[Virus Alert] 5 new worms found

Worm name: TROJ_DLOADER.DEU

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

When executed, it creates a registry entry to bypass the Windows Firewall of the affected system. This routine allows easy access to Web sites with possibly malicious content.

 

This Trojan waits for active Internet connection and accesses the following Web site to download and execute the file, SUHOY336.EXE, on the affected system:

 

As a result, the routines of the downloaded spyware may also be exhibited on the affected machine.

 

 

Worm name: TROJ_BAGLE.AV

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

It accesses specific URLs to download several files, including another malware that Trend Micro detects as TROJ_BAGLE.FL. It then saves the downloaded files in the %Application Data%\m subfolder.

 

As a result, malicious behavior of the said downloaded file is also exhibited on the affected system. In addition, the said routine puts users on a risk of acquiring more threats.

 

 

Worm name: TROJ_MDROPPER.AS

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

This Trojan can arrive as an attachment to spammed email messages. It takes advantage of a yet unknown vulnerabilty in Microsoft Powerpoint to drop a backdoor, detected by Trend Micro as BKDR_BIFROSE.DS.

 

Worm name: TROJ_MDROPPER.AW

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

This Trojan takes advantage of a yet unknown vulnerabilty in Microsoft Word to drop a Trojan, detected by Trend Micro as TROJ_SHARP.R.

 

 

Worm name: TROJ_PPDROPPER.A

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

This Trojan arrives as a file downloaded from the Internet. It may also be dropped by another malware.

 

It is a .PPT file that uses a vulnerability in Microsoft Office to drop and execute another malware, which Trend Micro detects as BKDR_AGENT.DIX. This routine allows the automatic execution of the routines of the dropped malware on the affected system.

 

It uses the vulnerability in Microsoft Office in which a malformed routing slip may allow a remote user to execute malicious codes on the affected system. For more information on the said vulnerability.

 

 

 

References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)

http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info

---