[Virus Alert] 2 new worms found
Worm name: WORM_MYTOB.NN
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This worm propagates by attaching copies of itself to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine. It is capable of sending email messages without using mailing applications, such as Microsoft Outlook. Click here to view the details of the email messages it sends out.
It gathers target email addresses from the Windows Address Book (WAB) and Temporary Internet Files folder, which are common repositories of email addresses. It also gathers email addresses from files with certain extension names.
This worm spreads through network shares as well. It searches for certain shares, where it drops a copy of itself. It uses a list of user names and passwords to gain access to password-protected shares.
Worm name: WORM_GREW.B
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This memory-resident worm propagates by sending copies of itself as an attachment to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine. Through this SMTP engine, it is able to easily send the said email message even without using other mailing applications, such as Microsoft Outlook.
It gathers email addresses from files with certain extension names, such as DOC, PSD, RAR, and ZIP.
This worm also propagates via network shares. It does the said routine by searching the network for ADMIN$ and C$ shares, where it drops a copy of itself using the file name WINZIP_TMP.EXE.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
