Tuesday,Mar 8 2005, 10:42:24 AMNEW WORMS SPREADING New worms spreading...

NEW WORMS SPREADING

New worms spreading through MSN Messenger -- and its bundled-with-Windows Windows Messenger version -- via links to a malicious site are infecting users and leaving their PCs open to hacker hijack, security vendors reported Monday.
The new worms, tagged as Kelvir.a and Kelvir.b, appeared over the weekend and on Monday, respectively, anti-virus vendors said. Both use the same mechanism to attract users and infect Windows-based PCs: they include a link in the instant message. That link, in turn, downloads a malicious file -- the actual worm, a variant of the long-running Spybot -- which opens a backdoor to the compromised machine.

Kelvir spreads by sending itself to all the MSN/Windows Messenger contacts on the infected PC, and poses as cryptic messages such as lol! see it! u''ll like it! and omg this is funny! The link opens a .pif-formatted file.

.pif files are also often a format-of-choice for mass-mailed worms.

Also on Monday, another worm -- dubbed Sumon.a by U.K.-based Sophos -- was discovered spreading via MSN/Windows Messenger. Sumon, which propagates over peer-to-peer file-sharing networks as well, is much more aggressive. It disables a long list of security software, tries to overwrite the HOSTS file so commonly-accessed security Web sites can''t be reached, and picks from a large number of links, including Fat Elvis! lol! and Crazy frog gets killed by train! to entice downloads.

The boom in IM worms shouldn''t come as a surprise: most security companies that made prognostications in late 2004 cited instant messaging as the next big attack avenue.

The number of threats is increasing...

Latest outbreaking news...

IM INFECTED!!!! argh.... fedup!!

63 Views | 1 Comments | Share with Friends | Recommend

Tuesday,Mar 8 2005, 02:53:31 AMMSN MESSENGER VIRUS What it does: Bropia.E...

MSN MESSENGER VIRUS

What it does: Bropia.E is a worm that installs another worm, detected by Panda Software as W32/Gaobot.CTX.worm, on the affected computer.

Bropia.E spreads via MSN Messenger. The user receives a notice within Messenger that User xxxxx is sending you an attachment named yyy.zzz. User xxxxx is likely to be someone the recipient knows, since the recipient was in his address book. File yyy.zzz will have one of the following names, and is 188,928 bytes in size.:

• BEDROOM-THONGS.PIF
• HOT.PIF
• LMAO.PIF
• NAKED_DRUNK.PIF
• NEW_WEBCAM.PIF
• ROFL.PIF
• UNDERWARE.PIF
• DRUNK_LOL.PIF
• WEBCAM_004.PIF
• SEXY_BEDROOM.PIF
• NAKED_PARTY.PIF
• LOVE_ME.PIF
• LOL.SCR
• WEBCAM.PIF
• BEDROOM-THONGS.PIF
• NAKED_DRUNK.PIF
• UNDERWARE.PIF
• HOT.PIF
• HAHAHAHA.PIF
• ME_2005.PIF
• SISTER.PIF

1. Remember to update your virus definitions.
2. DONT ACCEPT ANY FILE WITH A STRANGE NAME. PERIOD. If you Want get into specifics, Don’t accept any file with extension *.pif, *.exe, *.bat . The Pif file extension is the oldest form of file a hacker has used to contain a program or trigger.

3. Removal: Symantec Website

Executive Summary
Name: W32/Bropia.E.worm (Panda Software)
Affects: Windows 2003/XP/2000/NT/ME/98
Other names:
• W32.Bropia
• W32.Bropia.J
• W32.Bropia.N
• W32.Bropia.P

73 Views | Post Comments | Share with Friends | Recommend