Re: New MSN worm?

Ya, I have seen this running around for the past weeks and know a few 
people who have gotten affected. The program seems to hijack the client 
and send itself to everyone on the person's buddy list.


On Feb 15, 2005, at 3:01 PM, Felix.Simmons@edwardjones.com wrote:

> Did a little looking around, apparently this is tied to the Bropia-A
> worm. Heres a link:
> http://wickedzonenews.blogdrive.com/
>
> Looks to only infect once a person runs the file, but if anyone has 
> seen
> this first hand otherwise let us know.
>
> -Felix
> -----Original Message-----
> From: magnus.tornekrona [mailto:magnus.tornekrona@cleric.se]
> Sent: Tuesday, February 15, 2005 2:21 PM
> To: incidents
> Subject: New MSN worm?
>
>
> Just arrived home, had four persons on my MSN contact list who had sent
> me the following messages:
> "LOOK! http://members.chello.nl/g.geurts1/handcuffs.pif " (with
> ':O'-smiley at the end.)
> "LMFAO! http://members.chello.nl/g.geurts1/handcuffs.pif " (with
> ':P'-smiley at the end.)
> "rofl! http://members.chello.nl/g.geurts1/handcuffs.pif " (with
> ':D'-smiley at the end.)
>
> I tried to wget the file, but got a 404. chello.nl has probably already
> dealt with the problem,
> at least on their own servers, but you can never be sure...
> Thus, I haven't been able to get the .pif and try to disassemble it or
> check the contents,
> and after a quick googling I haven't found anything that matches this
> new (?) virus/worm.
>
> Anyone else knows about this and if there's any spyware remover /
> antivirus that fixes the problem?
>
> Regards,
> Magnus Törnekrona

smime.p7s
Description: S/MIME cryptographic signature