W32/Bropia Worm spreading through MSN Messenger
Posted by Steven Parker on 05 February 2005 - 21:14 · 45 comments & 2772 views
About the Author
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline
Full name: Steven Parker
Forum name: Neobond
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(2 replies)
#1 Posted by RobertH on 05 Feb 2005 - 21:28
- Oh so you have to 'click' something still.
-
#1.1 Posted by carl0ski1 on 06 Feb 2005 - 05:43
- Yes but it isnt like clicking a link in an Email
your receiving an instant message from someone you know and trust
-
(2 replies)
#2 Posted by [DGS] on 05 Feb 2005 - 21:31
- And everyone with a February 2 updated dinifitions Norton Antivirus is safe (according to Symantec on http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.j.html
-
#3 Posted by Mess.be Fanatic on 05 Feb 2005 - 21:41
- Thanks for posting this article!
-
(2 replies)
#4 Posted by bucko on 05 Feb 2005 - 22:11
- Never click on any hyperlink you don't know what it is especially if it has a .exe at the end
-
#4.1 Posted by Jaded on 05 Feb 2005 - 22:22
- There is no hyper links, and there is no *.exe. This spreads through file transfers through contacts on your 'buddy list'. Also these transfers need no initiation from the sender, the transfers are hidden from the sender as well.
On a releated note, the Trend Micro removal instructions are incomplete. First off, in some cases the processes cannot be viewed under task manager, so you have to modify the boot processes and re-boot. Secondly, it doesnt even mention the reg keys that should be removed. Lastly, you dont need to run the anti-virus program to get rid of this virus. All you need to do is preven 'winhost.exe' from starting on boot, get rid of the system restore, delete (through a console) any *.pif in the c: as well as the sexy.jpg, delete msnus.exe in %sysem%system32, and lastly delete certain instances of 'winhost.exe' in the registry (arround 3 or 4)
-
(8 replies)
#5 Posted by eilegz on 05 Feb 2005 - 22:34
- msn as usual its the most vulnerable to any virus and exploits just like ie, or windows.
Lets wait for msn messenger 7 this week
Last edited by 17398 on 05 Feb 2005 - 22:49 -
#5.1 Posted by bucko on 05 Feb 2005 - 23:22
- theres only one new feature in msn7, the sign in as ofline or what ever it is, the rest look crap, no upgrade for me, trillian here we come.
-
#5.3 Posted by Deviate_X on 06 Feb 2005 - 04:59
QUOTE crap, no upgrade for me, trillian here we come
Actually trillian has a bad security track record if you cared to look.
-
#5.4 Posted by PCyr on 06 Feb 2005 - 05:37
QUOTE msn as usual its the most vulnerable to any virus
If your using this article for a evidence, that's absolute BS. There's nothing stopping an AIM contact from sending me a malicious hyperlink or file.-
#5.5 Posted by carl0ski1 on 06 Feb 2005 - 05:57
- i dont know what you read but i see the virus manipulating the buddy list system
Generally people on their buddy list are trusted so the virus send a hyperlink from on trusted user to another. -
#5.6 Posted by Timmah on 06 Feb 2005 - 12:16
- Wow this moronic response basically equates to "LOLE MICRO$$OFT AM SIHT COS EVERY1 IN DA WURLD SEZ SOO!!!111" - ANY IM Network incorporating file transfers could be at risk.
MSN 7 - what you think they're going to TAKE OUT file transfers? -
#5.7 Posted by bucko on 06 Feb 2005 - 21:38
QUOTE
Actually trillian has a bad security track record if you cared to look.
So does msn,
-
#5.8 Posted by sphbecker on 07 Feb 2005 - 16:59
- Almost all viruses takes advantage of a user's stupidity. It is on thing for software to be secure enough so that it doesn't do things without the user asking; it is quite another for to ask software to be secure enough to prevent the user from doing something they shouldn’t do.
exactly-
(2 replies)
#6 Posted by ripgut on 05 Feb 2005 - 22:42
- yay gaim!
-
#6.1 Posted by Deviate_X on 06 Feb 2005 - 04:54
- Actually gaim has a very poor security track record if you cared to check. Also Gaim will also propagate the worm because it also allows file transfers.
-
#7 Posted by Hekx on 06 Feb 2005 - 00:21
- Not too bad of a threat if it requires user action to become infected.
Remember to use safe hex.
-
(3 replies)
#8 Posted by naap51stang on 06 Feb 2005 - 00:46
- Another reason I don't use MSN messenger........
The problem (among many) is that MS is the "big kid on the block"
so to speak, and everyone writes crap to take advantage of holes
that are discovered. With MS being the 600 pound gorilla, it takes
too long to write fixes because it has to go through a zillion channels
to make sure it is compaitible with everything.
-
#8.1 Posted by SquareSoft0 on 06 Feb 2005 - 01:08
- Stop this with your relentless logic. This is Neowin, nobody needs calm and composed reasoning to not use a Microsoft product, they're all above that. </sarcasm>
Good to see somebody have valid reasoning behind their statements, your kind is far and few here. -
#8.2 Posted by Korben_Dallas on 06 Feb 2005 - 05:20
QUOTE Another reason I don't use MSN messenger........
Why? Are you so lame that you click on anything someone sends?
Duh, Duh, Duh, Duh, [click].
-
(2 replies)
#9 Posted by conna on 06 Feb 2005 - 02:03
- *click*here to prove how dumb you are.
