Ziff Davis Internet
News & Resources for the IT Reseller
NewsReviewsTech AnalysisCommentarySecurityLinux/Unix
My Account |  

Chicken Swimsuit Model Hides Nasty Worm
By Ryan Naraine

Anti-virus vendors have raised the threat level on a double-barreled MSN Messenger worm that lures users with the promise of sexy image files.


The worm, identified as W32/Bropia, arrives as a download link within MSN instant messaging sessions, but instead of sexy photographs, infected users get an image of a cooked chicken on a platter with a neatly drawn bikini tan line.

The worm also deposits a variant of the Rbot backdoor Trojan that is capable of using infected machines to create zombie networks, security experts warn.

The Rbot variant represents a large family of backdoors that can be used to hijack sensitive data from a victim’s machine. According to an advisory from McAfee Inc., the Trojan connects to a remote IRC server to receive remote commands that could range from the launch of denial-of-service attacks to the scanning of local subnets to find unpatched machines.

The worm, which also disables anti-virus software and manipulates audio sounds on an infected machine, is capable of logging and reporting keystrokes, relaying spam and harvesting credit card numbers and other sensitive passwords.

McAfee said the Trojan has been programmed to target machines vulnerable to a list of previously reported security flaws. In addition, the worm carries a large list of user names and passwords to launch brute-force attacks on poorly secured machines.

Panda Software also increased the threat level for Bropia after intercepting the worm in several countries, including the United States, Mexico, Canada, China, Korea and Taiwan.

In an online advisory, Panda Software said the worm spreads itself by sending a link via IM urging recipients to download one of the following files: “Drunk_lol.pif”; “Webcam_004.pif”; “sexy_bedroom.pif”; “naked_party.pif”; or “love_me.pif.”

PointerClick here to read about a group using honey pots to catch IM threats.

The MSN Messenger application has to be open on the infected computer’s desktop for replication to be successful.

eWEEK.com Special Report: Worm Attacks

Trend Micro Inc. has released a medium risk advisory for the memory-resident worm and urged system administrators to block MSN Messenger transfers to control the worm’s propagation.

“As a general rule, MSN Messenger users should avoid accepting file transfers coming from an untrusted source,” Trend Micro added.

Symantec has developed and released a removal tool to clean the Bropia infections. The company has also offered manual removal instructions for infected users.

PointerCheck out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.



Free Hands-On Training Lab
Find out how key features of SBS 2003 can help you open up a new line of revenue. Register now >>

SBS 2003 Sales Reference Card
This handy reference card contains features at a glance, sales objection handling, pricing guidelines & more. Get it now >>

Microsoft Empower for ISVs rewards your big idea with big benefits and support.
Access key development tools at a low cost to help you develop that idea into an innovative application. Learn more >>

Changing Business for the Better: A Practical Guide to BPM

This paper provides an overview of the benefits of BPM technologies and identifies the characteristics of BPM solutions that lead to successful BPM process-centric integration projects.

Download this free white paper to learn more!

>> brought to you by IBM

Attention Microsoft Solution Providers!

Want to gain a competitive edge? Try Microsoft Watch – FREE!

Each week you receive:
  • Microsoft News and Insider Information
  • Expert Analysis
  • Code Names of Upcoming MS Products
  • Year-Ahead Calendar, updated monthly

    Click Here to sign up now for your FREE 14 Day Trial to Microsoft Watch.
  • Add up to $1,200 of value with the new BONUS PACKS.
  • HP PartnerONE: The key to increasing your margins.
  • HP Compaq nc6129 Business Notebook. $1149 Smart Buy
  • HP xw8200 workstation. Smart Buy price $1549.
  • ProLiant DL360G4p server: HP Smart Buy price $1647
  • Microsoft files new anti-piracy lawsuits. Learn more.
  • New offers with Windows Genuine Advantage.

    •Catalog Publishing
    •Dealer Management
    •Order Configuration
    •Price Management
    •Sales Management

    View All >

    Search the jobs you want & get the info you need – post your resume here today!

    Powered by Dice
    White Boxes
    MS vs. IBM
    Linux in the Channel
    Stay in the Zone
    Put The Channel Insider on your desktop.
    Subscribe to The Channel Insider: Channel News, Reviews, Resources and more.

    Make your selections below:

    Contract Watch

    The Channel Insider Update

    Preferred e-mail format:

    Enter your e-mail:

    view all newsletters >>
    Channel Insider Quick Links
    Ziff Davis Footer Logo