[Virus Alert] 4 new worms found
Worm name: TROJ_MITGLIED.AA
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan may be dropped by another malware. It may also be downloaded from the Internet.
It opens port 988 and connects to various Web sites to download possible variants of the BAGLE malware. This routine elevates the risk of affected systems in acquiring more malware threats.
Worm name: TROJ_DROPPER.ZC
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan may arrive on a system as an attachment to spammed email messages. A sample of the said message, written in Chinese, is as follows:
The said spammed email messages may specifically target Chinese-speaking regions or readers. However, the email message may also arouse the curiosity of non-Chinese speaking users.
Upon execution, this Trojan drops and executes files that are detected by Trend Micro as TSPY_LINEAGE.RV. Thus, routines of this spyware are also exhibited on affected computers.
Worm name: JS_FEEBS.BK
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This malicious JavaScript is usually embedded in a malicious Web site and is run on a system when a user visits the said Web site. It may also arrive on the system as an attachment to a spammed email message.
When executed, it displays a fake aol.com, gmail.com, hotmail.com, msn.com, or yahoo.com loading page. The said page contains a message saying that there is no available connection.
Thus, affected users are led to believe that the said Web page is inaccessible, even though an encoded file, which Trend Micro detects as WORM_FEEBS.AZ, is already being downloaded by this malicious JavaScript to the C:\Recycled folder.
Worm name: TROJ_SMALL.ABO
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan may arrive on a system as a downloaded file from the Internet or as a dropped file of another malware. Several reports have surfaced to indicate that this Trojan is also being spammed via email.
Upon execution, this Trojan attempts to connect to the Internet. Once an Internet connection is established, it accesses certain URLs to download and execute files that Trend Micro detects as TSPY_GOLDUN.AO.
Thus, a system affected with TROJ_SMALL.ABO may also be affected with the said spyware, causing even more harm on a system.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
