[Virus Alert] 3 new worms found
Worm name: TROJ_EMBED.AN
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This worm spreads by attaching a copy of itself to an email message, which it sends to target recipients using Simple Mail Transfer Protocol (SMTP) server mx4.mail.yahoo.com.
This worm banks on social engineering, wherein copies of itself are named either as legitimate applications or as cracking tools to popular software applications.
The file names described above are dropped in the shared folders of the abovementioned P2P applications.
Worm name: WORM_BAGLE.FU
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This worm propagates via email. It sends copies of itself as a password-protected .ZIP attachment to email messages that it sends to target addresses using its own Simple Mail Transfer Protocol (SMTP) engine. Hence, the malicious .EXE file is not detected until extracted by the recipient. Also, using its own SMTP engine allows this worm to send copies of itself even without using mailing applications such as Microsoft Outlook.
It terminates processes that are related to antivirus and security applications. This routine provides difficulty in removal of this worm.
Moreover, it deletes a registry key that is related to restarting the system in safe mode. This routine causes the system to be unable to restart in safe mode when the need arises.
Worm name: TROJ_URXCEL.A
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This Trojan is a proof of concept (PoC) Perl script that may arrive as a Microsoft Excel (.XLS) file. It may also be downloaded or dropped by another malware.
It takes advantage of a zero-day exploit in Microsoft Excel. Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may pose as a dangerous situation in which a lot of computers may be affected due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
