W32/Bropia.D!worm.im

Alias/esIM-Worm.Win32.Bropia.ah, W32.Bropia.C, W32/Bropia-C, W32/Bropia.B, W32/Bropia.C.worm, W32/Bropia.worm.d, Win32.Worm.Bropia.D, Win32/VB.NBI, Worm.Bropia.D, WORM_BROPIA.D
Release DateFeb 07, 2005
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.323
Description

Visible Symptoms

  • The file iexplore.exe  exists in the System folder.

  • In Windows 9x systems, the following blank files exist in the System folder:

    • cmd.exe
    • taskmgr.exe

  • One of the following files exist in the root folder of Drive C:

    • LOL.scr
    • Webcam.pif
    • hahahaha.pif
    • naked_drunk.pif
    • me_2005.pif
    • sister.pif

Detailed Analysis

  • This worm is written in Visual Basic.

  • Copies itself to the root folder of Drive C as any of the following:

    • LOL.scr
    • Webcam.pif
    • hahahaha.pif
    • naked_drunk.pif
    • me_2005.pif
    • sister.pif

  • Drops the file iexplore.exe  in the System folder. This file is detected as W32/SDBot.AKO!worm.


    MSN Messenger Propagation

  • Sends a copy of itself to all MSN Messenger contacts.


    Backdoor and/or Trojan Behavior

  • Causes the following behavior in Windows NT-based systems:

    • Disables the right-click function of the mouse.

    • Prevents the following Windows programs from running:

      • cmd.exe
      • taskmgr.exe

      Note: In Windows 9x systems, these files are created in the System folder, presumably a failed attempt to disable them.
Description Last Updated Date: Sep 21, 2006
Reference: ID - 166967