New Bropia-worm Variant, Faster and More Dangerous Than Ever
02/02/05
Global Hauri Assigns a High Risk "Code Orange"
SAN JOSE, CA -- (MARKET WIRE) -- 02/03/2005 -- Today, Global Hauri announced a high alert for a fast spreading variant of the Bropia-worm that started spreading out last week. The new Bropia mutation, aka 'Worm.Win32.Bropia.188928' is spreading much faster and is far more devastating for MSN messenger users than its predecessors, Bropia A and C. Symptoms: A file seemingly sent from a "buddy" is loaded with the virus and infects the PC as soon as it's opened. Remote access hijacks the infected PC. Volume differences and right mouse click might indicate the PC user that "something is wrong here." Causes: Once the Bropia infects a system, it resides in the Memory and continues spreading thru MSN Messenger. Bropia is a member of the Rbot family of worms affecting the Windows platform, which installs a backdoor on the system and gives an attacker a way of accessing and controlling the infected system remotely, allowing unauthorized remote access to the infected computer via specific IRC channels while running in the background as a service process. Yet another interesting component of the new Bropia is that it is loaded with a Bot virus component that opens the1294 port. File Names: The new Bropia copies itself into the system folders and creates one of the following file names: -- LOL.scr Webcam.pif -- bedroom-thongs.pif -- naked_drunk.pif -- LMAO.pif -- ROFL.pif -- underware.pif -- Hot.pif -- new_webcam.pif System folders: The infected system folder can vary, depending on each user's configuration, However, the most common are: C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), C:\Windows\System32 (Windows XP) Remedy: First, temporarily block out 1294 ports with any firewall. This is not a "spreading" port but the PC might receive an attack order from this port. "Once you have this virus you are in big trouble. Problem is, the infected file looks just like a message from one of your buddies. The only prevention is to not open any files that come through the messenger and get a good antivirus software. For example, Global Hauri's antivirus engine ViRobot immediately destroys the malicious code even before it can install itself. If not treated, there is a strong likelihood that the virus is 'timed' to launch further attacks in 15 days," explains Eric Kwon, antivirus specialist and CEO of Global Hauri. A 30-day trial version of ViRobot can be downloaded and updated at www.globalhauri.com. Users of Global Hauri's ViRobot are automatically updated. ViRobot supports all Windows based platforms, including Windows 95/98/Me/2000 Professional/NT (Workstations)/XP. Highlighted Links home About Global Hauri, www.globalhauri.com Global Hauri is a wholly owned subsidiary of Hauri, Inc., a publicly held company on the Korean KOSDAQ stock market. Global Hauri, which develops and distributes Hauri anti-virus solutions to the U.S., Canada and Western Hemisphere, is located at 3003 North First St., San Jose, CA 95134 (1-866-GO-HAURI). For more information, contact Global Hauri's Sales and Marketing Department at 408-232-5463, or sales@globalhauri.com. Windows is a registered trademark of Microsoft Corp. Hauri and Global Hauri are registered trademark of Hauri, Inc. All other product or service names mentioned herein are the trademarks of their respective owners. -------------------------------------------------------------------------------- Contact: Xenia von Wedel Terpin Communications for Global Hauri (650) 563-9130 xenia@terpin.com SOURCE: Global Hauri |