Latest MSN Messenger Worm Can Hijack System Info

A new Internet worm is squirming through Microsoft Corp.’s popular MSN Messenger chat network, anti-virus vendors warned on Thursday.

The latest threat comes follows October’s Funner worm attack and signals a growing trend to use instant messaging as a delivery mechanism for malicious activity.

According to an advisory from F-Secure, the new W32/Bropia-A worm users MSN Messenger to lure users into downloading one of the following files: “Drunk_lol.pif”; “Webcam_004.pif”; “sexy_bedroom.pif”; “naked_party.pif”; or “love_me.pif.”

Once executed, Bropia-A also drops a variant of the Rbot backdoor Trojan. Rbot represents the large family of backdoors fitted with the ability to control a victim’s machine remotely by sending specific commands via IRC channels.

F-Secure warned that the bot can also be used to hijack system information, log keystrokes, relay spam or steal sensitive data. Bropia.A can also disable a mouse’s right button and manipulate Windows mixer volume settings, according to the company.

Sophos, a Lynnfield, Mass.-based anti-virus firm, also issued an advisory for the newest MSN Messenger threat, warning that an infected computer will attempt to spread the worm to all active MSN contacts.

Click here to read about plans to use honey pots to track malicious virus activity on instant messaging networks.

The MSN Messenger window has to be open on the infected computer’s desktop for replication to be successful.

Instant messaging platforms have become a happy hunting ground for virus writers because of the personalized aspect of communication. In most cases, users are tricked into accepting a malicious download because it came from a trusted friend or contact on a buddy list.

Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.