Trend Micro Virus Alert - WORM_WURMARK.J

Discussion in 'malware problems & news' started by Randy_Bell, May 11, 2005.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Dear Trend Micro customer,

    As of May 11, 2005 4:30 AM (Pacific Daylight Time/GMT -8:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_WURMARK.J. TrendLabs has received several infection reports indicating that this malware is spreading in France, India, Taiwan, and Singapore.

    This memory-resident worm propagates via email messages. Upon execution, it drops a copy of itself in the Windows system folder using a random file name.

    It also drops a randomly named (Dynamic Link Library) DLL file in the Windows system folder, which is a component of IESpy, a spyware program.

    This worm has a keylogging capability. It saves the logs typed by the user in a dropped random DLL file.

    It drops several .ZIP files in the Windows system folder as email attachment.

    This worm propagates by sending a copy of itself via email. The email message contains the following details:

    Subject: (any of the following)
    -details
    -girls
    -image
    -love
    -message
    -music
    -news
    -photo
    -pic
    -readme
    -resume
    -screensaver
    -song
    -video

    Attachment: (any of the following file names)
    -details.zip
    -girls.zip
    -image.zip
    -love.zip
    -message.zip
    -music.zip
    -news.zip
    -photo.zip
    -pic.zip
    -readme.zip
    -resume.zip
    -screensaver.zip
    -song.zip
    -video.zip

    TrendLabs will be releasing the following EPS deliverables:

    TMCM Outbreak Prevention Policy - 174 (uploaded)
    Official Pattern Release - 2.625.00
    Damage Cleanup Template - 596

    For more information on WORM_WURMARK.J, you can visit our Web site at:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WURMARK.J
     
  2. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Sophos writeup on this worm: W32/Wurmark-J
     
  3. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Symantec's writeup on this worm: W32.Lanieca.A@mm
    Tech Details: http://securityresponse.symantec.com/avcenter/venc/data/w32.lanieca.a@mm.html#technicaldetails
     
Loading...
Thread Status:
Not open for further replies.