Com-Central.net

Shadow_Bshwackr · Posted: Wed Mar 09, 2005 6:57 am Post subject: New MSN Messenger Worms..

Worm Chatter Escalates on MSN Messenger
By Ryan Naraine
March 7, 2005

Anti-virus vendors report an increased chatter of virus activity on Microsoft Corp.'s Microsoft Network messenger Sunday night through Monday.

In what appears to be a concentrated attack on users of the MSN instant messaging client, security experts warn that several new worms with unique replication techniques have been launched alongside mutants of the known Bropia virus family.

"We are regularly adding detection for new Bropia worm variants," F-Secure virus analyst Alexey Podrezov said in a notice.

In addition, he said two new MSN wormsÃ¢â‚¬â€?identified as Kelvir and SumomÃ¢â‚¬â€?have also joined the fray.

PointerClick here to read more about the Bropia virus family.

Both Kelvir and Sumom, like the Bropia mutants, are capable of installing the Backdoor.Rbot Trojan horse, which gives an attacker remote access to a compromised system.

The Rbot Trojan can be controlled via IRC (Internet Relay Chat) to monitor networks and hijack sensitive information; scan a network of machines for unpatched security holes; or to launch denial-of-service attacks.

The Trojan can also be used to log keystrokes and send detailed information about the victim machine, including passwords, to the attacker.

eWEEK.com Special Report: Cyber-Crime

Shane Coursen, senior technology consultant at Kaspersky Lab, said the increased instant messaging worm activity underscores the use of social engineering tactics to trick victims into executing a malicious file.

In the case of the Bropia variants, the worm author uses the lure of adult-oriented images (Paris Hilton's name is commonly associated with the worms) transmitted as hyperlinks in an IM session.

PointerRead more here about a Bropia virus mutant that posed as sexy image files.

The worms all arrive with a .PIF (program information file) extension and, once a user clicks on the link, the computer becomes infected and in turn continues the propagation by sending the file to all found MSN Messenger contacts.

"This has the potential to massively distribute itself," Coursen told eWEEK.com. "It sends itself wholesale to all contacts on the MSN buddy list. One more click there and the cycle continues."

Additionally, the worm attempts to download a file named "me.jpg" save it to the infected C:\ drive as "dumprep.exe."

When executed, the downloaded file is a variant of the RBot backdoor, Coursen said.

Anti-virus experts at Trend Micro Inc. rate the latest threat as "medium risk" and warned that the backdoor Trojan element could present untold dangers.

"The similarities between these worms may be attributed to MSN propagation code that has been posted to forums used by virus writers," the company said in an advisory.

DEALING WITH AN INFECTION:

# F-Secure Inc. has posted virus definitions for Bropia, Kelvir and Sumom.

eWEEK.com Special Report: Internet Security

# Kaspersky Lab offers detailed descriptions for the Bropia and the Rbot Trojan family.

# Trend Micro Inc. offers Housecall, a free virus scanner. The company has also posted updated virus definitions for the latest threat.

# McAfee's Stinger is a stand-alone utility used to detect and remove specific viruses. It is not meant to be a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system.

Just for your info....:D

AARP-StepChild · Posted: Wed Mar 09, 2005 8:10 am Post subject: Re: New MSN Messenger Worms..

I run Kapersky religiously and have seen only one instance of the trojan. Thanks for the update.

401RCAF_HitMan · Posted: Wed Mar 09, 2005 3:50 pm Post subject: Re: New MSN Messenger Worms..

Thanks for the info Bush.....I hate them fekin worms...EEEEeewwwwwwwww

RCAF_MadDog · ***Janitor*** Offline Joined: Nov 13, 2004 Posts: 849

Thx Bush worms can kill a Dog so I guess ya saved my life on this one lol

RAF92_Moser · Posted: Sun Mar 13, 2005 9:13 am Post subject: Re: New MSN Messenger Worms..

Been a little worried about this one. Is the worm. Dumprep.exe? Haven't accepted any of those files, but need a confirmation.

Also, yesterday, got a bunch of C++ script errors, then messenger crashed. Never happened before....messenger is acting fine though now. It may be a glitch and I am running the 7.0 beta. Antivirus says nothing is there, but it may not know the worm exists.

Shadow_Bshwackr · Posted: Mon Mar 14, 2005 6:30 am Post subject: Re: New MSN Messenger Worms..

The worms all arrive with a .PIF (program information file) extension and, once a user clicks on the link, the computer becomes infected and in turn continues the propagation by sending the file to all found MSN Messenger contacts.

"This has the potential to massively distribute itself," Coursen told eWEEK.com. "It sends itself wholesale to all contacts on the MSN buddy list. One more click there and the cycle continues."

Additionally, the worm attempts to download a file named "me.jpg" save it to the infected C:\ drive as "dumprep.exe."

When executed, the downloaded file is a variant of the RBot backdoor, Coursen said.

I would say you got it ...:wink:

RAF92_Mustang · Posted: Mon Mar 14, 2005 7:46 am Post subject: Re: New MSN Messenger Worms..

dont to sending it to me moser...

401RCAF_HitMan · Posted: Mon Mar 14, 2005 7:18 pm Post subject: Re: New MSN Messenger Worms..

dumprep.exe is also a XP file

dumprep.exe forms a part of Microsoft Windows XP (and later versions), in-built fault logging software. Upon serious errors this program will write the details to a text file and request the information be sent to Microsoft. This program is a non-essential system process, and is installed for third party use.

so don't shite yerself if you find it..lol

RAF92_Moser · Posted: Mon Mar 14, 2005 8:33 pm Post subject: Re: New MSN Messenger Worms..

Alright, installed that Stinger, it couldn't find any worm. Looked up Dumprep.exe on the net, found exactly what Hitman said. Whew, almost did shite myself...

RAF92_Mustang · Posted: Tue Mar 15, 2005 2:26 pm Post subject: Re: New MSN Messenger Worms..

A person on my MSN messenger list just tried to send me a file called "Sadam Song.pif" considering I never talk to them, and I didnt know what a PIF file was, I declined the transfer, do ya think this was related to the worm?

Also, *EDITING ORIGIONAL POST* I just got sent another message from them and I took a screenshot.. Names and e-mail blured for privacy...

RAF92_Moser · Posted: Tue Mar 15, 2005 5:18 pm Post subject: Re: New MSN Messenger Worms..

Definitely, a threat. I'll try to find out stuff about that.

Com-Central.net

Select Language

Login

`±`Recent Visitors

`±`User Info-big

Archive Revive
Username:
This is an archived topic - your reply will not be appended here. Instead, a new topic will be generated in the active forum. The new topic will provide a reference link to this archived topic.

Com-Central.net

Select Language

Login

±Recent Visitors

±User Info-big

`±`Recent Visitors

`±`User Info-big