Virus Alert !

[Sean]

Storm Worm carries the subject line "230 dead as storm batters Europe,"
People who open the attachment then unknowingly become part of a botnet.
Storm Worm is a Trojan horse with an executable file as an attachment. Cybercriminals took advantage of social engineering, using the news of the European storm to get people to open the attached malicious file, which promises more news on the weather emergency. The recipient must open the file for it to execute.
The file creates a back door to a computer that can be exploited later to steal data or to use the computer to post spam.

[Sean]

A mass-mailing worm that spreads by copying itself to local drives, network mapped drives and removable storage devices.
Disables keyboard and mouse input when it discovers an active window containing any of the following titles:
RUN
NOTEPAD
UNTITLED

Infects .exe files on all drives.

May send a copy of itself to other computers as an email attachment. The email has the following characteristics:
Subject:
One of the following:

Re:
I don't wish to lost you again!
Please Come Back!
Rindu Yang Tak Tertahankan
Remember Our Past?
Don't Forget Me,please!
Shall I Be The One For You ?
I Miss You So Much !
Please Remember Me.
Still Remember???
I miss U
Ketika Kangen bertemu Rindu
Lama Tak Jumpa
Ketika Rindu bertemu Kangen

Message Body:
One of the following:

I wanna be you friend. So I give you a little present ^_^
Ehm,....would you like to be my friend ?
Please check, tell me if you like it ^_^.
Will I meet You my old friend...
I miss You, I give you a file that will remind you...
Dear My Sweetie..
Here is the file, Thank you for your friendship.
Please, don't forget me...Ok! Take a look at the attacment, you will remember me.
I am missing you, please come back...
I give you the proof that I miss you so much!
Shall I be the one for you?
Still remember me ???
Do you remember me?
Dear My Friend..
Here is the file, Thank you for your cooperative.
Take this, please tell me if there's an error.
Please check, told me if there's a mistake.
Sorry, I forget to send you the document.
I'm oversleep.
Finally, I found the data !, what do you think ??
Here, the file that you want

[DragonLensmanWV]

Virus:MacOS/Leap.ACME number:CME-4Date discovered:16/02/2006Type:WormIn the wild:YesReported Infections:LowDistribution Potential:LowDamage Potential:LowStatic file:
File size:39.596 BytesVDF version:6.33.01.02 - Fri, 17 Feb 2006 06:28 (GMT+1)
General Method of propagation:
• Messenger


Aliases:
• Symantec: OSX.Leap.A
• Mcafee: OSX/Leap
• Kaspersky: IM-Worm.MSIL.Ltp.a
• Sophos: OSX/Leap-A
• Panda: Trj/Oomp.A!CME-4


Platform / OS:
• Mac


Side effects:
• Drops files
• Drops a malicious file

Files The following files are created:

– Non malicious files:
• /tmp/pic.gz
• /tmp/pic

– It creates the following archives containing a copy of the malware:
• /tmp/latestpics.tgz
• /tmp/latestpics.tar.gz
• /tmp/apphook.tar

– /tmp/latestpics
– /tmp/hook
– /tmp/apphook
Messenger Propagation via file
It sends a file with the following name:
• latestpics.tgz

[Sean]

iWorkServices Trojan Horse or OSX.Trojan.iServices.B

A attack being distributed via BitTorrent, where it's disguised as a bootleg copy of the new iWork 09. Once installed, the malware takes administrator access and connects to remote servers over the Internet, where it can be given additional instructions as the author commands, from installing additional malware to stealing information off the Mac in question. The malware creator can also take complete remote control of any compromised machine.