Security Firm Warns of IM Worm

Discussion in 'malware problems & news' started by ronjor, Aug 9, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
    Article
     
  2. cleverboy123

    cleverboy123 Registered Member

    Joined:
    Aug 12, 2005
    Posts:
    13
    Location:
    London
    Interesting- You should never open files in IM even if you know what it is !

    Better to b safe than sorry ! :rolleyes:
     
  3. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Trend Micro Virus Alert: WORM_CHOD.D

    WORM_CHOD.D is a non-destructive, memory-resident worm that propagates via email and MSN Messenger. It spreads via email by sending copies of itself as an attachment to email messages,by gathering addresses from the Windows registry of affected machines. It spreads via MSN Messenger by sending a URL to all available contacts in the messaging application. Once the users click the URL, they are immediately redirected to a Web site, where this worm automatically downloads itself. This worm is currently spreading in-the-wild and infecting computers running Windows ME, NT, 2000, XP and Server 2003.

    Upon execution, it creates a randomly generated folder in the Windows system folder and drops files in this created folder. It also modifies a particular registry entry to disable the services used by Trend Micro products.

    The worm's backdoor capabilities attempt to open port 37737 to connect to a certain Internet Relay Chat (IRC) server. If it fails to open the port, it attempts to open random TCP ports. It then joins a particular IRC channel, where it waits for malicious commands from a remote malicious user. It also tries to use a password recovery tool to retrieve passwords available on an affected system. It can send the obtained information to the malicious user using its backdoor capabilities.

    If you would like to scan your computer for WORM_CHOD.D, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

    WORM_CHOD.D is detected and cleaned by Trend Micro pattern file #2.764.02 and above.
     
Loading...
Thread Status:
Not open for further replies.