MSN Messenger invaded by new worm

 A new computer worm is using Microsoft's MSN Messenger instant message network to spread on the Internet, according to antivirus software companies.

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

Bropia.A was first spotted on Wednesday and spreads by sending copies of itself to an MSN Messenger user's instant message (IM) contacts. When the worm is launched, it installs a Trojan horse program, Rbot, on vulnerable machines, according to alerts from F-Secure and Symantec.

Windows machines running MSN Messenger and have a Messenger window open on the desktop are vulnerable to infection. F-Secure and Symantec rated Bropia a low threat, based on the number of reports of infected machines, and issued virus definition updates that allow their products to spot the new IM worm.

While previous IM worms spread by sending links to worm files embedded in IM messages, Bropia spreads by sending commands to Messenger that cause the program to send copies of the worm file directly to the infected user's IM contacts.The Bropia worm is also able to monitor Messenger for any change to a user's IM contacts and send worm files to contacts as they log on to the IM network, Symantec said.

When the worm file is launched, Bropia copies itself to the hard drive of the infected machine, disguised as a file with one of several names, including:"Drunk_lol.pif", "Webcam_004.pif", "sexy_bedroom.pif", "naked_party.pif" or "love_me.pif."

The worm also disables a user's right mouse button to prevent users from accessing context sensitive menus, and to alter the Windows sound mixer volume settings, F-Secure said.

The Trojan horse program that is installed by Bropia, which F-Secure referred to as Rbot, and Symantec as W32.Spybot.worm, opens a back door into infected Windows systems and has features that log user keystrokes, collect vital system information and relay spam, F-Secure said.

IM worms are not a new concept, and computer virus researchers have frequently warned of their potential to spread quickly across global IM networks such as those run by Microsoft, Yahoo Inc. and America Online Inc.

In August, researchers at PivX Solutions Inc. of Newport Beach, California, intercepted a version of the Scob worm that used mass-distributed instant messages to lure Internet users to Web sites that distribute malicious code similar to Download.ject.

Symantec and F-Secure advised customers to update their antivirus software definitions to spot the new worm.