[Virus Alert] 2 new worms found
Worm name: BKDR_BREPIBOT.C
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
To get a one glance comprehensive view of the behavior of this backdoor program.
This memory-resident backdoor arrives on a system as an attachment to a spammed email message. It may also arrive as a file dropped or downloaded from the Internet by a remote malicious user.
This backdoor opens random ports and connects to a specific Internet Relay Chat (IRC) server. It then joins an IRC channel, where it receives commands from a remote malicious user. It performs the said commands, thus effectively compromising system security and increasing the risk of further attacks on the affected machine.
Worm name: WORM_BAGLE.CL
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
To get a one glance comprehensive view of the behavior of this backdoor program.
It gathers target email addresses from files with extensions .DHTM and .SHTM. It avoids email addresses that contain certain strings.
It also propagates by dropping a copy of itself in folders whose names contain the string shar. It assumes that these folders are used by file sharing applications to store shared files. It uses file names purporting to be installers of known applications to trick a user to download and open these files.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
