[Virus Alert] 2 new worms found
Worm name: WORM_ZOTOB.X
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
It also propagates by sending copies of itself as attachments to email messages which it sends to target recipients using its own Simple Mail Transfer Protocol (SMTP) engine. Through the said SMTP engine, this worm does not need other applications to send out email messages, such as Outlook Express. It may also use any available servers to propagate.
It gathers target email addresses from the Windows address book (WAB), Temporary Internet Files folder, as well as from files with certain extension names. By doing the said actions, this worm is able to effectively propagate and consume bandwidth.
This worm has backdoor capabilities. It opens various ports and connects to an Internet Relay Chat (IRC) server. Once a connection is established, it joins a specific IRC channel, where it listens for commands from a malicious user. It then executes these commands on the affected machine. These commands include downloading and executing possibly malicious files.
Worm name: JS_FEEBS.GX
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This malicious JavaScript is embedded in a malicious Web site and runs on a system when a user visits the said Web site. It may also arrive as an attachment to spammed email messages.
When running on the affected computer, it shows a fake aol.com, gmail.com, hotmail.com, msn.com, or yahoo.com loading page. This page displays a text message saying that there is no available connection.
While tricking users into thinking that the said Web page is inaccessible, this malicious JavaScript is downloading the file USERINIT.EXE, which Trend Micro detects as WORM_FEEBS.GP. The said file is stored in the C:\Recycled folder. This JavaScript decodes and executes the said file. As a result, routines of the downloaded malware are also exhibited on the affected system.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
