February 3, 2005 10:10 AM PST

MSN Messenger hit by double-whammy worm

Related Stories

Is hard time for worm author too harsh?

February 2, 2005

Microsoft: SP2 shimmy's not a flaw

February 1, 2005

Zafi virus a top holiday hangover

February 1, 2005

Teen gets 18 months in prison for worm

January 28, 2005

MySQL worm halted

January 28, 2005

Image virus spreads via chat

September 30, 2004
Trend Micro is warning of a new variant of the Bropia worm that uses MSN Messenger to spread.

The Bropia.F worm is packaged with a second, more damaging worm that tries to exploit poorly patched computers, the antivirus company said on Thursday.

The latest variant of the Bropia worm was discovered on Wednesday evening, Trend Micro said. It infects systems belonging to users of MSN Messenger by sending itself as a picture of a roast chicken with tan lines to all available or online contacts. It also releases a second more dangerous worm, called Agabot.ajc, on the infected computer.

Adam Biviano, a senior systems engineer at Trend Micro, said that although there have only been a handful of reported infections, the company has declared the worm a medium risk, because of its potential to spread and steal users' bandwidth.

"The potential for damage is quite high, because it drops another worm on your machine that is quite nasty and can spread through network by taking advantage of unpatched desktops and servers," Biviano said.

Biviano said this variant of Bropia can easily be avoided, because it exploits vulnerabilities that could have been patched months ago and relies on people opening a file through MSN Messenger. He advises people to only open files received through the instant messaging program if they are expected--even if they are from a contact. It is very possible that the file is being sent unbeknown to that person, he said.

"Usually, if you are sending a file using (an instant messaging program), you say 'I'm sending you this picture, have a look at it.' It is never random or out of the blue," Biviano said.

The worm affects MSN Messenger on computers running Windows 95, 98, ME, NT, 2000 and XP, according to Trend Micro's advisory. The company is advising MSN Messenger users to avoid accepting file transfers coming from an untrusted source.

Biviano said the second worm--Agabot.ajc--has the potential to perform a distributed denial-of-service attack on certain services. For example, it preys on the same vulnerabilities that were exploited by Slammer, Blaster (MSBlast) and Sasser.

Biviano said this variant of Bropia is the first worm to use instant messaging that has been given a higher-level alert status. It probably won't be the last, he said.

"Obviously, the popularity of IM itself is starting to gain the attention of the virus writers," he said, "and they are now using it as a tool."

4 comments

Join the conversation!
Add your comment
This seems to happen once every few months
A simple way to avoid is to have a product that blocks at network boundary based on type of extensions and block all the malicious types. Could nip such a spread e.g. <a class="jive-link-external" href="http://www.networktwister.com/worm.shtml" target="_newWindow">http://www.networktwister.com/worm.shtml</a>
Posted by (1 comment )
Reply Link Flag
Mac OS X unaffected!
Nuff said!
Posted by Dr Dude (49 comments )
Reply Link Flag
Mac OS X Unaffected (Pt. 2)!!!!!
Received five requests to accept an unknown image file from
contacts well known to me and I accepted them all knowing well
that my precious PowerBook would be immune to any virus/
trojan/variant etc. that would potentially destroy windows based
machines!!

Here's hoping more people see the light and SWITCH!!!
Posted by (1 comment )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.