If Your Messenger Displays a Roast Chicken With a Bikini, Your PC Has Been Infected By The New Bropia.E And Gaobot.Ctx Worms
– Bropia.E sends itself out through the instant messaging program MSN Messenger and, at the same time, downloads the new Gaobot.CTX worm, which can be controlled remotely in order to download all types of malware to computers.
– TruPrevent Technologies, the most intelligent technologies to combat unknown viruses and intruders, have detected and blocked Gaobot.CTX, preventing hackers from downloading files to the system.
– Panda Software’s international tech support network has already detected incidents caused by these worms.
PandaLabs has detected Bropia.E and Gaobot.CTX, two malicious code that spread together. Bropia.E sends itself out using the instant messaging program MSN Messenger disguised as an image file with a variable name taken from a long list of options and a .pif or .scr extension. Some examples of the name of this file are: bedroom-thongs.pif, LMAO.pif or LOL.scr.
If the user runs the file, it displays a curious image on screen. However, this image is just a cover up to hide the real actions carried out by the worm. This malicious code sends itself out to all the contacts in MSN Messenger and creates various files on the computer, including a file called winhost.exe, which actually contains the Gaobot.CTX worm.
Gaobot.CTX carries out the actions that pose the biggest threat to the computer, as it connects to IRC channels and waits for commands from a remote user. This allows a hacker to download all kinds of files to the affected computer: spyware, adware, other viruses, etc.
Panda Software clients who already have the new TruPrevent Technologies to combat unknown viruses and intruders installed have been protected from these files being downloaded to their computers, as these preventive technologies have been able to detect and block Gaobot.CTX without needing to be able to identify it first.
“As a rule of thumb, you should never open a file you receive through instant messaging systems without scanning it first with an updated antivirus. A growing number of viruses are using these applications to spread, and their biggest danger lies in the recipient running executable files without thinking twice, as they are sent from a known address. This also implies that there is risk of them spreading rapidly via instant messaging, leaving poorly protected networks vulnerable to becoming infected in a matter of seconds,” warns Luis Corrons, head of PandaLabs.
As Panda Software’s international tech support network has already detected incidents caused by this worm, Panda Software advises users to take precautions and update their antivirus software. Panda Software has made the corresponding updates available to its clients to detect and disinfect these new malicious code.
Panda Software’s clients can already access the updates for installing the new TruPrevent Technologies along with their antivirus protection, providing a preventive layer of protection against new malicious code. For users with a different antivirus program installed, Panda TruPrevent Personal is the perfect solution, as it is both compatible with and complements these products, providing a second layer of preventive protection that acts while the new virus is still being studied and the corresponding update is incorporated into traditional antivirus programs, decreasing the risk of infection. – Bropia.E: http://www.pandasoftware.com/…overview.aspx?idvirus=58682 – Gaobot.CTX: http://www.pandasoftware.com/…overview.aspx?idvirus=58683