Trend Alert: WORM_KELVIR.B and WORM_FATSO.A

Discussion in 'malware problems & news' started by Randy_Bell, Mar 7, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Trend Micro Medium Risk Virus Alert - WORM_KELVIR.B and WORM_FATSO.A

    As of March 7, 2005, 3:05 AM (GMT - 08:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_KELVIR.B and WORM_FATSO.A. TrendLabs has received numerous infection reports indicating that this malware is spreading in Korea and the United States of America.

    • WORM_KELVIR.B:

    This new worm is very similar to WORM_KELVIR.A, in that it also propagates via MSN messenger. It attempts to send the following instant message to all online MSN messenger contacts of an affected user:

    "http://home.ea<BLOCKED>link.net/gallery10/omg.pif lol! see it! u'll like it"

    When the user clicks the given URL, this worm downloads a copy of itself, named OMG.PIF, from the given URL. When this downloaded copy is executed, it downloads another malware file from the Internet, which Trend Micro detects as WORM_SDBOT.AUI.


    • WORM_FATSO.A

    This memory-resident worm arrives on a system via MSN messenger, a popular instant messaging application. It spreads copies of itself to all online MSN messenger contacts of an affected system by sending an instant message conataining a link, which when clicked, downloads a copy of this worm into the recipient's system. This worm also has the ability to propagate via eMule, a known peer-to-peer (P2P) file sharing application.

    This worm is capable of redirecting infected users to a certain Web site, which as of this writing, is already not available. It does this whenever the user accesses Web sites that are associated with antivirus and security companies.

    It may also terminate certain running processes, and disallow them from executing while this worm resides in the memory.


    TrendLabs will be releasing the following EPS deliverables:

    TMCM Outbreak Prevention Policy 154
    Official Pattern Release 2.476.00
    Damage Cleanup Template 550


    For more information on WORM_KELVIR.B and WORM_FATSO.A, you can visit our Web site at:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KELVIR.B
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_FATSO.A
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.