2006-05-29 11:55 Age: 6 yrs

[Virus Alert] 3 new worms found

Worm name: TROJ_BROWSAFE.A

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

This Trojan arrives as a file downloaded by an unsuspecting user when visiting a certain Web site. Upon execution, it creates subfolders in the root folder (usually C:\) and drops a copy of itself and other files in the said subfolders. It also modifies the Internet Explorer start and local pages to a certain Web page.

 

It is capable of spamming messages to popular instant messenger applications, such as Yahoo Messenger and mIRC. It sends the following messages to the affected user’s chat buddy:

 

 

Worm name: WORM_RANCHNEG.A

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

It propagates by sending copies of itself as attachment to email messages. Details of the email that it sends out are found here:

 

It initially searches for email addresses and retrieves them from files with certain extension names. It then sends email messages to these retrieved addresses. However, this worm avoids sending email messages to addresses containing specific strings, such as webmaster and service.

 

This worm also has backdoor capabilities. It contacts servers to steal and upload information. It also opens random ports to steal the information from the affected user and execute malicious commands locally.

 

 

Worm name: TROJ_HARNIG.EO

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

This Trojan arrives as a file downloaded from the Internet by an unsuspecting user when visiting malicious Web sites. It can also arrive as a file dropped by another malware or spammed via email.

 

The files available for download at the two abovementioned Web sites may vary from time to time. If the available files are executable, they may be malicious and their routines may cause harm on the affected system.

 

Moreover, this Trojan prevents an affected user from accessing certain Web sites, most of which are related to antivirus applications. It performs the said action to prevent its easy detection and consequent removal from the system.

 

 

 

References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)

http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info

<- Back to: Security Alert Listing





2009-08-14 14:35

TA09-223A: Microsoft Updates for Multiple Vulnerabilities

2009-08-14 14:35

TA09-218A: Apple Updates for Multiple Vulnerabilities

2009-08-14 14:35

TA09-209A: Microsoft Windows, Internet Explorer, and Active Template Library (ATL) Vulnerabilities

2009-08-14 14:35

TA09-204A: Adobe Flash Vulnerability Affects Flash Player and Other Adobe Products

2009-08-14 14:35

TA09-195A: Microsoft Updates for Multiple Vulnerabilities

2009-07-13 10:42

TA09-187A: Microsoft Video ActiveX Control Vulnerability

2009-07-13 10:42

TA09-160A: Microsoft Updates for Multiple Vulnerabilities

2009-07-13 10:42

TA09-161A: Adobe Acrobat and Reader Vulnerabilities

2009-07-13 10:42

TA09-133B: Adobe Reader and Acrobat JavaScript Vulnerabilities

2009-07-13 10:42

TA09-133A: Apple Updates for Multiple Vulnerabilities

  |    |