Are we protected against Bropia?

Discussion in 'NOD32 version 2 Forum' started by tempnexus, Jan 25, 2005.

Thread Status:
Not open for further replies.
  1. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    New Worm Piggybacks on MSN Messaging

    New Worm Piggybacks on MSN Messaging By Erika Morphy
    NewsFactor Network
    January 24, 2005 11:07AM

    A new worm called "Bropia.A" spreads through the MSN Messenger and Windows Messenger instant messaging clients, security firms report. The worm loads a Trojan horse that can log keystrokes, collect system information and spread IM spam. See Complete Story


    A new worm is traveling through the MSN network, piggybacking on MSN Messenger and Windows Messenger IM client applications.

    Called "Bropia.A," the worm sends a copy of itself to all contacts in MSN Messenger and Windows Messenger instant messaging Latest News about instant messaging client applications. It then downloads a Trojan horse program, Rbot, which opens a back door into Windows systems.

    The Trojan horse application can then log the keystrokes of the user, collect system information, and spread spam (or "SPIM," as it is called) on instant messaging networks, security Latest News about Security firms report. It also disables the right mouse button of the infected machine to block access to context-sensitive menus, and makes changes to Windows volume settings.

    Targeting IM

    Bropia.A is the latest indication that hackers and spammers no longer are content with spreading malware through e-mail. Akonix, one of the security firms that first sounded the alarm about Bropia, says spim is a growing concern for enterprises, even though its propagation is minuscule compared to spam.

    "Unmanaged public instant messaging is quickly becoming one of the most easily exploitable threat vectors into the enterprise," said CEO Peter Shaw. "The Bropia.A worm is just the latest in a series of attacks that are targeting IM, and organizations are quickly realizing that connecting to public instant messaging networks without an IM security and management gateway in place is analogous to connecting to the Internet without a firewall."

    Not So Funny

    This is not the first time MSN Messenger has been targeted. Last October, the W32/Funner worm spread across the MSN Messenger network sending users a message and attachment that, if opened, infected the machine by installing to its registry and then replicating itself. Funner worm caused hardly any damage, since it was relatively easy to contain.

    But few expect the situation to remain static. Most security and AV software providers believe that IM viruses -- like the viruses that have attempted to targetmobile phones Latest News about mobile phones -- eventually will spread in the wild like e-mail worms do. The virus writers are quite aware that IM is the low-hanging fruit in terms of easy exploitation, Sophos security analyst Greg Mastoras tells NewsFactor, and thus they will try and try again.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Samples have been submitted and Eset are working on an update as we speak.

    Cheers :D
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    A further update, in fact we are protected, Nod32 detects it Heuristically, so yet again Nod32 shines :D :D :D
     
  4. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    NOD32 detect this using signatures too as Win32/VB.NBF.
     
  5. JKP

    JKP Guest

    I think NOD32 doesn't detect Bropia worm by its heuristics.

    In the early morning of 1/20/2005 (asian time) many of my (careless) friends got infected by Bropia worm came via MSN. They use McAfee, Norton, NOD32, Avast, AVG as far as I know all these AVs fail to detect Bropia worm at the first place and seems that Kaspersky is the only AV that can deal with this worm at that moment.

    http://www.sarc.com/avcenter/venc/data/w32.bropia.html
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Indeed it did, and indeed it does ;) :D
     
    Last edited by a moderator: Jan 26, 2005
  7. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    2,825
    Good to know that NOD32 is looking out for us. :)
     
  8. visiting

    visiting Guest

    I think NOD32 doesn't detect Bropia worm by its heuristics.

    In the early morning of 1/20/2005 (asian time) many of my (careless) friends got infected by Bropia worm came via MSN. They use McAfee, Norton, NOD32
    ---------------------------

    I would like a little more elaboration on this...he says NOD32 did NOT detect it.

    Saying NOD32 "detected it and indeed it does" is not sufficient. Symantec had definitions on Jan 19th....when DID NOD32 detect it exactly? Saying it detected it heuristically goes against what the OP said.....wasnt' detected by NOD32. (Of course we don't know what settings were used for NOD32).


    Also, why was Blackspears post edited by another mod?
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    There was a screenshot that showed that Nod32 indeed caught it Heuristically.


    The screenshot was removed, as it was not supposed to be shown (I wasn’t aware of this, now I am).
     
    Last edited: Jan 28, 2005
  10. visiting

    visiting Guest



    There are screenshots posted in this forum all the time! Why was the screenshot removed?
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Only screenshots containing links to real viruses and those containing confidential information are removed.
     
  12. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    So are we protected against it?
     
  13. quexx88

    quexx88 Registered Member

    Joined:
    Nov 26, 2004
    Posts:
    235
    Location:
    Radnor, Pennsylvania
    Yes, we are.
     
  14. dwood

    dwood Registered Member

    Joined:
    Jan 11, 2005
    Posts:
    92
    Not for the latest release.

    Can Eset release protection for Bropia-M please, we have a machine that was infected and it was fairly difficult to remove it. The virus seems to also have a bug as it managed to stop windows from booting, though that could have been by design! So far I've only found Sophos have an update for it http://www.sophos.com/virusinfo/analyses/w32bropiam.html
     
Thread Status:
Not open for further replies.