Friday, February 04, 2005

Wnindows Messenger Chicken In A Bikini Virus

If your Messenger displays a chicken with a bikini, your PC has been infected by the new Bropia.E and Gaobot.CTX worms

PandaLabs has detected Bropia.E and Gaobot.CTX, two malicious code that spread together. Bropia.E sends itself out using the instant messaging program MSN Messenger disguised as an image file with a variable name taken from a long list of options and a .pif or .scr extension.

Some examples of the name of this file are: bedroom-thongs.pif, LMAO.pif or LOL.scr. If the user runs the file, it displays a curious image - a roast chicken with a bikini - on screen.

However, this image is just a cover up to hide the real actions carried out by the worm. This malicious code sends itself out to all the contacts in MSN Messenger and creates various files on the computer, including a file called winhost.exe, which actually contains the Gaobot.CTX worm.

Gaobot.CTX carries out the actions that pose the biggest threat to the computer, as it connects to IRC channels and waits for commands from a remote user.

This allows a hacker to download all kinds of files to the affected computer: spyware, adware, other viruses, etc.

"As a rule of thumb, you should never open a file you receive throughinstant messaging systems without scanning it first with an updatedantivirus. A growing number of viruses are using these applications to spread, and their biggest danger lies in the recipient running executable files without thinking twice, as they are sent from a known address.

This also implies that there is risk of them spreading rapidly via instant messaging, leaving poorly protected networks vulnerable to becoming infected in a matter of seconds," warns Luis Corrons, head of Panda Labs.

As Panda Software's international tech support network has already detected incidents caused by this worm, Panda Software advises users to take precautions and update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect these new malicious code.