MSN Messenger Worm
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
A worm spreading via the MSN Messenger instant messaging client carries a piggyback payload that's even more dangerous: a second worm that opens a backdoor and lets hackers hijack the PC.
The newest variant of the Bropia worm -- tagged as Bropia.f, Bropia.g, Bropia.e, or Bropia.j by various anti-virus firms in an unusual display of naming chaos -- spreads through MSN Messenger. Users who receive the file and open it see a mildly-funny .jpg of a roasted chicken posed to resemble a naked sunbather, complete with tan lines.
In the background, however, the user's PC is being infected with another worm -- dubbed Agobot.ajc by some firms, a variation of Spybot by other vendors -- which does all kind of damage. It connects to an IRC server to wait for commands from the hacker, scans systems on the network for a wide range of older Microsoft Windows vulnerabilities, including the ones which spawned MSBlast and Sasser in 2003 and 2004, and runs a key logger to trap passwords and account information. It also turns off the machine's audio, perhaps to muzzle any sound alerts from anti-virus software.
Bropia and its nastier secondary payload spread by sending copies to all the contacts in MSN Messenger's buddy list.
The majority of anti-virus vendors have set their warning levels on Bropia to "medium," and the worm is spreading fastest in Korea, China, Taiwan, and the United States, said Trend Micro's online alert.
"As a rule of thumb, you should never open a file you receive through instant messaging systems without scanning it first," said Luis Corrons, the head of Panda Software's virus lab, in a statement. "A growing number of viruses are using IM to spread, and their biggest danger lies in the recipient running executable files without thinking twice."
Symantec has posted a free Bropia removal tool on its Web site for those who believe their PC has been infected.
Article submitted by: Redhot_2oo3
Last Update: 02-04-2005
Category: News
The newest variant of the Bropia worm -- tagged as Bropia.f, Bropia.g, Bropia.e, or Bropia.j by various anti-virus firms in an unusual display of naming chaos -- spreads through MSN Messenger. Users who receive the file and open it see a mildly-funny .jpg of a roasted chicken posed to resemble a naked sunbather, complete with tan lines.
In the background, however, the user's PC is being infected with another worm -- dubbed Agobot.ajc by some firms, a variation of Spybot by other vendors -- which does all kind of damage. It connects to an IRC server to wait for commands from the hacker, scans systems on the network for a wide range of older Microsoft Windows vulnerabilities, including the ones which spawned MSBlast and Sasser in 2003 and 2004, and runs a key logger to trap passwords and account information. It also turns off the machine's audio, perhaps to muzzle any sound alerts from anti-virus software.
Bropia and its nastier secondary payload spread by sending copies to all the contacts in MSN Messenger's buddy list.
The majority of anti-virus vendors have set their warning levels on Bropia to "medium," and the worm is spreading fastest in Korea, China, Taiwan, and the United States, said Trend Micro's online alert.
"As a rule of thumb, you should never open a file you receive through instant messaging systems without scanning it first," said Luis Corrons, the head of Panda Software's virus lab, in a statement. "A growing number of viruses are using IM to spread, and their biggest danger lies in the recipient running executable files without thinking twice."
Symantec has posted a free Bropia removal tool on its Web site for those who believe their PC has been infected.
Article submitted by: Redhot_2oo3
Last Update: 02-04-2005
Category: News
Current rating: 5.37 by 48 users
| Would you recommend this article to a friend? |
| Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Related News Stories
(16,378 reads) 12-02-2007
· Don't Fall for Jury Duty Scam(14,134 reads) 07-20-2007
· 500MB Free hosting [No-Ads No-Spamming](31,410 reads) 12-24-2006
· phpBB 2.0.22 and BBtoNuke 2.0.22 released(13,512 reads) 11-12-2006
· Tag Craig Launches Article-Publicity for Webmasters(16,214 reads) 08-05-2006
· Vista hacked at Black Hat.(13,456 reads) 08-04-2006
· Dozen Windows, Office updates coming next week.(14,018 reads) 07-19-2006
· Microsoft Lawsuits Help Protect Consumers.(13,681 reads) 07-18-2006
· Symantec sees an Achilles' heel in Vista.(14,383 reads) 06-20-2006
· GOW Arcade Comptition 17th June - 17th July !! Prize For...(14,315 reads) 06-19-2006
· ResellersPanel.com Launches Private DNS Cluster Packages
Please register or sign-in to post comments.