Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Worm chatter escalates on MSN Messenger

Worm chatter escalates on MSN Messenger

Anti-virus vendors reported an increased chatter of virus activity on Microsoft's Network messenger on Sunday night through to Monday. In what appears to be a concentrated attack on users of the MSN instant messaging client, security experts warn that several new worms with unique replication techniques have been launched alongside mutants of the known Bropia virus family. "We are regularly adding detection for new Bropia worm variants," F-Secure virus analyst Alexey Podrezov said in a notice. In addition, he said two new MSN worms—identified as Kelvir and Sumom—have also joined the fray. Both Kelvir and Sumom, like the Bropia mutants, are capable of installing the Backdoor.Rbot Trojan horse, which gives an attacker remote access to a compromised system. The Rbot Trojan can be controlled via IRC (Internet Relay Chat) to monitor networks and hijack sensitive information; scan a network of machines for unpatched security holes; or to launch denial-of-service attacks. The Trojan can also be used to log keystrokes and send detailed information about the victim machine, including passwords, to the attacker. Shane Coursen, senior technology consultant at Kaspersky Lab, said the increased instant messaging worm activity underscores the use of social engineering tactics to trick victims into executing a malicious file. In the case of the Bropia variants, the worm author uses the lure of adult-oriented images (Paris Hilton's name is commonly associated with the worms) transmitted as hyperlinks in an IM session. The worms all arrive with a .PIF (program information file) extension and, once a user clicks on the link, the computer becomes infected and in turn continues the propagation by sending the file to all found MSN Messenger contacts. "This has the potential to massively distribute itself," Coursen told "It sends itself wholesale to all contacts on the MSN buddy list. One more click there and the cycle continues." Additionally, the worm attempts to download a file named "me.jpg" save it to the infected C: drive as "dumprep.exe." When executed, the downloaded file is a variant of the RBot backdoor, Coursen said. Anti-virus experts at Trend Micro Inc. rate the latest threat as "medium risk" and warned that the backdoor Trojan element could present untold dangers. "The similarities between these worms may be attributed to MSN propagation code that has been posted to forums used by virus writers," the company said in an advisory. UKFast is not responsible for the content of external internet sites.

print this article

Return to internet news headlines
View Internet News Archive

Share with: