Fatso messenger worm badmouths Bropia

 

Gallery

Posted on 7 Mar 2005 at 17:22

Variously dubbed Fatso.A or Sumom.a, there is a new worm spreading via instant messaging and peer-to-peer systems.

The memory-resident worm arrives, for example, via MSN messenger and spreads copies of itself to all online MSN messenger contacts of the affected system. It does this by sending an instant message containing a link that will download another copy of itself. The worm is also known to propagate via the P2P file sharing system eMule.

As modern worms go Fatso-A is quite malicious. As well as installing itself in the Windows Registry, it deletes files from the host computer and attempts to turn off anti-virus applications.

You can find Trend Micro's analysis of the threat at the company's website.

Among the files deposited by the worm is a text file that taunts the author of another worm, Bropia, that also attempted to spread via Instant Messaging. This presents the rather alarming prospect of another tit-for-tat conflict between virus authors, resembling that between MyDoom, Netsky and Bagle earlier last year - Rapid MyDoom, Bagle and Netsky variants do battle to control your computer

Despite virus companies already reporting several incidents from the wild - it is reported to be spreading from the USA and Korea - the Fatso worm is currently rated as a 'moderate' threat. This is due to the degree of user involvement in downloading copies. The damage potential of Fatso, however, is rated as 'high'.