine to spread
through
email and opens a backdoor on TCP port 1234.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,cy9c,8mck,9s3s,a9gz
------------------------------------------------------------
6. 7/6: Sdbot-JS Spreads to Remote Shares
W32/Sdbot-JS is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,1u2,61a1,9s3s,a9gz
------------------------------------------------------------
7. 7/6: Lovgate-F a Mass-Mailing Worm
W32/Lovgate-F is a mass mailing and network worm.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,5ywj,jxke,9s3s,a9gz
------------------------------------------------------------
8. 7/6: Lovgate.AF Worm Executes File
Worm_Lovgate.AF propagates via email and network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,kpz1,1rwy,9s3s,a9gz
------------------------------------------------------------
9. 7/6: Rbot-CP Spreads to Network Shares
W32/Rbot-CP is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,f5fo,2twr,9s3s,a9gz
------------------------------------------------------------
10. 7/6: Bagle-AD Displays Fake Message
W32/Bagle-AD is a member of the W32/Bagle family of email worms.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,71sx,c4cv,9s3s,a9gz
------------------------------------------------------------
11. 7/6: Korgo.X Worm Spreads Via LSASS
Korgo.X is a worm that spreads via the Internet by exploiting the LSASS
vulnerability in
remote computers.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,8oqd,doa1,9s3s,a9gz
------------------------------------------------------------
12. 7/6: Refst.A Trojan Drops .DLL File
Troj_Refst.A is a Trojan program that drops a .DLL file in the Windows system
folder with
a random file name composed of lower case characters.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,32gp,6z2l,9s3s,a9gz
------------------------------------------------------------
13. 7/6: PWSteal.Likmet.A Displays Fake Window
PWSteal.Likmet.A is a Trojan horse that displays a fake MSN Messenger logon
window and
steals the password provided.
http://nl.internet.com/ct.html?rtr=on&s=1,zrn,1,b5ja,drhy,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

wawadave · Posted: Wed Jul 07, 2004 6:37 pm Post subject:

4. 7/7: Rbot-CZ Resets Registry Entries
W32/Rbot-CZ is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,zvy,1,476n,2m39,9s3s,a9gz
------------------------------------------------------------
5. 7/7: PE_Lovgate.AD Uses Email to Spread
PE_Lovgate.AD is a memory-resident file-infector that spreads through email and
network
shares.
http://nl.internet.com/ct.html?rtr=on&s=1,zvy,1,569j,g2bj,9s3s,a9gz
------------------------------------------------------------
6. 7/7: PE_Lovgate.AC is a File-Infector
PE_Lovgate.AC is a memory-resident file-infector that spreads through email and
network
shares.
http://nl.internet.com/ct.html?rtr=on&s=1,zvy,1,7edy,2yum,9s3s,a9gz
------------------------------------------------------------
7. 7/7: Trojan.Ecure.C Modifies Hosts File
Trojan.Ecure.C is a Trojan horse that modifies the Hosts file and the Internet
Explorer
home page.
http://nl.internet.com/ct.html?rtr=on&s=1,zvy,1,ahp9,546j,9s3s,a9gz
------------------------------------------------------------
8. 7/7: Trojan.Ecure.B Changes IE Home Page
Trojan.Ecure.B is a Trojan horse that modifies the Hosts file and the Internet
Explorer
home page.
http://nl.internet.com/ct.html?rtr=on&s=1,zvy,1,6nbe,49ke,9s3s,a9gz
------------------------------------------------------------
9. 7/7: Sdbot-JY Uses P2P to Spread
W32/Sdbot-JY is a worm that attempts to spread using P2P shared folders.
http://nl.internet.com/ct.html?rtr=on&s=1,zvy,1,fypl,fh8f,9s3s,a9gz
------------------------------------------------------------
10. 7/7: Lovgate-AG Worm Spreads Many Ways
W32/Lovgate-AG is a Windows worm that spreads via email, network shares and
filesharing
networks.
http://nl.internet.com/ct.html?rtr=on&s=1,zvy,1,cits,ilhe,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

wawadave · Posted: Thu Jul 08, 2004 5:56 pm Post subject:

. 7/8: Bagle. AD Worm a 'Medium Threat'
TrendLabs has declared a Medium Risk (YELLOW) alert for WORM_BAGLE.AD, the
latest Bagle
variant, to control the spread.
http://nl.internet.com/ct.html?rtr=on&s=1,zyp,1,6phl,ihzr,9s3s,a9gz
------------------------------------------------------------
5. 7/8: Lovgate.AB@mm Spreads Via Open Shares
W32.Lovgate.AB@mm is mass-mailing worm that also spreads through open network
shares.
http://nl.internet.com/ct.html?rtr=on&s=1,zyp,1,kvqu,2jor,9s3s,a9gz
------------------------------------------------------------
6. 7/8: Agobot-KM Uses Weak Passwords
W32/Agobot-KM is a network worm that spreads to other computers by exploiting
network
services with either weak passwords or unpatched vulnerabilities.
http://nl.internet.com/ct.html?rtr=on&s=1,zyp,1,hzyk,acz2,9s3s,a9gz
------------------------------------------------------------
7. 7/8: LegMir-K Trojan Steals Passwords
Troj/LegMir-K is a password-stealing Trojan.
http://nl.internet.com/ct.html?rtr=on&s=1,zyp,1,bj9q,blh6,9s3s,a9gz
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

wawadave · Posted: Sat Jul 10, 2004 8:57 am Post subject:

3. 7/9: Lovgate.ag@mm Packed Multiple Times
W32/Lovgate.ag@mm, a new variant of W32/Lovgate is packed multiple times.
http://nl.internet.com/ct.html?rtr=on&s=1,102g,1,4ixg,712r,9s3s,a9gz
------------------------------------------------------------
4. 7/9: Berbew.H Trojan Steals Passwords
Backdoor.Berbew.H is a minor variant of Backdoor.Berbew.G.
http://nl.internet.com/ct.html?rtr=on&s=1,102g,1,c8jz,hvs6,9s3s,a9gz
------------------------------------------------------------
5. 7/9: VBS.Gaggle.E Overwrites Files
VBS.Gaggle.E is a variant of VBS.Gaggle.D--a mass-mailing worm that overwrites
several
files.
http://nl.internet.com/ct.html?rtr=on&s=1,102g,1,khft,j134,9s3s,a9gz
------------------------------------------------------------
6. 7/9: Korgo.X Worm Exploits LSASS Flaw
W32.Korgo.X is a worm that attempts to propagate by exploiting the Microsoft
Windows
LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin
MS04-011) on
TCP port 445.
http://nl.internet.com/ct.html?rtr=on&s=1,102g,1,fw0z,akr8,9s3s,a9gz
------------------------------------------------------------
7. 7/9: Rbot-DE Spreads to Remote Shares
W32/Rbot-DE is a worm that attempts to spread to remote network shares.
http://nl.internet.com/ct.html?rtr=on&s=1,102g,1,9gli,cov7,9s3s,a9gz
------------------------------------------------------------
8. 7/9: HacDef-F a New Backdoor Trojan
Troj/HacDef-F is a backdoor Trojan that is targeted at NT/2000/XP operating
systems.
http://nl.internet.com/ct.html?rtr=on&s=1,102g,1,9kbc,lj9d,9s3s,a9gz
------------------------------------------------------------
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd