[Virus Alert] 6 new worms found
Worm name: WORM_MYTOB.OX
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
Similar to other WORM_MYTOB variants, this worm propagates by sending a copy of itself as an attachment to email messages.
It gathers target email addresses from the Windows Address Book (WAB). The said action allows this worm to send a copy of itself to other contacts. Other recipients may unsuspectingly open the attached copy, thus further affecting a greater number of computers.
It may also generate email addresses by using a list of names appended with a domain name, which it copies from previously harvested email addressses.
This memory-resident worm has backdoor capabilities. Using a random port, it connects to an Internet Relay Chat (IRC) server, Once a connection is established, it joins an IRC channel, where it listens for commands from a remote user. The said commands are executed locally on the affected computer. This action effectively compromises the affected system's security.
Worm name: SYMBOS_PBSTEAL.D
Risk rating: MEDIUM
Damage Potential: MEDIUM
Distribution Potential: MEDIUM
Description:
This Symbian malware affects mobile devices running the Symbian operating system with the Series 60 Platform user interface. Among the phone models that use this operating system are the following:
• Nokia 3600
• Nokia 3620
• Nokia 3650
• Nokia 3660
• Nokia 6600
• Nokia 6620
• Nokia 7610
• Nokia 7650
• Nokia N-Gage
• Panasonic X700
• Sendo X
• Siemens SX1
Once installed on an affected mobile device, this malware attempts to steal contact information from the user's phonebook entries, as well as Calendar, Notes, and To Do entries. It then searches for online Bluetooth devices and attempts to send the data it gathers to the first online device it finds.
Similar to SYMBOS_PBSTEAL.C, this Symbian malware's information threft routine is critical for affected users, especially if the Notes and To Do lists stolen contain sensitive information such as account numbers, passwords, and similar data. Users are therefore advised to avoid placing sensitive information on their mobile phones, and to be vigilant about installing applications.
Worm name: JS_FEEBS.CP
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This JavaScript is embedded in a malicious Web site and is run on a system when a user visits the said Web site. It may also arrive on the system as an attached .HTML file to an email message manually mass-mailed by a malicious user.
When running on the affected system, it shows a fake aol.com, gmail.com, hotmail.com, msn.com, or yahoo.com loading page that displays a text message saying there is no available connection. It may also display a message asking for a user ID and password.
Upon execution, it decodes and drops an .EXE detected by Trend Micro detects as WORM_FEEBS.CP in Windows system folder.
Worm name: SYMBOS_SNDTOOL.A
Risk rating: MEDIUM
Damage Potential: MEDIUM
Distribution Potential: MEDIUM
Description:
This Symbian malware affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. Among the affected phone models are the following:
• Nokia 3600
• Nokia 3620
• Nokia 3650
• Nokia 3660
• Nokia 6600
• Nokia 6620
• Nokia 7610
• Nokia 7650
• Nokia N-Gage
• Panasonic X700
• Sendo X
• Siemens SX1
Once installed on an affected mobile device, it drops files in a specified drive of the affected phone. It then searches for online Bluetooth devices and sends to the first online device it finds the following possibly-malicious file specified in PATH.TXT:
C:\pbcompressor.Sis
Users are therefore advised to avoid placing sensitive information on their mobile phones, and to be vigilant about installing applications.
Worm name: SYMBOS_BOOTTON.E
Risk rating: MEDIUM
Damage Potential: MEDIUM
Distribution Potential: MEDIUM
Description:
This Symbian malware affects mobile devices running on Symbian operating system with the Series 60 Platform user interface. Among the affected phone models are the following:
• Nokia 3600
• Nokia 3620
• Nokia 3650
• Nokia 3660
• Nokia 6600
• Nokia 6620
• Nokia 7610
• Nokia 7650
• Nokia N-Gage
• Panasonic X700
• Sendo X
• Siemens SX1
This Symbian malware arrives and propagates via active Bluetooth connection.
Once executed, the affected mobile device dispays a message warning the user that the said application comes from an untrusted source and may cause problems when run.
Worm name: JS_FEEBS.CS
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This JavaScript arrives on a system as a downloaded file from the Internet. It may also arrive on the system as an attached .HTML file to an email message sent by a malicious user.
Upon execution, this JavaScript displays fake loading pages for certain legitimate Web sites. The said page states that the affected user's Internet browser is attempting to connect to the aforementioned sites.
It may also display a message prompting a user for a user name and password.
It drops a file in the Windows system folder, which Trend Micro detects as WORM_FEEBS.CS.
.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
