This application requires Javascript for optimal performance.

W32/Bropia.AH!worm.im - Released Feb 25, 2005 - Last Updated Apr 11, 2006

Alias/es

IM-Worm.Win32.Bropia.ah, W32/Bropia-C, W32/Bropia.AH-net, W32/Bropia.B, W32/Bropia.D!worm.im, W32/Bropia.D-net, W32/Darro

Visible Symptoms

  • The following files exist in the root folder of Drive C: LOL.scr, Webcam.pif, hahahaha.pif, naked_drunk.pif, me_2005.pif and sister.pif.
  • The right mouse button is disabled.

Detailed Analysis

  • Sample is written in Visual Basic.

  • Opens the files cmd.exe and taskmgr.exe, found in the System folder, thus preventing these files from being executed.

  • Disables the right mouse button.

  • Creates several copies of itself to the root folder of Drive C. The copies have the following filenames:

    • LOL.scr
    • Webcam.pif
    • hahahaha.pif
    • naked_drunk.pif
    • me_2005.pif
    • sister.pif

  • May drop the file cz.exe to the root folder of Drive C. This file is detected as W32/Sdbot.AKO-net.

  • Attempts to send itself via MSN messenger, and may monitor changes to the contact list.

Recommended Action

Check the web interface for your Fortigate unit to ensure the latest AV/NIDS definitions have been downloaded and installed on your system - if required, enable the "Allow Push Update" option

Reference: ID - 167131