Trend Micro Protects Against New PrettyPark Trojan Worm; New Auto-Email Trojan Can Steal User Password and System Information -- Protection Available Now at www.antivirus.com.CUPERTINO, Calif.--(BUSINESS WIRE)--June 4, 1999-- Trend Micro Inc., the leader in centrally managed virus protection, has developed a protection against a new auto-email worm, PE_Pretty Park, that can steel computer users' passwords and system information. The new virus, which is spreading through Europe and is expected to enter the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , was discovered by Trend Micro's technical support team in France. Called PE_PrettyPark or Trojan.PSW (Program Status Word) A hardware register that maintains the status of the program being executed. .CHV CHV canine herpesvirus. , the new virus appears as a PrettyPark utility attached to email. It is a backdoor/password stealing Trojan that emails itself automatically to addresses found in the user's Outlook Address Book and sends information back to the virus writer via IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. , an Internet chat protocol. To protect against the new virus, computer users will need to have an antivirus solution that has been updated to protect against PrettyPark. Trend Micro customers can download pattern file No. 538 to ensure they are protected. Concerned computer users can also surf to www.antivirus.com and use HouseCall(TM), Trend Micro's free Internet virus scanning service to detect and remove the malicious worm from their system. The subject field of email messages carrying PrettyPark reads: C:\CoolProgs\PrettyPark.exe and the message itself contains only the attached copy of the infected executable file See executable code. . Unlike a traditional virus which self replicates, PrettyPark is technically a "worm" that copies itself from computer to computer. PrettyPark attempts to use email to spread. The worm installs itself into the user's system and then attempts to forward emails with its attached copy to addresses listed in the Microsoft Outlook For the e-mail and news client bundled with certain versions of Microsoft Windows, see . Microsoft Outlook or Outlook (full name Microsoft Office Outlook Address Book. Users can also spread the worm by innocently forwarding the infected email attachment to another user. Trend Micro has not been able to confirm the auto-email function of this worm. After attempting to spread itself via email, PrettyPark will attempt to send critical system information back to the virus writer using IRC chat. This information can include Internet access passwords and telephone numbers, remote access service login names (RAS (1) See network access server. (2) (Remote Access Service) A Windows NT/2000 Server feature that allows remote users access to the network from their Windows laptops or desktops via modem. See RRAS and network access server. ) and passwords, ICQ ("I Seek You") A conferencing program for the Internet from Mirabilis, Tel Aviv, Israel (www.icq.com). It provides interactive chat, e-mail and file transfer and can alert you when someone on your predefined list has also come online. numbers, remote host system configuration and directory information. "The danger inherent in this worm is that it creates a back door to your computer by taking passwords from your system and sending them back to the worm's author," said Dan Schrader, director of new technology at Trend Micro. "Hopefully, the auto-email aspect of the virus is malfunctioning, preventing it from spreading as quickly as the author intended." Schrader also stated that this type of virus demonstrates the need to add "virus wall" security at the firewall, to prevent malicious code like PrettyPark from entering organizations. More information about PE_PrettyPark can be obtained from Trend's Web site at http://www.antivirus.com. About Trend Micro Trend Micro provides centrally controlled server-based virus and malicious code protection. By protecting information that flows through file servers, e-mail servers and Internet gateways, Trend Micro helps major companies worldwide stop viruses and other malicious code from a central point before they ever reach the desktop. Trend Micro's award-winning products have been chosen by Check Point Software Technologies, Hewlett-Packard, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , ISS ISS See Institutional Shareholder Services (ISS). , Lotus, Lucent Technologies, Microsoft, Netscape, Oracle, Pilot, Sun Microsystems and Wingra as a key part of their server security solutions. Trend Micro is publicly held in Japan, with North American North American named after North America. North American blastomycosis see North American blastomycosis. North American cattle tick see boophilusannulatus. headquarters in Cupertino, Calif., and offices worldwide. Trend Micro's products are sold through a network of corporate and value-added resellers. Evaluation copies of all of Trend Micro's products may be downloaded from its award-winning site, http://www.antivirus.com. Web site visitors may also test-drive products online through Trend Micro's Virtual Lab. Note to Editors: InterScan and VirusWall are registered trademarks of Trend Micro, Incorporated. HouseCall is a trademark of Trend Micro Incorporated. Other product and company names may be trademarks of their respective owners. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion