Bropia worm spreads on the back of MSN Messenger

Computer Buyer ^ | Monday 24th January 2005 | Matt Whipp

[PeterFinn]

Bropia worm spreads on the back of MSN Messenger 5:04PM A new virus is using the MSN Messenger system to spread. Known as Bropia.A, the worm waits on an infected system until the Messenger window is opened and then sends a copy of itself to contacts, using filenames adaware.exe, VB6.EXE, lexplore.exe and Win32.exe.

If a contact accepts the file and runs it, it checks to see if any of the previously mentioned files are present, and if not, places a file called oms.exe on the computer and runs it.

This is a variant of Rbot, which installs a backdoor on the system and gives an attacker a way of accessing and controlling the infected system remotely.

Bropia.A may also disable the right mouse button that would normally bring up context-sensitive options. It also changes the Windows mixer volume settings, giving its victims some idea as to its presence.

Antivirus companies picked up the worm on Thursday, so anyone with up to date antivirus software will be protected. Infection levels are currently low.

Matt Whipp

[PeterFinn]

Update your anti-virus dats...NOW!!!!

[sarasota]

My daughter uses Messenger on oher iBook. Can this worm go there? (Computer clueless here, so be kind.)

[JohnnyZ]

Anything connected to the internet running Messenger.

[Nice50BMG]

Thanks PeterFinn. I use Trillian so that I can IM/IRC/ICQ with folks from multiple services, including MSN, AOL, Yahoo and more. I suppose if the payload is sent as a file, someone would have to actually "ACCEPT" the download, and somewhat knowingly put themselves at risk. Alas, P.T. Barnum was right though.

[Recovering Hermit]

Messenger shutdown commencing in 3, 2, 1.....

[Semolina Pilchard]

Here are some handy instructions for disabling MSN Messenger altogether.

[Brian328i]

http://amsn.sourceforge.net/ Good clone that runs on Linux/Win/OSX and others that isn't made by microsoft. :)

[1LongTimeLurker]

Update your anti-virus dats...NOW!!!!

Macintosh users can ignore this thread. :-)

[1LongTimeLurker]

My daughter uses Messenger on oher iBook. Can this worm go there? (Computer clueless here, so be kind.)

She might be able to pass it along to others, but the virus won't work on a Mac so she is safe.

[TruthNtegrity]

Bookmarking.

[sarasota]

Thank you.

[Swordmaker]

My daughter uses Messenger on oher iBook. Can this worm go there? (Computer clueless here, so be kind.)

No. Macs are immune to PC diseases.

[Labyrinthos]

Macintosh users can ignore this thread. :-)

That's one of the few advantages of having nominal market share.

[spodefly]

Not on an iBook ... the files it is trying to infect/install are all PC-only files.

[Lazamataz]

I suppose if the payload is sent as a file, someone would have to actually "ACCEPT" the download, and somewhat knowingly put themselves at risk. Alas, P.T. Barnum was right though.

Well, heck, they promised me the HOTTEST PORN PICTURE OF BRITANNY SPEARS EVER!!!!

I just had to see.