There are a huge number of news stories in Chinese and a few in English on the Web today about a worm that apparently is spreading rapidly in China. The Inquirer is quoting the National Computer Virus Emergency Response Centre in Tianjin, China, saying that Worm_Piloyd.B is spreading rapidly, that it infects exe, html, and asp files and blocks attempting to fix them. The centre’s English web page seems to be about a week behind, so, we couldn’t get the original notice.
The Inquirer said Piloyd probably was being used to expand a botnet.
Western AV companies have listed detections for the malware since last summer or fall. Names include:
AVG: Worm/Generic.AOFP
F-Secure: Worm.Generic.90951
Kaspersky: Net-Worm.Win32.Piloyd.g
Microsoft: TrojanDownloader:Win32/Jadtre.A
Sophos: W32/Autorun-ASW
Sunbelt: Trojan-Downloader.Win32.Sfn!cobra (v)
Symantec: Adware.Lop
TrendMicro: WORM_STRAT.GEN-3
VIPRE and a number of the others catch it with heuristic detections.
Story here: “China warns of a new virus”
Tom Kelchner