p2pnet - rss feed: MSN Messenger Bropia F worm
p2pnet.net News:- Bropia F, a minor variant of Bropia.A, is the latest worm to catch the public eye, and this principally because it uses MSN Messenger to get around.
When it’s run, it copies itself as “msnus.exe” in the Windows system directory and then looks for winhost.exe, winis.exe and dnsserv.exe.
If it doesn’t find them, says F-Secure, it drops “cz.exe” and executes it to copy ‘winhost.exe’ in the Windows system directory adding the registry keys:
[HKLMSoftwareMicrosoftWindowsCurrentVersionRun]
“win32″ = “%SysDir%winhost.exe”
“This ensures that it will be executed at next system startup,” says F-Secure. “The bot can be used as a backdoor, collecting system information, logging keystrokes, relaying spam and for various other purposes.”
But it looks worse than it is because as Mikko Hypponen, the company’s director of antivirus research observes, “Do note this is not an automatic network worm; it still needs the recipients to accept the incoming file and run it.”
Bropia F also likes to display a Nekked Chicken with grill-lines and named SEXY.JPG. So if you see one such …
Something you think we should know? tips[at]p2pnet.net
===================
See:-
nekked chicken - F-Secure Virus Descriptions : Bropia.F, February 3, 2005
