Bropia worm uses MSN Messenger to spread
February 4, 2005
Trend Micro warns the Internet community of a new variant of the Bropia worm that currently uses MSN Messenger to spread to other machines. The Bropia.F worm is packaged with a second, even more damaging virus-worm that attempts to exploit lightly patched computers, the antivirus company said on Thursday.
The latest variant of the Bropia worm was discovered on Wednesday evening, Trend Micro said. It infects systems belonging to users of MSN Messenger by sending itself as a picture of a roast chicken with tan lines to all available or online contacts. It also releases a second more dangerous worm, called Agabot.ajc, on the infected computer.
Adam Biviano, a senior systems engineer at Trend Micro, said that although there have only been a handful of reported infections, the company has declared the worm a medium risk, because of its potential to spread and steal users' bandwidth.
Leasing links to your website will boost your search engine visibility
"The potential for damage is quite high, because it drops another worm on your machine that is quite nasty and can spread through network by taking advantage of unpatched desktops and servers," Biviano said.
Biviano said this variant of Bropia can easily be avoided, because it exploits vulnerabilities that could have been patched months ago and relies on people opening a file through MSN Messenger. He advises people to only open files received through the instant messaging program if they are expected--even if they are from a contact. It is very possible that the file is being sent unbeknown to that person, he said.
"Usually, if you are sending a file using (an instant messaging program), you say 'I'm sending you this picture, have a look at it.' It is never random or out of the blue," Biviano said.
The worm affects MSN Messenger on computers running Windows 95, 98, ME, NT, 2000 and XP, according to Trend Micro's advisory. The company is advising MSN Messenger users to avoid accepting file transfers coming from an untrusted source.
Register your domain name for just $5.99 for a whole year.
Biviano said the second worm--Agabot.ajc--has the potential to perform a distributed denial-of-service attack on certain services. For example, it preys on the same vulnerabilities that were exploited by Slammer, Blaster (MSBlast) and Sasser.
Biviano said this variant of Bropia is the first worm to use instant messaging that has been given a higher-level alert status. It probably won't be the last, he said.
"Obviously, the popularity of IM itself is starting to gain the attention of the virus writers," he said, "and they are now using it as a tool."
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing