My God! Some One Killed Chinesehacke virus detail
Issue Preview:
1. Trend Micro Updates - Pattern File and Scan Engine Updates
2. New Mass Mailer - PE_CHIR.B (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser
window.
************************************************************************
1. Trend Micro Updates - Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 331 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/
2. New Mass Mailer - PE_CHIR.B (Low Risk)
------------------------------------------------------------------------
This mass-mailing worm propagates by sending copies of itself to all
addresses listed in the target user's Windows Address Book (WAB). It
sends an email with the following details:
From: imissyou@btmail.net.cn
Subject: is comming!
Message:
Attachment: PP.EXE
It also infects all files with the following extensions:
.EXE
.SCR
.HTM
.HTML
On the first day of every month, it overwrites the first 1,234 Bytes of
all files with the following extensions:
.ADC
.RDB
.DOC
.XLS
This worm exploits a known vulnerability affecting systems running
Microsoft Internet Explorer 5.01 and 5.5. This exploit allows the
automatic execution of email attachments without the user opening them.
The infected email attachment is tagged as audio/x-wav content-type by
this worm. Therefore, the default audio-file player of the system that
this email arrives in, attempts to open the attachment.
Upon execution, this worm executes itself as another process. Since the
creation of another process consumes additional memory resources, this
behavior may cause the infected system to hang. This worm drops several
copies of the file README.EML on all directories and subdirectories.
This file is a Uuencoded version of the worm. Uuencode is a universal
protocol for sending files between different platforms, and is typically
utilized for sending email attachments.
On infected systems running Windows NT 4.0, Windows 2000, and Windows
XP, this malware runs the Net Send command to send the following text
message to all computers belonging to the same workgroup:
My god! Some one killed ChineseHacker-2 Monitor
If you would like to scan your computer for PE_CHIR.B or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free online virus scanner at: http://housecall.antivirus.com/
PE_CHIR.B is detected and cleaned by Trend Micro pattern file #330 and
above.
For additional information about PE_CHIR.B please visit:
http://www.trendmicro.com/vinfo/virusencyc...sp?VNamePE_CHIR
.B
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_NOCLOSE.A
3. WORM_DATOM.A
4. WORM_DANDI.A
5. PE_MAGISTR.B
6. JS_NOCLOSE.E
7. WM_CONCEPT
8. PE_NIMDA.A-O
9. WORM_YAHA.E
10. WORM_KLEZ.E
1. Trend Micro Updates - Pattern File and Scan Engine Updates
2. New Mass Mailer - PE_CHIR.B (Low Risk)
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
NOTE: Long URLs may break into two lines in some mail readers.
Should this occur, please copy and paste the URL into your browser
window.
************************************************************************
1. Trend Micro Updates - Pattern File and Scan Engine Updates
------------------------------------------------------------------------
PATTERN FILE: 331 http://www.trendmicro.com/download/pattern.asp
SCAN ENGINE: 6.150 http://www.trendmicro.com/download/engines/
2. New Mass Mailer - PE_CHIR.B (Low Risk)
------------------------------------------------------------------------
This mass-mailing worm propagates by sending copies of itself to all
addresses listed in the target user's Windows Address Book (WAB). It
sends an email with the following details:
From: imissyou@btmail.net.cn
Subject:
Message:
Attachment: PP.EXE
It also infects all files with the following extensions:
.EXE
.SCR
.HTM
.HTML
On the first day of every month, it overwrites the first 1,234 Bytes of
all files with the following extensions:
.ADC
.RDB
.DOC
.XLS
This worm exploits a known vulnerability affecting systems running
Microsoft Internet Explorer 5.01 and 5.5. This exploit allows the
automatic execution of email attachments without the user opening them.
The infected email attachment is tagged as audio/x-wav content-type by
this worm. Therefore, the default audio-file player of the system that
this email arrives in, attempts to open the attachment.
Upon execution, this worm executes itself as another process. Since the
creation of another process consumes additional memory resources, this
behavior may cause the infected system to hang. This worm drops several
copies of the file README.EML on all directories and subdirectories.
This file is a Uuencoded version of the worm. Uuencode is a universal
protocol for sending files between different platforms, and is typically
utilized for sending email attachments.
On infected systems running Windows NT 4.0, Windows 2000, and Windows
XP, this malware runs the Net Send command to send the following text
message to all computers belonging to the same workgroup:
My god! Some one killed ChineseHacker-2 Monitor
If you would like to scan your computer for PE_CHIR.B or thousands of
other worms, viruses, Trojans and malicious code, visit HouseCall, Trend
Micro's free online virus scanner at: http://housecall.antivirus.com/
PE_CHIR.B is detected and cleaned by Trend Micro pattern file #330 and
above.
For additional information about PE_CHIR.B please visit:
http://www.trendmicro.com/vinfo/virusencyc...sp?VNamePE_CHIR
.B
3. 10 Most Prevalent In-the-Wild Malware Surveyed by Trend Micro US
------------------------------------------------------------------------
1. WORM_KLEZ.H
2. JS_NOCLOSE.A
3. WORM_DATOM.A
4. WORM_DANDI.A
5. PE_MAGISTR.B
6. JS_NOCLOSE.E
7. WM_CONCEPT
8. PE_NIMDA.A-O
9. WORM_YAHA.E
10. WORM_KLEZ.E
Comments