Tuesday, January 25, 2005

New worm via MSN Messenger

A new computer worm is using Microsoft's MSN Messenger instant message network to spread on the Internet, according to antivirus software companies.

Bropia.A spreads by sending copies of itself to an MSN Messenger user's instant message (IM) contacts. When the worm is launched, it installs a Trojan horse program, Rbot, on vulnerable machines, according to alerts from F-Secure Corp. and Symantec Corp.

Windows machines running MSN Messenger and have a Messenger window open on the desktop are vulnerable to infection. F-Secure and Symantec rated Bropia a low threat, based on the number of reports of infected machines, and issued virus definition updates that allow their products to spot the new IM worm.

When the worm file is launched, Bropia copies itself to the hard drive of the infected machine, disguised as a file with one of several names, including:"Drunk_lol.pif", "Webcam_004.pif", "sexy_bedroom.pif", "naked_party.pif" or "love_me.pif."

The worm also disables a user's right mouse button to prevent users from accessing context sensitive menus, and to alter the Windows sound mixer volume settings, F-Secure said.
The Trojan horse program that is installed by Bropia, which F-Secure referred to as Rbot, and Symantec as W32.Spybot.worm, opens a back door into infected Windows systems and has features that log user keystrokes, collect vital system information and relay spam, F-Secure said.

0 Comments:

Post a Comment

<< Home