MSN Messenger Worm Danger Underplayed, Says Analyst

The latest worm to wriggle its way around the Web is spreading as quickly as an instant message. A new variant of Bropia, first discovered by Symantec on Jan. 19, has mutated and is whipping around the Internet via MSN Messenger communications.

Several antivirus companies, including Trend Micro, Symantec, Secunia and F-Secure, have all labeled the worm a “medium” risk, but one analyst said he thinks that risk may be understated.

Some Messages Unfiltered

“It seems as if a number of antivirus vendors are assuming in their risk-ratings that most enterprises will be filtering IM-type content, but in today’s world, both personnel in the business community as well as home users are using IM to communicate,” Ed Moyle of Security Curve told TechNewsWorld.

“So, while I agree that the home user is the most likely victim for this worm, I don’t think we can rule out the enterprise entirely.”

Bropia.F, the latest variant, seeks out all online contacts and attempts to send copies of itself using a photo file called sexy.jpg. The photo is actually a picture of a chicken with a bikini tan line.

A Second Worm

The infected message also bears the Agobot worm as part of its payload. Agobot can open a backdoor on infected systems and may then allow commands from a remote malicious user.

The worm uses sex-related file names such as Bedroom-thongs.pif, Hot.pif, Naked_drunk.pif, New_webcam.pif, and underwear.pif.

Bropia.F has been reported in the United States, China, Korea and Taiwan, and Moyle said he wouldn’t be surprised if it fanned out further very shortly.

“I think this one has the potential to spread quickly,” he said. “Similar to a mass-mailer worm, this worm relies on the user to explicitly open the file in order to spread. However, unlike e-mail, most people aren’t as alert for malicious files spread through messaging programs as they would be for files received through e-mail.

“In addition, there are some extremely sophisticated e-mail antivirus tools on the market that integrate with e-mail and groupware servers, but we don’t see the same capacity for antivirus on IM content,” Moyle said.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Susan B. Shor
More in Security

LinuxInsider Channels