[Virus Alert] 3 new worms found
Worm name: TROJ_DLOADER.AYB
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan arrives as a file downloaded from the Internet by an unsuspecting user when visiting malicious Web sites. It can also arrive as a file dropped by another malware or spammed via email.
It connects to the Web site www.gobernaci{BLOCKED}queta.gov.co/images to download a malicious spyware, which Trend Micro detects as TSPY_GOLDUN.AO.
It also attempts to connect to the Web site www.eden{BLOCKED}1.net/index_eden1.gif to download possibly malicious files. As of this writing however, the said Web site is inaccessible.
Worm name: JS_FEEBS.AZ
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This malicious JavaScript is embedded in a malicious Web site and is run on a system when a user visits the said Web site. It may also arrive on the system as an .HTML file attached to an email message spammed by a malware, such as WORM_FEEBS.AZ, or a malicious user.
When running on an affected system, it displays a fake MSN.com loading page that displays a text message saying there is no available connection. The user is led to believe that it does not execute, though it is already downloading an encoded file detected by Trend Micro as WORM_FEEBS.AZ. It then decodes and executes the said file on the affected system. This action attempts to hide its download routine.
Thus, a system infected with JS_FEEBS.AZ may also be infected with yet another malware, causing even more harm on the system.
Worm name: XML_DUSTAR.A
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This is Trend Micro's detection for a proof-of-concept macro virus that affects StarOffice/OpenOffice Suites.
(Note: StarOffice/OpenOffice is similar to Microsoft Office. It is Sun Microsystems' freeware office suite software package.)
Once an infected document is opened, it downloads and opens an image of an actress from a certain Web site. It then proceeds to infect other StarOffice/OpenOffice Suites document files. However, due to some errors in its code, it cannot perform its infection routine.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
