February 4, 2005

Trend Micro warns the Internet community of a new variant of the Bropia worm that currently uses MSN Messenger to spread to other machines. The Bropia.F worm is packaged with a second, even more damaging virus-worm that attempts to exploit lightly patched computers, the antivirus company said on Thursday.

The latest variant of the Bropia worm was discovered on Wednesday evening, Trend Micro said. It infects systems belonging to users of MSN Messenger by sending itself as a picture of a roast chicken with tan lines to all available or online contacts. It also releases a second more dangerous worm, called Agabot.ajc, on the infected computer.

Adam Biviano, a senior systems engineer at Trend Micro, said that although there have only been a handful of reported infections, the company has declared the worm a medium risk, because of its potential to spread and steal users' bandwidth.

Leasing links to your website will boost your search engine visibility

"The potential for damage is quite high, because it drops another worm on your machine that is quite nasty and can spread through network by taking advantage of unpatched desktops and servers," Biviano said.

Biviano said this variant of Bropia can easily be avoided, because it exploits vulnerabilities that could have been patched months ago and relies on people opening a file through MSN Messenger. He advises people to only open files received through the instant messaging program if they are expected--even if they are from a contact. It is very possible that the file is being sent unbeknown to that person, he said.

"Usually, if you are sending a file using (an instant messaging program), you say 'I'm sending you this picture, have a look at it.' It is never random or out of the blue," Biviano said.

The worm affects MSN Messenger on computers running Windows 95, 98, ME, NT, 2000 and XP, according to Trend Micro's advisory. The company is advising MSN Messenger users to avoid accepting file transfers coming from an untrusted source.

Register your domain name for just $5.99 for a whole year.

Biviano said the second worm--Agabot.ajc--has the potential to perform a distributed denial-of-service attack on certain services. For example, it preys on the same vulnerabilities that were exploited by Slammer, Blaster (MSBlast) and Sasser.

Biviano said this variant of Bropia is the first worm to use instant messaging that has been given a higher-level alert status. It probably won't be the last, he said.

"Obviously, the popularity of IM itself is starting to gain the attention of the virus writers," he said, "and they are now using it as a tool."

Source: C-Net News

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.