MSN Messenger Worm
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
A worm spreading via the MSN Messenger instant messaging client carries a piggyback payload that's even more dangerous: a second worm that opens a backdoor and lets hackers hijack the PC.
The newest variant of the Bropia worm -- tagged as Bropia.f, Bropia.g, Bropia.e, or Bropia.j by various anti-virus firms in an unusual display of naming chaos -- spreads through MSN Messenger. Users who receive the file and open it see a mildly-funny .jpg of a roasted chicken posed to resemble a naked sunbather, complete with tan lines.
In the background, however, the user's PC is being infected with another worm -- dubbed Agobot.ajc by some firms, a variation of Spybot by other vendors -- which does all kind of damage. It connects to an IRC server to wait for commands from the hacker, scans systems on the network for a wide range of older Microsoft Windows vulnerabilities, including the ones which spawned MSBlast and Sasser in 2003 and 2004, and runs a key logger to trap passwords and account information. It also turns off the machine's audio, perhaps to muzzle any sound alerts from anti-virus software.
Bropia and its nastier secondary payload spread by sending copies to all the contacts in MSN Messenger's buddy list.
The majority of anti-virus vendors have set their warning levels on Bropia to "medium," and the worm is spreading fastest in Korea, China, Taiwan, and the United States, said Trend Micro's online alert.
"As a rule of thumb, you should never open a file you receive through instant messaging systems without scanning it first," said Luis Corrons, the head of Panda Software's virus lab, in a statement. "A growing number of viruses are using IM to spread, and their biggest danger lies in the recipient running executable files without thinking twice."
Symantec has posted a free Bropia removal tool on its Web site for those who believe their PC has been infected.
Article submitted by: Redhot_2oo3
Last Update: 02-04-2005
Category: News
The newest variant of the Bropia worm -- tagged as Bropia.f, Bropia.g, Bropia.e, or Bropia.j by various anti-virus firms in an unusual display of naming chaos -- spreads through MSN Messenger. Users who receive the file and open it see a mildly-funny .jpg of a roasted chicken posed to resemble a naked sunbather, complete with tan lines.
In the background, however, the user's PC is being infected with another worm -- dubbed Agobot.ajc by some firms, a variation of Spybot by other vendors -- which does all kind of damage. It connects to an IRC server to wait for commands from the hacker, scans systems on the network for a wide range of older Microsoft Windows vulnerabilities, including the ones which spawned MSBlast and Sasser in 2003 and 2004, and runs a key logger to trap passwords and account information. It also turns off the machine's audio, perhaps to muzzle any sound alerts from anti-virus software.
Bropia and its nastier secondary payload spread by sending copies to all the contacts in MSN Messenger's buddy list.
The majority of anti-virus vendors have set their warning levels on Bropia to "medium," and the worm is spreading fastest in Korea, China, Taiwan, and the United States, said Trend Micro's online alert.
"As a rule of thumb, you should never open a file you receive through instant messaging systems without scanning it first," said Luis Corrons, the head of Panda Software's virus lab, in a statement. "A growing number of viruses are using IM to spread, and their biggest danger lies in the recipient running executable files without thinking twice."
Symantec has posted a free Bropia removal tool on its Web site for those who believe their PC has been infected.
Article submitted by: Redhot_2oo3
Last Update: 02-04-2005
Category: News
Current rating: 5.37 by 48 users
Would you recommend this article to a friend? |
Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(16,136 reads) 12-02-2007
· Don't Fall for Jury Duty Scam(13,944 reads) 07-20-2007
· 500MB Free hosting [No-Ads No-Spamming](31,238 reads) 12-24-2006
· phpBB 2.0.22 and BBtoNuke 2.0.22 released(13,350 reads) 11-12-2006
· Tag Craig Launches Article-Publicity for Webmasters(16,010 reads) 08-05-2006
· Vista hacked at Black Hat.(13,278 reads) 08-04-2006
· Dozen Windows, Office updates coming next week.(13,792 reads) 07-19-2006
· Microsoft Lawsuits Help Protect Consumers.(13,495 reads) 07-18-2006
· Symantec sees an Achilles' heel in Vista.(14,199 reads) 06-20-2006
· GOW Arcade Comptition 17th June - 17th July !! Prize For...(14,099 reads) 06-19-2006
· ResellersPanel.com Launches Private DNS Cluster Packages
Please register or sign-in to post comments.