Windows Users: Urgent Update on Bropia Worm   2/4/2005 - 812 views, 1 Comment

Summary: Two independent security firms have issued alerts over the next generation Bropia worm this week. Danish security company Secunia has issued what it calls a "medium" alert about the newly discovered version of Bropia, warning that it is spreading quickly through MSN ...

Previous Article « Washington D.C. to Get New Anti-Spam Law
Read Next Article » When the Surveilling are Surveilled

Two independent security firms have issued alerts over the next generation Bropia worm this week.

Danish security company Secunia has issued what it calls a “medium” alert about the newly discovered version of Bropia, warning that it is spreading quickly through MSN Messenger. And Korean security firm Global Hauri has issued an “orange alert” for the worm, which is more dangerous than previous versions.

The worm shows up as a .pif file which appears to be being sent from a buddy through MSN Messenger. The payload, a variant of the Spybot worm, is launched the instant the file is opened.

This version is particularly pernicious, as it harvests passwords, Windows identity keys, and software activiation codes, and sends them directly to whomever launched the worm, sending it via IRC (Internet Relay Chat). It’s easy to imagine the sender sitting at their terminal, their eyes lighting up as passwords, identity keys, and activation codes roll in.

It also loads itself into memory, residing there and sending itself out again through the user’s MSN Messenger. And as if that is not enough, it opens a backdoor or two, allowing the sender and others to gain entry to the computer and hijack it.

The worm also copies itself into one of the system folders, and so far has been seen masquerading as ROFL.pif, LMAO.pif, LOL.scr, underware.pif, bedroom-thongs.pif, naked_drunk.pif, Webcam.pif, Hot.pif or webcam.pif.

As always folks, keep those virus and security updates current!

Get FREE email alerts of new Internet Patrol stories!
    *We never share your email address with anyone

Email Address:
Date of first visit:
How you found us:

Subscribe to The Internet Patrol on your cell phone    Email the link for this page to a friend!

Read more:

»  New Worm Targets Windows and MSN Messengers

»  Worm Entices Windows Users with Pics of a “Dead” Saddam Hussein

»  AIM Gpic.aol Worm Says “damn this looks just like me lol”

»  0×800a0007 Windows Update Error

For additional similar stories check out our archives on Virus & AntiVirus

 

1 Comment »

  1. I have the same thing and a hwole heap of contacts have it on my list. My cousin is a computer expert and he is fixing the problem for me soon.

    Comment by Sheridan — 2/14/2005 @ 12:23 am

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


We apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day!

 
The Internet Patrol
Patrolling the Internet for You!