MSN Messenger Worm


Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
Share:
Sponsors:

A worm spreading via the MSN Messenger instant messaging client carries a piggyback payload that's even more dangerous: a second worm that opens a backdoor and lets hackers hijack the PC.

The newest variant of the Bropia worm -- tagged as Bropia.f, Bropia.g, Bropia.e, or Bropia.j by various anti-virus firms in an unusual display of naming chaos -- spreads through MSN Messenger. Users who receive the file and open it see a mildly-funny .jpg of a roasted chicken posed to resemble a naked sunbather, complete with tan lines.

In the background, however, the user's PC is being infected with another worm -- dubbed Agobot.ajc by some firms, a variation of Spybot by other vendors -- which does all kind of damage. It connects to an IRC server to wait for commands from the hacker, scans systems on the network for a wide range of older Microsoft Windows vulnerabilities, including the ones which spawned MSBlast and Sasser in 2003 and 2004, and runs a key logger to trap passwords and account information. It also turns off the machine's audio, perhaps to muzzle any sound alerts from anti-virus software.

Bropia and its nastier secondary payload spread by sending copies to all the contacts in MSN Messenger's buddy list.

The majority of anti-virus vendors have set their warning levels on Bropia to "medium," and the worm is spreading fastest in Korea, China, Taiwan, and the United States, said Trend Micro's online alert.

"As a rule of thumb, you should never open a file you receive through instant messaging systems without scanning it first," said Luis Corrons, the head of Panda Software's virus lab, in a statement. "A growing number of viruses are using IM to spread, and their biggest danger lies in the recipient running executable files without thinking twice."

Symantec has posted a free Bropia removal tool on its Web site for those who believe their PC has been infected.


Article submitted by: Redhot_2oo3
Last Update: 02-04-2005
Category: News

Print | E-mail


Current rating: 5.37 by 48 users
Would you recommend this article to a friend?

Not a Chance 12345678910 Absolutely

Please register or sign-in to post comments.


Related News Stories

(16,136 reads) 12-02-2007
 · Don't Fall for Jury Duty Scam
(13,944 reads) 07-20-2007
 · 500MB Free hosting [No-Ads No-Spamming]
(31,238 reads) 12-24-2006
 · phpBB 2.0.22 and BBtoNuke 2.0.22 released
(16,010 reads) 08-05-2006
 · Vista hacked at Black Hat.
(13,278 reads) 08-04-2006
 · Dozen Windows, Office updates coming next week.
(13,792 reads) 07-19-2006
 · Microsoft Lawsuits Help Protect Consumers.
(13,495 reads) 07-18-2006
 · Symantec sees an Achilles' heel in Vista.