Un nuevo virus se está propagando a través de msn messenger mediante transferencia de archivos. El virus ha sido identificado como Bropia por F-secure.
El virus se envía con los siguientes nombres de archivo.
sexy_bedroom.pif
drunk_lol.pif
naked_party.pif
webcam_(numero).pif
love_me.pif
Estad atentos por si os envía un archivo con alguno de estos nombres.
NAME: Bropia.A
ALIAS: IM-Worm.Win32.VB.a
Summary
Bropia.A is a worm that uses MSN messenger for spreading by sending itself as "Drunk_lol.pif", "Webcam_004.pif", "sexy_bedroom.pif", "naked_party.pif" or "love_me.pif". It also drops a variant of Rbot on the infected computer.
Detailed Description
When run, the worm checks files
adaware.exe
VB6.EXE
lexplore.exe
Win32.exe
If these files are not found, it drops file
oms.exe
and executes it. This file is a variant of Rbot. When "oms.exe" is run, it copies itself as "lexplore.exe" and adds the following registry keys:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"lexplore" = "lexplore"
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
"lexplore" = "lexplore"
This ensures that it will be executed at next system startup. The bot can be used as a backdoor, collecting system information, logging keystrokes, relaying spam and for various other purposes.
Brobia.A can also disable mouse right button and manipulate Windows mixer volume settings.
