[Virus Alert] 4 new worms found

Worm name: WORM_MYTOB.HH

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

It uses its own Simple Mail Transfer Protocol (SMTP) engine to send email messages, which have the following message body:

 

Moreover, it attaches a copy of itself in email messages it sends. Executing the said attachment transforms the system into a propagation launch pad and furthers this worm's replication.

 

It gathers target recipients or email addresses from the Windows Address Book (WAB). However, it avoids sending email messages to addresses that contain certain strings.

 

 

Worm name: TROJ_ANIMOO.D

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

This Trojan usually arrives as a downloaded file from the Internet whenever users visit the malicious Web site traffall.biz/{BLOCKED/064/sploit.anr.

 

It takes advantage of the Windows Cursor and Icon Format Handling vulnerability to download a malicious file named WIN32.EXE from the Web site traffall.biz/{BLOCKED}/064/win32.exe.

 

It then saves the said file in the folder where it initially executes. Note that the file name this Trojan uses may vary. The downloaded file is detected by Trend Micro as TROJ_TIBS.AI. Thus, a system affected with TROJ_ANIMOO.D is also affected with yet another malware, causing even more harm on an affected system.

 

 

Worm name: CHM_CODEBASE.BS

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

This Compiled HTML (.CHM) file is usually downloaded into a system from a certain malicious Web site via a Windows exploit.

 

Upon execution, it drops and executes another malicious file in the Downloaded Program Files folder found in the Windows folder. In effect, routines of the said Trojan are also exhibited on the affected system. The downloaded file is detected by Trend Micro as TROJ_TIBS.AI.

 

 

Worm name: TROJ_TIBS.AI

Risk rating: HIGH

Damage Potential: HIGH

Distribution Potential: HIGH

 

Description:

This Trojan arrives on a system as a file dropped by CHM_CODEBASE.BS, or downloaded by TROJ_ANIMOO.D. Users are strongly advised to also remove the mentioned related malware in order to prevent the system from being re-infected by this Trojan.

 

It may also be downloaded by users from the malicious Web site traf{BLOCKED}ll.biz/adv/064/win32.exe.

 

Upon execution, it drops a copy of itself as KERNELS8.EXE in the Windows system folder.

 

 

 

References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)

http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info

---