MSN Messenger Attacked by Worm

By | February 4, 2005

Anti-virus company TrendMicro is warning that a new variant of the Bropia worm is using MSN Messenger to spread.

Bropia.F is a worm packaged with a second, more dangerous worm that tries to exploit known issues in unpatched computers.

The latest variant was discovered late Wednesday, according to TrendMicro. The virus spreads by sending itself as a picture of a roast chicken with tan lines to all available or online contacts. It also releases the Agabot.ajc virus on the infected PC.

Adam Biviano, a senior systems engineer at Trend Micro, said that although there have only been a handful of reported infections, the company has declared the worm a medium risk, because of its potential to spread and steal users´ bandwidth.

“The potential for damage is quite high, because it drops another worm on your machine that is quite nasty and can spread through network by taking advantage of unpatched desktops and servers,” Biviano said.

This variant of Bropia is easy to avoid, according to Biviano, because it exploits issues that were patched several months ago. In addition, it relies on people opening a file through MSN Messenger. The best course of action to avoid infection is to ensure your PC is patched, and to only open files you are expecting – even if they are from someone you know, as any infected user won’t know the file is being sent in the first place.

“Usually, if you are sending a file using (an instant messaging program), you say ´I´m sending you this picture, have a look at it.´ It is never random or out of the blue,” Biviano said.

Biviano said this variant of Bropia is the first worm to use instant messaging that has been given a higher-level alert status. It probably won´t be the last, he said.

“Obviously, the popularity of IM itself is starting to gain the attention of the virus writers,” he said, “and they are now using it as a tool.”

Leave a Reply