Trend Micro has issued a 'medium risk' alert on the worm, which attempts to send copies of itself in different filenames to all online contacts, pretending to be alluring images. What users get is a comical photo of a roasted chicken with a bikini tan line!
The worm also bears the Agobot worm as part of its payload, capable of opening backdoor on infected systems. Instances of this worm attack have been reported from Taiwan, China, Korea, and the US.
The Worm_Bropia.F leaves a copy of itself in the Windows system folder, and then tries to propagate to other MSN Messenger users by sending a copy of itself under one of these filenames: Bedroom-thongs.pif, Hot.pif , LMAO.pif , LOL.scr Naked_drunk.pif, New_webcam.pif, ROFL.pif, Underwear. Pif and Webcam.pif.
The worm also executes a file called 'sexy.jpg', which displays a photo of a chicken that appears to have cooked in the oven with its bathing suit on.
Once it has infected a system, the worm drops a bot program that Trend Micro detects as Worm_Agobot.ajc, which drops a backdoor into the infected system, and may allow commands to be executed from a remote malicious user.
Worm_Agobot.ajc can also steal the Windows Product ID, as well as the CD keys of certain applications.
"Many corporations have been blocking use of instant messenger programs for employee productivity reasons, and now may have good cause to do so for security reasons as well," commented Joe Hartmann, senior virus researcher for Trend Micro Inc.
"With the popularity of instant messengers, it may be the home users who are most at risk as this worm uses humour to make people forget that they are being infected and backdoors are being opened into their systems."
Worm _Bropia.F arrives in a file about 184 KB in size. It affects Windows 95, 98, ME, NT, 2000 and XP platforms.