|
Description:
As of February 2, 2005, 6:55 PM (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium-Risk alert to control the spread of this new WORM_BROPIA variant that is spreading in Korea, China, Taiwan, and the United States.
To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
Malware Overview
This memory-resident worm propagates itself via MSN Messenger by sending a copy of itself using different file names to all available or online contacts. Thus, users of the said messaging program should not accept or open these files to avoid infection.
System administrators can also block MSN Messenger transfers to control the spread of this worm.
As a general rule, MSN Messenger users should avoid accepting file transfers coming from an untrusted source.
This worm also drops and executes the file SEXY.JPG in the root folder. This normal .JPG file displays the following image:
It also attempts to drop and execute a bot program, which Trend Micro detects as WORM_AGOBOT.AJC.
Unlike its previous variants, this worm also has an anti-debugging technique. That is, this worm will not run if any of the following debugging applications are currently running on the affected system:
It is also capable of setting the affected system's volume levels to zero, which may be used to prevent users from hearing any sound prompts, especially those that may be coming from antivirus and security applications.
For additional information about this threat, see:
Solution
Technical Details
Description created: Feb. 2, 2005 5:00:35 PM GMT -0800
Description updated: Feb. 2, 2005 6:57:47 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
