|
描述:
As of February 2, 2005, 6:55 PM (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium-Risk alert to control the spread of this new WORM_BROPIA variant that is spreading in Korea, China, Taiwan, and the United States.
To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
Malware Overview
This memory-resident worm propagates itself via MSN Messenger by sending a copy of itself using different file names to all available or online contacts. Thus, users of the said messaging program should not accept or open these files to avoid infection.
System administrators can also block MSN Messenger transfers to control the spread of this worm.
As a general rule, MSN Messenger users should avoid accepting file transfers coming from an untrusted source.
This worm also drops and executes the file SEXY.JPG in the root folder. This normal .JPG file displays the following image:
It also attempts to drop and execute a bot program, which Trend Micro detects as WORM_AGOBOT.AJC.
Unlike its previous variants, this worm also has an anti-debugging technique. That is, this worm will not run if any of the following debugging applications are currently running on the affected system:
It is also capable of setting the affected system's volume levels to zero, which may be used to prevent users from hearing any sound prompts, especially those that may be coming from antivirus and security applications.
更多關於此脅威的資訊,請參考:
解決方案
技術細節
統計
建立描述: Feb. 2, 2005 5:00:35 PM GMT -0800
更新描述: Feb. 2, 2005 6:57:47 PM GMT -0800
查詢新的惡意程式
友善列印頁面
Tell us how we did. Take our quick survey.
|
Save & Share
