Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: New MSN worm?

from [Inamabilis] Network Security [Permanent Link]
Subject: Re: New MSN worm?
Date: Thu, 17 Feb 2005 15:47:36 +0000 
I know someone who was sent these same files - unfortunately she
accepted and opened. Going on what she said the worm showed an image,
then attempted to send it's self to all of her msn contacts. Luckily
she shutdown msn quite fast and it doesn't appear to have tried again.
The worm then made a number of files on her C: drive, swapped her
mouse buttons and attempted to disable ctrl alt del.
she was unable to delete the files the worm created until she managed
to open task manager and close one of the running processes.

Some quick googling suggests that the worm is a variant of 'Bropia'
and symantec have dubbed it "W32.Bropia.M".

http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.m.html

Regards

George


On Tue, 15 Feb 2005 22:07:20 +0100, Nicolas Weyland <ufoalien@weyland.ch> wrote:

On Tue, 15 Feb 2005 21:21:23 +0100
Magnus Törnekrona <magnus.tornekrona@cleric.se> wrote:


"LMFAO! http://members.chello.nl/g.geurts1/handcuffs.pif "
(with ':P'-smiley at the end.)


Yes, got the same thing.



I tried to wget the file, but got a 404. chello.nl has probably
already dealt with the problem,
at least on their own servers, but you can never be sure...
Thus, I haven't been able to get the .pif and try to
disassemble it or check the contents,
and after a quick googling I haven't found anything that
matches this new (?) virus/worm.


Seems as it could be a worm (nice file ending!), but it there's
no file there. And there weren't any hidden urls in the msn
protocol. Maybe it's just a hoaxe. For me, there's absolutely no
sense in  it!


Anyone else knows about this and if there's any spyware remover
/ antivirus that fixes the problem?


No, but it remembers me me to a small application that I recieved
last year which did something similarly to that.

greets,
me!

--
Film would be nothing without music; music is everything without
film!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: THC's RealServer (port 554) exploit?, M. Shirk
Next by Date:  port 6801 and Netzero, Brian Collins
Previous by Thread:  Re: New MSN worm?, Nicolas Weyland
Next by Thread:  RE: New MSN worm?, Hazel, Scott A.
Indexes:  [Date] [Thread] [Top] [All Lists]