[Virus Alert] 3 new worms found

Worm name: W97M_DLOADER.BKV

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

Description:

This macro virus usually arrives as a Microsoft Word document file dropped by other malware or as a file downloaded unknowingly by a user when visiting malicious Web sites.

Upon opening the .DOC file, it drops and executes 666INSE_1.EXE in the root folder (usually C:\). Trend Micro detects this file as TROJ_DLOADER.BKV.

Worm name: TROJ_SMALL.AMB

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

Description:

This Trojan usually arrives on a system as an attachment to a spammed email message. Users are therefore advised to refrain from opening email messages that do not come from a trusted source.

When executed, it downloads several files from specific Web sites, including a file which Trend Micro detects as TROJ_HAXDOOR.DJ. As a result, the routines of the related malware are also exhibited on the affected system.

Worm name: W97M_DLOADER.BVS

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

Description:

This macro virus arrives on an affected system as a file emebedded in a Microsoft Word .DOC file. Affected users may then execute the said .DOC file without knowledge of its malicious intent.

Once the said .DOC file is opened, it executes a hardcoded macro virus that drops a malicious .EXE file detected by Trend Micro as TROJ_DLOADER.BVS. The said Trojan is used to download other malicious files on the affected system.

References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)

http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info