Home

In the News

Virus Report

Subscribe Now Online

Media Kit

Archives

Contacts

Calendar of Events

Articles

Article Submissions

Web Seminars

Inside Current Issue
November 2005 Issue

Virus Report

 
TREND MICRO WEEKLY VIRUS REPORT:
Friday November 18, 2005  
Issue Preview:

1. Trend Micro Updates - Pattern File & Scan Engine Updates
2. Trojans Utilize Kernel-mode Rootkit - BKDR_BREPLIBOT (Low Risk)
3. Top 10 Most Prevalent Global Malware
4. Protect Your PC against the Latest - PC-cillin 2006 Now Available

1. Trend Micro Updates - Pattern File & Scan Engine Updates
  • Pattern File : 2.953.00
  • Scan engine : 7.510

    2. Trojans Utilize Kernel-mode Rootkit - BKDR_BREPLIBOT (Low Risk)
    In the past week, much attention has been given to the BREPLIBOT family of backdoor-trojans. This Trojan exploits the Sony Digital Rights Management rootkit-and this new malware also targets a specific audience - the business community. Arriving as an attachment in an email, the malware pretends to come from a reputable business magazine, asking the businessman to verify his/her "picture" (apparently attached to the email) to be used for the December issue. However, rather than presenting a picture, executing the attachment installs the Trojan.

    According to Raimund Genes, Chief Technologist of Anti-Malware for antivirus and content security firm Trend Micro, the issue is less about the Trojan than it is about the underlying rootkit technology utilized by them. This is because the rootkit utilized by the BKDR_REPLIBOT Trojans is a 'kernel-mode' program, which can be used for more dramatic malicious purposes than 'user-mode' programs.

    "We don't blame Sony for attempting to exercise its right to manage its digital property" says Genes. "However, what's important to understand is that this technology can now be used by malicious malware writers to hide and spread their creations. These writers include those who might not know how to write their own rootkits - but now they don't have to."

    Genes adds a strong recommendation that businesses with the need to protect their intellectual property look into other possible solutions, such as building a level of security commitment into contractual agreements with technology partners, especially when those partners are developing additional DRM (digital rights management) tools.

    "The protection of Corporate Intellectual Property in the digital age is a complex and serious matter for any business. This situation emphasizes the growing complexity of corporate security, both from an IT and business continuity standpoint. It makes clear the need for a consolidation of business and security as one unified initiative."

    According to experts at Trend Micro, the primary danger of kernel-mode drivers is that they have the capability to modify or destroy any other data structure in the memory including the operating system code, itself. This is due to the fact that kernel-mode has inherently been granted the highest level of access in a system, and therefore can be utilized to perform nearly any task, including overwriting any other program or data in the system. They add that the objective of rootkits is to conceal the existence of other programs. Instead, they are frequently used to conceal spyware or other malware. And since rootkits are readily available, we expect to see rootkit detection numbers rise.

    Trend Micro is reminding users to remain vigilant. As a precautionary measure, every email should be scrutinized, especially those containing attachments, or those from unexpected or unknown sources, and additionally, they should ensure their security solutions are fully updated. Trend Micro also recommends that technical users and IT staff educate themselves regarding the growing rootkit threat.

    For more information on BKDR_BREPLIBOT.D, please visit http://trendnewsletter.rsc03.net/servlet/cc5?lgLQCWDQTVrjxpuipjLuLKpHQJhuV2VU

    3. Top 10 Most Prevelant Global Malware
    (from November 11 to November 17, 2005)
    1. JAVA_BYTEVER.A  
    2. SPYW_DASHBAR.300 
    3. SPYW_GATOR.F 
    4. WORM_NETSKY.P  
    5. HTML_NETSKY.P 
    6. WORM_MOFEI.B 
    7. PE_PARITE.A 
    8. TSPY_SMALL.SN 
    9. TROJ_ISTBAR.FN 
    10. ADW_LOP.A  
    4. Protect Your PC against the Latest - PC-cillin 2006 Now Available

    Leading desktop security just got better. Trend MicroT PC-cillinT Internet Security 2006 delivers the ultimate protection against viruses, worms, Trojans, and hackers-plus- spyware, spam, phishing attacks, and Internet scams designed to steal credit card and bank account numbers.

    PC-cillin includes a personal firewall, advanced security for your wireless network, vulnerability scan, and comprehensive parental controls. It's everything you need to feel secure. And with Home Network Control, you can easily configure, update, and manage the security for each PC on your network-wherever PC-cillin 2006 is installed.

    Buy Now or Download a free 30-day evaluation of PC-cillin Internet Security 2006  

    		•
    < Go Back

    © 2005 | Designed & managed by Oculus Networks