MSN Messenger Attacked by Worm
By Jeremy C. Wright, Staff Writer Friday, 4 February 2005 10:59 EST
Anti-virus company TrendMicro is warning that a new variant of the Bropia worm is using MSN Messenger to spread.
Bropia.F is a worm packaged with a second, more dangerous worm that tries to exploit known issues in unpatched computers.
The latest variant was discovered late Wednesday, according to TrendMicro. The virus spreads by sending itself as a picture of a roast chicken with tan lines to all available or online contacts. It also releases the Agabot.ajc virus on the infected PC.
Adam Biviano, a senior systems engineer at Trend Micro, said that although there have only been a handful of reported infections, the company has declared the worm a medium risk, because of its potential to spread and steal users' bandwidth.
"The potential for damage is quite high, because it drops another worm on your machine that is quite nasty and can spread through network by taking advantage of unpatched desktops and servers," Biviano said.
This variant of Bropia is easy to avoid, according to Biviano, because it exploits issues that were patched several months ago. In addition, it relies on people opening a file through MSN Messenger. The best course of action to avoid infection is to ensure your PC is patched, and to only open files you are expecting – even if they are from someone you know, as any infected user won’t know the file is being sent in the first place.
"Usually, if you are sending a file using (an instant messaging program), you say 'I'm sending you this picture, have a look at it.' It is never random or out of the blue," Biviano said.
Biviano said this variant of Bropia is the first worm to use instant messaging that has been given a higher-level alert status. It probably won't be the last, he said.
"Obviously, the popularity of IM itself is starting to gain the attention of the virus writers," he said, "and they are now using it as a tool."
|
|
Latest News
Avoid data leaks by clearing the page file 14.05.07 Security-Hacks publishes a useful tip to avoid potential data leaks when you run out of memory.
How to set Master Password in Firefox 11.05.07 Nowadays many web sites require you to type a user name and password before you can enter the site.
How to test your firewall? 10.05.07 Security tips blog, Security-Hacks, has published a compilation of tools to test your firewall: "We’ve compiled a list of tools we believe will be of value to both home users and advance users.
eEye released integer overflow auditing tool 16.02.07 Vulnerability research company eEye Security has released a free security vulnerability auditing tool that helps spotting possible integer overflow vulnerabilities.
AES Password Manager 2.3 released 16.02.07 AES software has announced the availability of AES Password Manager 2,3, the latest version of their password management application that allows users automatically access password-protected web sites and email accounts.
IBM safeguards against Microsoft vulnerabilities 16.02.07 IBM’s security division, Internet Security Systems, offers protection from several critical vulnerabilities announced by Microsoft.
Firefox cookie-stealing vulnerability 15.02.07 A new zero-day vulnerability in Mozilla Firefox allows malicious web sites to forge authentication cookies for certain web sites.
|
|