[Virus Alert] 2 new worms found
Worm name: TROJ_SMALL.QX
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This memory-resident Trojan drops its DLL component F.TMP in the Temporary folder. It also creates a registry entry to enable its automatic execution at every system startup. This action effectively executes this Trojan's malicious routine upon each system startup.
It monitors users' Internet activities. It does the said routine by monitoring certain adult-related Web sites visited by a user. This Trojan monitors the said Web sites for malicious files that may be downloaded into the affected computer. This action increases the risk of acquiring more malware threats onto the affected computer.
Several reports indicate that this Trojan is being spammed via email.
Worm name: TROJ_SMALL.TB
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan may arrive either as a randomly named file attached to spammed email messages or as a file downloaded from the Internet by other malware. As of this writing, the following are the malware applications that download this Trojan:
• TROJ_AGENT.BEJ
• TROJ_ANI.J
• TROJ_NASCENE.AB
Upon execution, it drops the file SYSLDR.DLL in the Windows system folder. It hooks the said .DLL component to the legitimate Windows process SVCHOST.EXE so that it executes every time the said process is running on the system.
This Trojan waits for Internet connection. Once connection is established, it attempts to access the Web site um{BLOCKED}stat.php?id=-857793374&ver=1.1 to retrieve an encrypted code, which downloads and executes the file L.EXE from the Web site
w{BLOCKED}edwt.com/model/l.exe. The said .EXE file is detected by Trend Micro as TSPY_AGENT.BEI.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
