TrendMicro researchers discovered new malicious software - Crigent worm targeted Word and Excel files. Crigent realizes its activity through Windows PowerShell script tool and it is the best option to hide the worm from IT admins, who is checking the existence of malicious software.

This worm is in the form of infected Word and Excel file and after downloading the users’ computer, it can penetrate the same computer. When you open the downloaded file, your computer automatically download two most famous anonymous software Tor and Polipo Network “the personal and web proxy”. Through Tor and Polipo, Worm can establish connection with C&C server. Eventually, Worm forwards information to the server about hack of the system, installing powershell scripts, which keeps code. This information includes IP address, the name of the country and area code, used operating system, the language of operating system, MS Office package, versions and so on.  Eventually, this worm infects your other Excel and Word files, changes their format to the old .doc and .xls and deletes the original files. Thus, most of your files destroy. If you have observed that .doc and .xls files increased and you have not created them yourselves, may be your computer infected Crigent malicious software. If you have faced such a case, is recommended refresh antivirus software base and check all parts of your computer through your antivirus.

*C&C - server in which hackers command and control captured systems.

Source: http://blog.trendmicro.com