Wednesday 11 May 2005, Trend Micro today issued a medium risk alert for WORM_WURMARK.J, this memory-resident worm which has been seen spreading by email. Upon execution, it drops a copy of itself in the Windows system folder using a random file name.
Interestingly, it also drops a randomly named (Dynamic Link Library) DLL file in the Windows system folder, which is a component of an IESpy, a Spyware program. This is the first time a worm has been identified, containing a commercial spyware programme.
WORM_WURMARK.J has a keylogging capability. It saves the logs typed by the user in a dropped random DLL file. Additionally WURMARK drops several zip files in the Windows system folder as email attachment.
The subject of the email varies, using a number of words such as "details", "girls" "music" and "readme". Using basic social engineering methods, it entices users to open the .zip files with names like "love.zip", "image.zip" and "screensaver.zip". The message body however is blank.
For further information please visit Trend Micro's website at www.trendmicro.com
# # #
About Trend Micro
Trend Micro is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has business units worldwide. Trend Micro products are sold through corporate, value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit: www.trendmicro.com.
Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners. Information is accurate time it was written and is subject to change without notice.
# # #
Voor meer informatie:
Trend Micro
Mireille Boetje
Tel: +31 (0)30 2106 333
E-mail: mireille_boetje@trendmicro.co.uk
Lammers van Toorenburg Benelux PR
Anja Breunis / Annegees van Linge
Tel: +31 (0)30 6565 070
E-mail: trendmicro@lvtpr.nl