[Virus Alert] 5 new worms found
Worm name: ELF_KAITEN.AQ
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This malicious executable Linux file (ELF) may be downloaded on the affected system by the malware detected by Trend Micro as UNIX_DLOADER.A. It may also be dropped by another malware via a known vulnerability in Mambo. Mambo is an open source content management system commonly used in Linux platforms.
Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The problem is that a script function does not validate certain variables, which can be changed to include and execute code from a remote location. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.
Worm name: UNIX_DLOADER.A
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Unix malware arrives as a downloaded file from the Internet.
Upon execution, it connects to the Internet using TCP port 8080. Once a connection is established, it utilizes the application Wget to download and execute ELF_LUPPER.F and ELF_KAITEN.AQ from specific URLs.
Thus, a system affected with UNIX_DLOADER.A may also be affected with yet other malware, causing even more harm on the affected system.
Worm name: JS_FEEBS.AU
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This malicious JavaScript is usually embedded in a malicious Web site and is run on a system when a user visits the said Web site. It may also arrive on the system as an attachment to a spammed email message.
Upon execution, it displays a fake login console prompting affected users for a user name and password.
It then displays a fake aol.com, gmail.com, hotmail.com, msn.com, or yahoo.com loading page. The said page contains a message saying that there is no available connection.
Worm name: W2KM_TORED.A
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This malicious macro script usually arrives embedded in a Microsoft Word document that is dropped by other malware or downloaded unknowingly by a user when visiting malicious Web sites. Trend Micro has received reports that a document containing this macro is also being spammed via email.
It contains code that enables it to drop a file detected by Trend Micro as TROJ_SMALL.AIT. It affects Microsoft Word 2000.
Worm name: TROJ_PGPCODER.D
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan may arrive as a file downloaded by TROJ_SMALL.AIT.
This Trojan encrypts all files with specific extension names found on any readable and writable drive on an affected system. As a result, the said files become unreadable to an affected user.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
