Panda NewsSecure

NewsSecure No. 9 - March 2005

If your Messenger displays a roast chicken with a bikini, your PC has been infected by the new Bropia.E and Gaobot.CTX worms.

Bropia.E sends itself out through the instant messaging program MSN Messenger and, at the same time, downloads the new Gaobot.CTX worm, which can be controlled remotely in order to download all types of malware to computers.

PandaLabs detected Bropia.E and Gaobot.CTX, two malicious codes that spread together. Bropia.E sends itself out using the instant messaging program MSN Messenger disguised as an image file with a .pif or .scr extension. A long list of options are used to name the file, but some Some examples are:
bedroom-thongs.pif, LMAO.pif or LOL.scr.

Image displayed by Bropia.E

If the user runs the file, it displays a curious image on screen. However, this image is just a cover up to hide the real actions carried out by the worm. This malicious code sends itself out to all the contacts in MSN Messenger and creates various files on the computer, including a file called winhost.exe, which actually contains the Gaobot.CTX worm.

Gaobot.CTX carries out the actions that pose the biggest threat to the computer, as it connects to IRC channels and waits for commands from a remote user. This allows a hacker to download all kinds of files to the affected computer: spyware, adware, other viruses, etc. Panda Software customers who have already installed the new TruPrevent™ Technologies to combat unknown viruses and intruders have been protected from these files as these preventive technologies have been able to detect and block Gaobot.CTX without needing to be able to identify it. More information can be found about the new TruPrevent™ Technologies at http://www.pandasoftware.com/truprevent).

“As a rule of thumb, you should never open a file you receive through instant messaging systems without scanning it first with an updated antivirus. A growing number of viruses are using these applications to spread, and their biggest danger lies in the recipient running executable files without thinking twice, as they are sent from a known address. This also implies that there is risk of them spreading rapidly via instant messaging, leaving poorly protected networks vulnerable to becoming infected in a matter of seconds,” warns Luis Corrons, head of PandaLabs.”

More information about Bropia.E and Gaobot.CTX in at Panda Software's Virus Encyclopedia. (http://www.pandasoftware.com/virus_info/).

Virus and intrusion prevention for your PC. www.pandasoftware.com