Powerful potential

By Ryan Naraine  |  Posted 2005-03-07 Print this article Print

"This has the potential to massively distribute itself," Coursen told eWEEK.com. "It sends itself wholesale to all contacts on the MSN buddy list. One more click there and the cycle continues."

Additionally, the worm attempts to download a file named "me.jpg" save it to the infected C:\ drive as "dumprep.exe."
When executed, the downloaded file is a variant of the RBot backdoor, Coursen said.

Anti-virus experts at Trend Micro Inc. rate the latest threat as "medium risk" and warned that the backdoor Trojan element could present untold dangers. "The similarities between these worms may be attributed to MSN propagation code that has been posted to forums used by virus writers," the company said in an advisory.


  • F-Secure Inc. has posted virus definitions for Bropia, Kelvir and Sumom.
  • Kaspersky Lab offers detailed descriptions for the Bropia and the Rbot Trojan family.
  • Trend Micro Inc. offers Housecall, a free virus scanner. The company has also posted updated virus definitions for the latest threat.
  • McAfees Stinger is a stand-alone utility used to detect and remove specific viruses. It is not meant to be a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.
  • Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.


    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel