SECURITY

MSN Messenger Worm Danger Underplayed, Says Analyst

Print Version
E-Mail Article
Reprints

By Susan B. Shor
TechNewsWorld
02/04/05 7:16 AM PT

The Bropia worm's infected message bears the Agobot worm as part of its payload. Agobot can open a backdoor on infected systems and may then allow commands from a remote malicious user. The worm uses sex-related file names such as Bedroom-thongs.pif and Hot.pif.


Think your data is safe? Think again. Data-stealing malware is on the rise. Trend Micro Enterprise Security, powered by the Trend Micro Smart Protection Network, blocks threats before they reach your network. Learn how. Download our Outthink the Threat eBook or register for a free, on-site assessment.

The latest worm to wriggle its way around the Web is spreading as quickly as an instant message. A new variant of Bropia, first discovered by Symantec (Nasdaq: SYMC) Latest News about Symantec on Jan. 19, has mutated and is whipping around the Internet via MSN Messenger communications.

Several antivirus companies, including Trend Micro (Nasdaq: TMIC) Latest News about Trend Micro, Symantec, Secunia Latest News about Secunia and F-Secure Latest News about F-Secure, have all labeled the worm a "medium" risk, but one analyst said he thinks that risk may be understated.

Some Messages Unfiltered

"It seems as if a number of antivirus vendors are assuming in their risk-ratings that most enterprises will be filtering IM-type content, but in today's world, both personnel in the business community as well as home users are using IM to communicate," Ed Moyle of Security Curve told TechNewsWorld.

"So, while I agree that the home user is the most likely victim for this worm, I don't think we can rule out the enterprise entirely."

Bropia.F, the latest variant, seeks out all online contacts and attempts to send copies of itself using a photo file called sexy.jpg. The photo is actually a picture of a chicken with a bikini tan line.

A Second Worm

The infected message also bears the Agobot worm as part of its payload. Agobot can open a backdoor on infected systems and may then allow commands from a remote malicious user.

The worm uses sex-related file names such as Bedroom-thongs.pif, Hot.pif, Naked_drunk.pif, New_webcam.pif, and underwear.pif.

Bropia.F has been reported in the United States, China, Korea and Taiwan, and Moyle said he wouldn't be surprised if it fanned out further very shortly.

"I think this one has the potential to spread quickly," he said. "Similar to a mass-mailer worm, this worm relies on the user to explicitly open the file in order to spread. However, unlike e-mail, most people aren't as alert for malicious files spread through messaging programs as they would be for files received through e-mail.

"In addition, there are some extremely sophisticated e-mail antivirus tools on the market that integrate with e-mail and groupware servers, but we don't see the same capacity for antivirus on IM content," Moyle said.

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Susan B. Shor   RSS

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]