-
#9.2 Posted by SquareSoft0 on 06 Feb 2005 - 05:32
- *click*
-
#10 Posted by xMorpheousx416 on 06 Feb 2005 - 04:59
- Don't complain if ya ain't wearing protection.
-
#11 Posted by Amsterdam on 06 Feb 2005 - 05:07
- My MSN wasnt working earlier today.....
-
#12 Posted by carl0ski1 on 06 Feb 2005 - 05:46
- thank good i cant find the virus on my system
i guess Amsn messenger client isnt affected?
oh or is linux why i dont have it
-
(1 reply)
#13 Posted by shichiroji4 on 06 Feb 2005 - 06:48
- And which OS does it affect?
Among so many IM clients, which one does it affect?
M$N................again.........
-
#13.1 Posted by SquareSoft0 on 06 Feb 2005 - 07:41
- You win at life.
-
(2 replies)
#14 Posted by The Grasshopper on 06 Feb 2005 - 07:05
- again...why can't someone pick on linux or apple every now and then and make it REAL news...i am sick of all the microsoft haters...w/out gates and co, most (me included) people would have never have been on the internet anyway..what a boring place it would be if only the hackers were on it...private goof club of boring nobodies.
-
#14.1 Posted by roadwarrior on 07 Feb 2005 - 16:51
- Microsoft was late to the game in getting people on the Internet. I guess you weren't online back in the mid 90's when the first browser wars were going on.
It's so funny how people these days (especially ones who weren't interested in computers back in the early to mid 90's) assume that Microsoft had something to do with the initial popularity of the internet, or that Windows popularized the GUI. -
#14.2 Posted by The Grasshopper on 08 Feb 2005 - 06:10
- Duh. Heard of win95? thats mid 90's isn't it? IE was already on then. I was on then, had a packard bell 200 mhz pentium,worked great. very few crashes actually. Apple had thier thing. I wasn't around when arpanet or the "colleges" joined together to make this interwebbynet, but i was on. Even AOL was around then. I was on with my home pc, it was a WINDOWS product like 99% of the people i knew.
-
#15 Posted by Hidr0 on 06 Feb 2005 - 11:14
- its so clever from the autor of this worm, MS should consider hiring it!...
...
-
#16 Posted by [X]-bYtE on 06 Feb 2005 - 14:08
- My NOD32 didn't think this was a virus a few days ago. I accepted a file from a friend without thinking. But NOD32 didn't warn me at all.
-
#17 Posted by craZySoldier on 06 Feb 2005 - 15:45
- LMAO at teh chicken pic
-
(2 replies)
#18 Posted by toadeater on 06 Feb 2005 - 17:33
- Wow, another Microslop app with a security problem, what a surprise.
-
#18.1 Posted by McG on 06 Feb 2005 - 22:45
- Lol What a useless comment. ...yet I seem to agree with you
-
#19 Posted by smashguy on 15 Feb 2005 - 03:08
- W32/Bropia has not been found on my computer.
Trend Micro Inc has released an overview of a worm that is currently doing the rounds infecting users PC's and transferring itself through the MSN Messenger service.
MSN Messenger is under attack of a worm that comes with a seductive name and download link. The user clicks on the link and gets the copy of attached worm for his PC. The worm can spread on the network and shared computers. The worm can disable the Anti-Virus software and then infect the Files in PC, It can also spread easily after it disables anti virus program.
Trend Micro Inc. has also raised the threat level on the W32/Bropia worm. The company said that worm could cause more harm in case it spread more through MSN Messenger buddies and Shared Networks. The virus has antidebugging feature also.
The virus logs keystrokes. It can also retrieve credit card numbers and other sensitive information. The W32/Bropia worm contains a variant of the Rbot backdoor Trojan. The virus could be a higher threat to sensitive information as it can store information. It is also capable of using the infected machine to hijack sensitive data.
While the number of official WCG games remains the same, two titles from 2004, Unreal Tournament 2004 and Project Gotham Racing 2 were replaced with a Real Time Strategy (RTS) PC game, Warhammer 40,000: Dawn of War (aka Warhammer 40K) and a console-based action game, Dead or Alive Ultimate. Dead or Alive Ultimate is the first action title selected as an official WCG game.
Warhammer 40K, which first joins the list of official games this year, was first launched in the United States last September as a next generation RTS game expected to follow in the footsteps of the popular PC game Starcraft. Gaming industry webzine Gamespy (www.gamespy.com) selected Warhammer 40k as one of the top 10 PC games for 2004.
Dead or Alive Ultimate, a new player in the console arena, is the latest installment in the Dead or Alive series. Since first launching last October, Dead or Alive Ultimate has enjoyed enormous worldwide popularity. The addition of a high caliber action game further diversifies the official WCG game lineup, which was previously comprised of RTS, First Person Shooter (FPS), and sports genres.
The WCGC conducted online surveys of gamers, communities and partners in many countries prior to making title selections. The committee also sought opinions from game experts with an aim to fully reflect preferences of gamers and trends in the world game market. Publishers¡¯ technical support in terms of event operability and fulfillment of sports spirit were also among the factors taken in to consideration.
# WCG 2005 Official Games
PC : 6 Games
1) StarCraft: Brood War – RTS
2) Warcraft¥²: Frozen Throne – RTS
3) Warhammer 40,000 : Dawn of War - RTS
4) Counter Strike: Source – FPS
5) FIFA 2005 - Sports
6) Need for Speed : Underground 2 – Sports
Console : 2 Games
7) Halo 2 (Console/Xbox) - FPS
8) Dead or Alive Ultimate (Console /Xbox) – Action