[Virus Alert] 5 new worms found
Worm name: TROJ_YABE.Q
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan may arrive as an attachment to a spammed email message that appears to be coming from eBay. This spoofing technique tricks users into thinking that the message is legitimate.
It connects to various URLs to download possibly malicious files. It may also bypass the Windows firewall to automatically download and execute files.
Worm name: TROJ_DLOADER.DHX
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan usually arrives as an attachment to a spammed email message. It may also arrive as a dropped or downloaded file of another malware.
It waits for an active Internet connection, then accesses the following Web site to download and execute the file BOOT32.EXE in the root folder, which is usually C:\:
Worm name: TROJ_DLOADER.DHZ
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan may arrive on a system as a file attached to a spammed email message, dropped by other malware, or downloaded by an unsuspecting user when visiting malicious Web sites.
It saves and executes the said file, which is detected by Trend Micro as TROJ_FAKEALRT.P, in the root folder (usually C:\). As a result, the routines of the related malware are exhibited on the affected machine.
After executing its downloaded file NTLDR1.EXE, this Trojan then deletes it from the system.
Worm name: TROJ_MDROPPER.AL
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
Trend Micro has received reports about this malware propagating in the wild.
This Trojan may arrive on a system as a dropped or downloaded file of another malware.
When executed, it takes advantage of a yet unknown vulnerability in Microsoft Word. It is a vulnerability that allows remote code execution on the affected system. Exploiting this vulnerability allows the said application to drop and execute a malicious file named E.TMP in the Windows temporary folder. Trend Micro detects this .TMP file as TROJ_DLOADER.DKH.
Worm name: TROJ_MDROPPER.AK
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan exploits an unknown remote code execution vulnerability found in Microsoft Powerpoint to drop and execute a file. This is a zero-day vulnerability, wherein an exploit is found before a software vendor can issue a patch to the said vulnerability.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
