[Virus Alert] 2 new worms found
Worm name: TROJ_MULDROP.GP
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan arrives attached to an email message, which is manually spammed by a malicious user.
It is a self-extracting .RAR archive file, which when executed, creates a subfolder named SHELLZ inside the %System%\drivers folder. It then drops several files into the created folder, including other malware and grayware detected by Trend Micro as BAT_ZAPCHAST.CK, IRC_ZAPCHAST.CM, and HKTL_HIDEWIN.F.
This Trojan comes with an mIRC program. It modifies several registry entries so that its mIRC component executes everytime a user uses an mIRC program.
It opens the dropped image file ZZZXX.GIF using the system's default image viewer in order to trick users into thinking that its process merely opens a normal file, thus, hiding its malicious routines. It then proceeds to execute its mIRC component, and its dropped malware BAT_ZAPCHAST.CK.
Worm name: TROJ_CRYZIP.A
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan is usually downloaded from the Internet. It ZIP-compresses all files on any readable and writable drive with certain extension names, and password-protects them with the string C:\Program Files\Microsoft Visual Studio\VC98:.
This Trojan drops the file AUTO_ZIP_REPORT.TXT into folders where each encrypted file is located. The dropped .TXT file contains information on how to decrypt the affected files. However, it appears that this Trojan attempts to make the affected user shell out money to restore the encrypted files by following the instructions listed in the aforementioned .TXT file.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
