Latest MSN Messenger Worm Can Hijack System Info

By Ryan Naraine  |  Posted 2005-01-20 Print this article Print

Instant messaging networks continue to be a hunting ground for malicious virus writers.

A new Internet worm is squirming through Microsoft Corp.s popular MSN Messenger chat network, anti-virus vendors warned on Thursday.

The latest threat comes follows Octobers Funner worm attack and signals a growing trend to use instant messaging as a delivery mechanism for malicious activity.

According to an advisory from F-Secure, the new W32/Bropia-A worm users MSN Messenger to lure users into downloading one of the following files: "Drunk_lol.pif"; "Webcam_004.pif"; "sexy_bedroom.pif"; "naked_party.pif"; or "love_me.pif."

Once executed, Bropia-A also drops a variant of the Rbot backdoor Trojan. Rbot represents the large family of backdoors fitted with the ability to control a victims machine remotely by sending specific commands via IRC channels.

F-Secure warned that the bot can also be used to hijack system information, log keystrokes, relay spam or steal sensitive data. Bropia.A can also disable a mouses right button and manipulate Windows mixer volume settings, according to the company.

Sophos, a Lynnfield, Mass.-based anti-virus firm, also issued an advisory for the newest MSN Messenger threat, warning that an infected computer will attempt to spread the worm to all active MSN contacts.

Click here to read about plans to use honey pots to track malicious virus activity on instant messaging networks. The MSN Messenger window has to be open on the infected computers desktop for replication to be successful.

Instant messaging platforms have become a happy hunting ground for virus writers because of the personalized aspect of communication. In most cases, users are tricked into accepting a malicious download because it came from a trusted friend or contact on a buddy list.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel