[Virus Alert] 2 new worms found
Worm name: UNIX_MARE.D
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Unix malware arrives as a dropped file of ELF_MARE.C. It connects to port 8080 to download the following files from 198.{BLOCKED}.69 onto the affected system:
• cb - file detected as ELF_RST.B
• httpd - file detected as ELF_MARE.C
• https - file detected as PERL_SHELLBOT.AI
Worm name: JS_FEEBS.CZ
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This malicious JavaScript is embedded in a malicious Web site and runs on a system when a user visits the said Web site. It may also arrive as an attachment to spammed email messages.
When running on the affected system, it shows a fake aol.com, gmail.com, hotmail.com, msn.com, or yahoo.com loading page. This page displays a text message saying there is no available connection.
While tricking users into thinking that the said Web page is inaccessible, this malicious JavaScript is downloading the file USERINIT.EXE, which Trend Micro detects as WORM_FEEBS.LR. The said file is stored in the C:\Recycled folder. This JavaScript decodes and executes the said file. As a result, routines of the downloaded malware are also exhibited on the affected system.
In addition, this malicious JavaScript downloads an encrypted file from various URLs. The said encrypted file contains a copy of WORM_FEEBS.LR. This JavaScript decodes the said file and executes it, resulting in the execution of WORM_FEEBS.LR.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
