You are here: IT-Observer » Articles » Information Security RSS | White Papers |   

MSN Messenger Attacked by Worm





Anti-virus company TrendMicro is warning that a new variant of the Bropia worm is using MSN Messenger to spread.

Bropia.F is a worm packaged with a second, more dangerous worm that tries to exploit known issues in unpatched computers.

The latest variant was discovered late Wednesday, according to TrendMicro. The virus spreads by sending itself as a picture of a roast chicken with tan lines to all available or online contacts. It also releases the Agabot.ajc virus on the infected PC.

Adam Biviano, a senior systems engineer at Trend Micro, said that although there have only been a handful of reported infections, the company has declared the worm a medium risk, because of its potential to spread and steal users' bandwidth.

"The potential for damage is quite high, because it drops another worm on your machine that is quite nasty and can spread through network by taking advantage of unpatched desktops and servers," Biviano said.

This variant of Bropia is easy to avoid, according to Biviano, because it exploits issues that were patched several months ago. In addition, it relies on people opening a file through MSN Messenger. The best course of action to avoid infection is to ensure your PC is patched, and to only open files you are expecting – even if they are from someone you know, as any infected user won’t know the file is being sent in the first place.

"Usually, if you are sending a file using (an instant messaging program), you say 'I'm sending you this picture, have a look at it.' It is never random or out of the blue," Biviano said.

Biviano said this variant of Bropia is the first worm to use instant messaging that has been given a higher-level alert status. It probably won't be the last, he said.

"Obviously, the popularity of IM itself is starting to gain the attention of the virus writers," he said, "and they are now using it as a tool."



GFI LANguard N.S.S. NEW v8 out now!
Complete network vulnerability management, providing powerful vulnerability scanning, patch management and auditing solution. DOWNLOAD A 30-DAY TRIAL TODAY!

Visit GFI Security Software page for more information.

 

FREE IP PBX: 3CX VOIP Phone System for Windows. No timeouts or limitations

 

Latest News

Avoid data leaks by clearing the page file
14.05.07  Security-Hacks publishes a useful tip to avoid potential data leaks when you run out of memory.

How to set Master Password in Firefox
11.05.07  Nowadays many web sites require you to type a user name and password before you can enter the site.

How to test your firewall?
10.05.07  Security tips blog, Security-Hacks, has published a compilation of tools to test your firewall: "We’ve compiled a list of tools we believe will be of value to both home users and advance users.

eEye released integer overflow auditing tool
16.02.07  Vulnerability research company eEye Security has released a free security vulnerability auditing tool that helps spotting possible integer overflow vulnerabilities.

AES Password Manager 2.3 released
16.02.07  AES software has announced the availability of AES Password Manager 2,3, the latest version of their password management application that allows users automatically access password-protected web sites and email accounts.

IBM safeguards against Microsoft vulnerabilities
16.02.07  IBM’s security division, Internet Security Systems, offers protection from several critical vulnerabilities announced by Microsoft.

Firefox cookie-stealing vulnerability
15.02.07  A new zero-day vulnerability in Mozilla Firefox allows malicious web sites to forge authentication cookies for certain web sites.

Copyright © IT-Observer Online Publication 2000 - 2007 Top | RSS Feeds | About Us   
Site Meter