PRWeb The Leader Press Release Distribution
See How PRWeb Works

We're here to help 1-866-640-6397

Login Create Free Account

Why PRWeb Customer Examples Pricing Tools & Tips

All Press Releases for February 5, 2005 Subscribe to this News Feed    
 

New Bropia Worm Variant Spreads via MSN Messenger

Trend Micro issued a medium risk" alert for WORM_BROPIA.F to raise awareness of this worm that spreads via MSN Messenger, a popular instant messaging platform. The worm attempts to send copies of itself in different filenames to all online contacts, pretending to be alluring images -- what users get is a comical photo of a roasted chicken with a bikini tan line. The worm also bears the AGOBOT worm as part of its payload, capable of opening backdoor on infected systems. Sightings of the worm have been reported in Taiwan, China, Korea, and the U.S.

India, February 03, 2005 -- Trend Micro issued a medium risk" alert for WORM_BROPIA.F to raise awareness of this worm that spreads via MSN Messenger, a popular instant messaging platform. The worm attempts to send copies of itself in different filenames to all online contacts, pretending to be alluring images -- what users get is a comical photo of a roasted chicken with a bikini tan line. The worm also bears the AGOBOT worm as part of its payload, capable of opening backdoor on infected systems. Sightings of the worm have been reported in Taiwan, China, Korea, and the U.S.

Upon execution, the memory-resident WORM_BROPIA.F drops a copy of itself in the Windows system folder, and then tries to propagate to other MSN Messenger users by sending a copy of itself under one of these filenames:

Bedroom-thongs.pif
Hot.pif
LMAO.pif
LOL.scr
Naked_drunk.pif
New_webcam.pif
ROFL.pif
Underware. Pif
Webcam.pif

The worm also executes a file called SEXY.JPG", which displays a photo of a chicken that appears to have cooked in the oven with its bathing suit on.

Once it has infected a system, WORM_BROPIA.F also drops a bot program that Trend Micro detects as WORM_AGOBOT.AJC, which drops a backdoor into the infected system, and may allow commands to be executed from a remote malicious user. WORM_AGOBOT.AJC can also steal the Windows Product ID, as well as the CD keys of certain applications.

Many corporations have been blocking use of instant messenger programs for employee productivity reasons, and now may have good cause to do so for security reasons as well," commented Joe Hartmann, senior virus researcher for Trend Micro Inc. With the popularity of instant messengers, it may be the home users who are most at risk - this kind of worm uses humor to make people forget that they are being infected and backdoors are being opened into their systems."

WORM_BROPIA.F arrives in a file about 184 KB in size. It affects Windows 95, 98, ME, NT, 2000 and XP platforms.

Trend Micro customers are protected through the latest pattern file, number 2.390.00. Customers of Outbreak Prevention Services should download OPP 144 (or later) to help protect against spread of this threat. For customers of Damage Cleanup Services, Damage Cleanup template # 505 should be downloaded to help with automated restoration of affected systems.    

Other users should use Trend Micros free online virus scanner, Housecall, which can be found at http://housecall.trendmicro.com/

For more information on WORM_BROPIA.F, please visit http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.F

For more information on WORM_AGOBOT.AJC, please visit http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AJC

About Trend Micro
Trend Micro is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has business units worldwide. Trend Micro products are sold through corporate, value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit: www.trendmicro.com.

Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners. Information is accurate time it was written and is subject to change without notice.

Media RSVP
Ashish Arora (Mob: +91 98213 78443) / Monica Tomar (Mob: +91 98215 69332)
Blue Lotus Communications Consultancy
Tel: 91-22-2283 3146
Fax: 91-22-2285 0349
Email: ashish@bluelotuspr.com / monica@bluelotuspr.com

###

OPTIONS
Printer Friendly Version
Email this story to a colleague
CONTACT INFORMATION
Priti L
BLUE LOTUS COMMUNICATION CONSULTANCY
022-22833146
Email us Here
ATTACHED FILES

There are no multimedia files attached to this release. If this is your release, you may add images or other multimedia files through your PRWeb News Management Console.
ABOUT PRESS RELEASES
If you have any questions regarding information in these press releases please contact the company listed in the press release. Please do not contact PRWeb. We will be unable to assist you with your inquiry. PRWeb disclaims any content contained in these release. Our complete disclaimer appears here.
 

© Copyright 1997-2009, Vocus PRW Holdings, LLC.
Vocus, PRWeb and Publicity Wire are trademarks or registered trademarks of Vocus, Inc. or Vocus PRW Holdings, LLC.

About PRWeb | News about PRWeb | Contact Us | Terms of Service | Privacy Policy | Copyright