Trend Micro Virus Alert: WORM_GREW.A

WORM_GREW.A propagates by attaching copies of itself to email messages that it sends to target addresses, using its own Simple Mail Transfer Protocol (SMTP) engine. It can then send email messages without using mailing applications (such as Microsoft Outlook). It gathers email addresses from files with certain extensions, such as DOC, PSD, RAR, and ZIP. It also propagates through network shares, by searching the network for ADMIN$ and C$ shares, where it drops a copy of itself
using the file name WINZIP_TMP.EXE. It is currently spreading in-the-wild, and infecting computers that run Windows 98, ME, NT, 2000, XP, and 2003 Server.

Upon execution, it drops and opens a .ZIP archive named SAMPLE.ZIP in the Windows system folder. This worm also deletes autostart registry entries, as well as associated files of several programs, most of which are related to security and antivirus applications. These routines may cause referenced programs to malfunction, effectively making the affected system more vulnerable to further attacks.

In addition, it is capable of disabling the mouse and keyboard of an affected system.

If you would like to scan your computer for WORM_GREW.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

For additional information about the WORM_GREW.A please visit:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_GREW.A

 

None of my computers can get Trend Micro to work. It just keeps saying Transferring data and never gets past that.. What do you think

 

Hi, I just noticed your post; I tend to use this forum mainly for announcements of new malware in-the-wild; yours is a question best directed to the other anti-virus software forum, since it is a software issue. Although I report updates and other info from Trend Micro, I don't have any Trend Micro products installed on my PCs so cannot address your question, sorry ..

 

FollowUp Threat Advisory - WORM_GREW.A

A new malicious worm began infecting systems last week, which promises to launch an attack on February 3rd and the 3rd of every month thereafter, according to threat researchers at antivirus and content security firm Trend Micro. The new worm, known by such names as Nyxem, BlackMal, Mywife, and CME-24, has infected hundreds of thousands of machines over the past week, most from unsuspecting users who do not yet know they are infected.

Like most worms, WORM_GREW.A propagates via email attachments and network shares, including popular P2P file sharing services. The email method of transmission employs common social engineering techniques including the promise of pictures, pornographic content, or a joke to entice users to open the corresponding attachment.

According to Jamz Yaneza, Senior Threat Analyst at Trend Micro, though this worm utilizes common propagation techniques, the code itself is anything but common. "This is a destructive virus that deletes and overwrites any number of files present on a user's system, by targeting the most popular file formats - including .DOC, .XLS, .PPT, .PDF, and .ZIP, to name just a few" says Yaneza. "In addition to losing a great deal of data, this virus also renders the keyboard and mouse inoperable, thereby leaving the user's system dead in the water." Yaneza adds that this is a truly global threat, affecting computer systems in over 150 countries, to date.

Since this threat is relatively well-known to the security industry, most major security vendors - including Trend Micro - detect this worm and its variants.

Trend Micro has specific detection for all currently-known variants of this worm, and successfully detects all new variants generically, thereby providing broad protection against this threat. Additionally, Trend Micro has the capability to automatically remove this worm, via its Damage Cleanup Services. Trend Micro customers can visit http://www.trendmicro.com/download/dcs.asp to utilize this service.

"The best defense is for users to run a scan of their systems, to ensure they haven't been infected" says Jeffrey Aboud, Trend Micro's Threat Response Manager. "The attack is hard-coded in the Worm, so if they haven't been infected, then there's no need to worry about the February 3rd attack, as long as they stay clean." Aboud adds the following advice for users:

* Do not open any emails from those you don't know
* Do not open attachments from those you do know, if you weren't expecting an attachment from that person, or if the content of the email seems out of character for that person
* Ensure your antivirus definitions are up-to-date. Trend Micro customers should be using OPR 3.180.03 or later
* Run a manual scan with your updated Trend Micro product, or with Housecall, Trend Micro's free online virus scanner. Housecall is available at http://housecall.trendmicro.com/