MSN Messenger Users Warned of Internet Virus - Rodok Worm

javacool · Oct 10, 2002

(Quoted from securitynewsportal.com)

MSN Messenger Users Warned of Internet Virus
The Rodok Worm is running wild on MSN Messengers...
10-10-2002 12:32:15 AM CST -- Source: Korea Times

Trend Micro and Ahnlab.com yesterday sounded alarm over a new virus spreading fast via MSN Messenger, which has around five million regular users in South Korea. The new worm virus, named BR2002, is capable of plaguing computer users once activated by installing a Trojan Horse program that will provide hackers with remote access to their machines, said Hwang Mi-kyung, a spokeswoman at Ahnlab.com. The Trojan Horse program has the potential to disrupt business and personal use of the Internet, capturing information such as passwords and credit card numbers and sending them back to the author of the virus, Hwang said. She said that by 4 p.m. Wednesday, Ahnlab.com had received 100 reports of infection by the worm virus. The companys security experts at around 2 p.m. first identified the virus on the day. Unlike previous viruses, which require a computer user to activate before the virus can spread or do harm, the BR2002 worm virus infects other computers on its own.

The worm sends a short message to unknowing MSN Messenger users consisting of "Hey!! Could you please check out this program for me?If a user downloads and executes the computer file attached to the message, the worm immediately begins to attack the infected computer, Hwang said. "MSN Messenger users can protect their computers from possible infection by shutting down the automatic pop-up window on MSN Messenger when they receive a message, she said. Ahnlab.com said it has developed antivirus software for the new worm virus available for free on its website www. ahnlab.com Instant messaging, which allows users to send instantaneous text messages to each other via the Internet, has emerged as a widespread and powerful tool. According to the Jupiter Media Metrix, AOLs instant messenger service has 27.3 million users, MSN Messenger has 20 million users, and Yahoo messenger boasts 13.5 million users worldwide.
Click to expand...

BitDefender has posted information regarding this worm:
http://www.bitdefender.com/virusi/virusi_descrieri.php?virus_id=102

-Javacool

Technodrome · Oct 10, 2002

It also known as Fleming!

The Internet worm "Fleming" has been detected stealing registration information from computer games.

Kaspersky Labs, an international data-security software developer, announces the detection of a multi-component malicious program spreading itself via the popular Windows (.NET) Messenger program. The harmful code contains a "trojan" that hijacks registration information from the computer games Counter-Strike and Half-Life. Fleming also tries to download and launch other mal-intended programs from the Internet. At this time multiple infections have been registered.

The Fleming Internet worm is a 32-bit Windows application (.exe file) with a size of 53,248 bytes and written in Visual Basic. The worm spreads via the Windows (.NET) Messenger Internet chat program that is built into Windows XP. The worm circulates a message written in English that proposes recipients download a program supposedly developed by the message's author.

The message appears as follows:

http://www.avp.ru/imagesen/news/fleming.gif
The Internet address appearing in the message (http://home.no.net/downlxad/BR2002.exe) contains a copy of the worm.

Fleming does not install itself into the system and is triggered into action only if users launch its code (for example, double-clicking on the program icon in Windows Explorer). When launched, Fleming attempts to download two files from the Internet site "http://home.no.net/downlxad/". The names and save locations of these two files are:

C:\update35784.exe
C:\hehe2397824.exe

Next the worm connects with Windows (.NET) Messenger and waits for incoming messages. When it receives certain messages from the user "styggefolk@hotmail.com", Fleming sends out a reply containing registration information (CD-Keys) from Counter-Strike and Half-Life.
Fleming also finds the Windows (.NET) Messenger contact list and sends its message to each entry.

According to Kaspersky Labs, at this time, the Internet resource "http://home.n0.net/downl0ad/BR2002.exe" is locked.

source: http://www.avp.ru

Technodrome

Log in or Sign up

MSN Messenger Users Warned of Internet Virus - Rodok Worm

javacool BrightFort Moderator

Technodrome Security Expert

Log in or Sign up

MSN Messenger Users Warned of Internet Virus - Rodok Worm

javacool BrightFort Moderator

Technodrome Security Expert

Useful Searches