New worm spreading via MSN Messenger
More advanced that previous IM worms.
By Paul Roberts, IDG News Service
A new worm is using Microsoft's MSN Messenger network to spread.
Bropia.A spreads by sending copies of itself to an MSN Messenger
user's instant message (IM) contacts. When the worm is launched, it
installs a Trojan horse program, Rbot, on vulnerable machines,
according to alerts from F-Secure and Symantec.
Windows machines running MSN Messenger with a Messenger window open
on the desktop are vulnerable to infection. F-Secure and Symantec
rated Bropia a low threat, based on the number of reports of infected
machines, and issued virus definition updates that allow their
products to spot the new worm.
While previous IM worms spread by sending links to worm files
embedded in IM messages, Bropia spreads by sending commands to
Messenger that cause the program to send copies of the worm file
directly to the infected user's IM contacts.The Bropia worm is also
able to monitor Messenger for any change to a user's IM contacts and
send worm files to contacts as they log on to the IM network,
Symantec said.
When the worm file is launched, Bropia copies itself to the hard
drive of the infected machine, disguised as a file with one of
several names, including:"Drunk_lol.pif", "Webcam_004.pif",
"sexy_bedroom.pif", "naked_party.pif" or "love_me.pif".
The worm also disables a user's right mouse button to prevent users
from accessing context sensitive menus, and to alter the Windows
sound mixer volume settings, F-Secure said.
The Trojan horse program that is installed by Bropia, which F-Secure
referred to as Rbot, and Symantec as W32.Spybot.worm, opens a back
door into infected Windows systems and has features that log user
keystrokes, collect vital system information and relay spam, F-Secure
said.
IM worms are not a new concept, and computer virus researchers have
frequently warned of their potential to spread quickly across global
IM networks such as those run by Microsoft, Yahoo and AOL.
In August, researchers at PivX intercepted a version of the Scob worm
that used mass-distributed instant messages to lure Internet users to
websites that distribute malicious code similar to Download.ject.
Symantec and F-Secure advised customers to update their antivirus
software definitions to spot the new worm.
---
* Origin: [adminz] tech, security, support (192:168/0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:03:56
search: