Windows Users: Urgent Update on Bropia Worm   - 1,521 Views, 1 Comment

Danish security company Secunia has issued what it calls a “medium” alert about the newly discovered version of Bropia, warning that it is spreading quickly through MSN Messenger. And Korean security firm Global Hauri has issued an “orange alert” for the worm, which is more dangerous than previous versions.

The worm shows up as a .pif file which appears to be being sent from a buddy through MSN Messenger. The payload, a variant of the Spybot worm, is launched the instant the file is opened.

This version is particularly pernicious, as it harvests passwords, Windows identity keys, and software activiation codes, and sends them directly to whomever launched the worm, sending it via IRC (Internet Relay Chat). It’s easy to imagine the sender sitting at their terminal, their eyes lighting up as passwords, identity keys, and activation codes roll in.

It also loads itself into memory, residing there and sending itself out again through the user’s MSN Messenger. And as if that is not enough, it opens a backdoor or two, allowing the sender and others to gain entry to the computer and hijack it.

The worm also copies itself into one of the system folders, and so far has been seen masquerading as ROFL.pif, LMAO.pif, LOL.scr, underware.pif, bedroom-thongs.pif, naked_drunk.pif, Webcam.pif, Hot.pif or webcam.pif.

As always folks, keep those virus and security updates current!