Site Search:
 
Speak Korean Now!
Teach English Abroad and Get Paid to see the World!
Korean Job Discussion Forums Forum Index Korean Job Discussion Forums
"The Internet's Meeting Place for ESL/EFL Teachers from Around the World!"
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

MSN Messenger virus hits Korea (WORM_BROPIA)

 
Post new topic   Reply to topic    Korean Job Discussion Forums Forum Index -> Technology Forum
View previous topic :: View next topic  
Author Message
Confused Canadian



Joined: 21 Jan 2003
PostPosted: Thu Feb 03, 2005 6:59 am    Post subject: MSN Messenger virus hits Korea (WORM_BROPIA) Reply with quote
Just a heads up...

Apparently this virus has been around for a while, but reappeared today, especially in Korea, China, Taiwan, and the United States.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BROPIA.F

Quote:
Description:
As of February 2, 2005, 6:55 PM (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium-Risk alert to control the spread of this new WORM_BROPIA variant that is spreading in Korea, China, Taiwan, and the United States.

This memory-resident worm propagates itself via MSN Messenger by sending a copy of itself using different file names to all available or online contacts. Thus, users of the said messaging program should not accept or open these files to avoid infection.

System administrators can also block MSN Messenger transfers to control the spread of this worm.

As a general rule, MSN Messenger users should avoid accepting file transfers coming from an untrusted source.

This worm also drops and executes the file SEXY.JPG in the root folder.

(follow above link to see picture)


It also attempts to drop and execute a bot program, which Trend Micro detects the said file as WORM_AGOBOT.AJC.

Unlike its previous variants, this worm also has an anti-debugging technique. That is, this worm will not run if any of the following debugging applications are currently running on the affected system:

NT-ice
Softice
It is also capable of setting the affected system's volume levels to zero, which may be used to prevent users from hearing any sound prompts, especially those that may be coming from antivirus and security applications.



If you accepted a file from anyone on your MSN contact list with any of the following names

Bedroom-thongs.pif
Hot.pif
LMAO.pif
LOL.scr
Naked_drunk.pif
New_webcam.pif
ROFL.pif
underware.pif
Webcam.pif

your computer may be infected, and may be infecting the computers of people on your contact list without your knowledge.

As this variant is new, some of the anti-virus programs may not have included it in their updates yet. If you have it, or think you have it, you can download a free scanner here:

http://www.trendmicro.com/ftp/products/tsc/sysclean.com

You'll also need the reference file, which you can find here:

http://www.trendmicro.com/ftp/products/pattern/lpt390.zip

Unzip everything into the same folder and click on "sysclean.com"

The scan will take a fair bit of time, but it SHOULD completely remove this virus from your system.

Good luck!

Confused Canadian
Back to top
View user's profile Send private message
mindmetoo



Joined: 02 Feb 2004
PostPosted: Thu Feb 03, 2005 4:19 pm    Post subject: Reply with quote
Good stuff. I started a thread here:

http://www.eslcafe.com/forums/korea/viewtopic.php?t=33308

But your post provides some good links. I was getting hit by that so much from my Korean friends I was trying to find manual removal instructions for people who don't have an up to date virus scanner.
Back to top
View user's profile Send private message
Confused Canadian



Joined: 21 Jan 2003
PostPosted: Thu Feb 03, 2005 5:08 pm    Post subject: Reply with quote
Whoops...Embarassed

I did a search but came up with nothing. Ah....the wonderful search engine on this board...

Oh well, the more people we inform, the better.

Confused Canadian
Back to top
View user's profile Send private message
Wangja



Joined: 17 May 2004
Location: Seoul, Yongsan
PostPosted: Thu Feb 03, 2005 5:39 pm    Post subject: Reply with quote
FWIW, in the office I work, with perhaps 400 pc's, messenger was not available from about 10am yesterday. I am guessing that either they had such a problem that they disabled it to prevent further spread or to stop peole chatting!

(But in fact it is used as a business tool to communicate with offices overseas too).
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Korean Job Discussion Forums Forum Index -> Technology Forum All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


This page is maintained by the one and only Dave Sperling.
Contact Dave's ESL Cafe
Copyright © 2018 Dave Sperling. All Rights Reserved.

Powered by phpBB © 2001, 2002 phpBB Group
TEFL International Supports Dave's ESL Cafe
TEFL Courses, TESOL Course, English Teaching Jobs - TEFL International