[Virus Alert] 2 new worms found
Worm name: JS_FEEBS.BD
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This JavaScript is embedded in a malicious Web site and is run on a system when a user visits the said Web site. It may also arrive on the system as an attachment to an email message manually spammed by a malware or a malicious user.
When running on the affected system, it displays a fake error message saying there is no available Internet connection. It appears to the user that the JavaScript has failed to successfully access the Web page even though it is already downloading an encoded file detected by Trend Micro as WORM_FEEBS.LS. It then decodes and executes the said file on the affected system.
Moreover, it deletes antivirus and security-related registry keys. This action makes detection and removal of this JavaScript difficult. It also increases the risk of acquiring more malware threats onto the affected machine.
Worm name: WORM_MYTOB.PB
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This memory-resident worm propagates by sending email messages using its own Simple Mail Transfer Protocol (SMTP) engine. Since its email propagation does not require any user intervention, a user is often unaware that this worm is sending out email messages. The said email message contains a spoofed link that when clicked, redirects the user to the following URL:
It harvests email addresses from the Windows Address Book (WAB), from the Temporary Internet Files folder and all its subfolders, as well as from files with certain extension names.
It also generates email addresses by using a list of names and any of the domain names of the previously gathered addresses. By doing the said actions, this worm is able to effectively propagate and consume bandwidth.
Moreover, it prevents affected users from accessing several antivirus and security Web sites by modifying the HOSTS file. It also terminates several processes, most of which are related to antivirus and security programs. By terminating antivirus processes and preventing the user's access to antivirus Web sites, this worm cripples the compromised system's defenses so that its malicious routines can continue without interference.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
