Panda Spots a New Damaging Worm “Trile”

The Virus Laboratory at Panda Software, leading antivirus developer, has detected the appearance of a new worm called Trile (W32/Trile). This malicious code has the ability to infect files and also uses social-engineering with the aim of spreading as widely as possible.

Trile reaches computers in an e-mail with highly variable characteristics, as it selects subject names and text etc. from a list of options including:

Subject:

– Your News Alert!!
– New Reading
– Membership Confirmation
– Cows

Text:

– Attached one Gift for u..
– More details attached!
– Hi
– Check the attachment..

Attachment name:

– screensaver
– urfriend
– screensaverforu
– screensaver4u

These attachments always have a double extension, one of which is .bat or .pif and the other could be any of the following: .gif, .mpg, .mp3, .xls, .wav, .dat, .jpg, .htm, .txt, .mdb, .bmp or .doc.

If this file is run, Trile sends itself out to all entries in the Outlook address books. It also creates, if it doesn’t already exist, the “C:/My Downloads” folder. In this folder, the worm creates a large number of copies of itself with enticing names like: Civilization 3 Full Downloader.exe, Need For Speed 5 Porsche Unleashed Patch.exe or Star Wars Starfighter ISO – Full Downloader.exe.

Trile also infects .EXE files. Finally, it creates a series of entries in the Windows registry related to the actions that the worm carries out on the infected computer which indicate, for example, how many messages it has sent out.

Even though tech support services at Panda Software have not received a great number of incidents involving this worm, the company advises users to treat e-mails received with caution and to update their antivirus solutions. The company has already made the updates to its products available to users to ensure their solutions can detect and eliminate Trile. Those whose software is not configured to update automatically, should update their solutions from http://www.pandasoftware.com/.