Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.


Worm Spreads via MSN Messenger, Tempts Users with “Sexy” Images – of Poultry

February 3, 2005 – Trend Micro issued a “medium risk” alert for WORM_BROPIA.F to raise awareness of this worm that spreads via MSN Messenger, a popular instant messaging platform. The worm attempts to send copies of itself in different filenames to all online contacts, pretending to be alluring images – what users get is a comical photo of a roasted chicken with a bikini tan line. The worm also bears the AGOBOT worm as part of its payload, capable of opening backdoor on infected systems. Sightings of the worm have been reported in Taiwan, China, Korea, and the U.S.

Upon execution, the memory-resident WORM_BROPIA.F drops a copy of itself in the Windows system folder, and then tries to propagate to other MSN Messenger users by sending a copy of itself under one of these filenames:
• Bedroom-thongs.pif
• Hot.pif
• LMAO.pif
• LOL.scr
• Naked_drunk.pif
• New_webcam.pif
• ROFL.pif
• Underware. Pif
• Webcam.pif
The worm also executes a file called “SEXY.JPG”, which displays a photo of a chicken that appears to have cooked in the oven with its bathing suit on.

Once it has infected a system, WORM_BROPIA.F also drops a bot program that Trend Micro detects as WORM_AGOBOT.AJC, which drops a backdoor into the infected system, and may allow commands to be executed from a remote malicious user. WORM_AGOBOT.AJC can also steal the Windows Product ID, as well as the CD keys of certain applications.

“Many corporations have been blocking use of instant messenger programs for employee productivity reasons, and now may have good cause to do so for security reasons as well,” commented Joe Hartmann, senior virus researcher for Trend Micro Inc. “With the popularity of instant messengers, it may be the home users who are most at risk - this kind of worm uses humor to make people forget that they are being infected and backdoors are being opened into their systems.”
WORM_BROPIA.F arrives in a file about 184 KB in size. It affects Windows 95, 98, ME, NT, 2000 and XP platforms. .
Trend Micro customers are protected through the latest pattern file, number 2.390.00. Customers of Outbreak Prevention Services should download OPP 144 (or later) to help protect against spread of this threat. For customers of Damage Cleanup Services, Damage Cleanup template # 505 should be downloaded to help with automated restoration of affected systems.
Other users should use Trend Micro’s free online virus scanner, Housecall, which can be found at
For more information on WORM_BROPIA.F, please visit
For more information on WORM_AGOBOT.AJC, please visit

About Trend Micro
Trend Micro is a leader in network antivirus and Internet content security software and services. The Tokyo-based corporation has its European headquarters in Marlow, England, and business units worldwide. Trend Micro products are sold through corporate, value-added resellers and managed service providers. For additional information and evaluation copies of all Trend Micro products, visit:

# # #
Trend Micro and the t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company or product names may be trademarks or registered trademarks of their owners. Information is accurate time it was written and is subject to change without notice.

For more information please contact:

Sophie Heximer/Jaime Edmund, GBC 0208 322 1922

This press release was distributed by ResponseSource Press Release Wire on behalf of Onechocolate Communications in the following categories: Consumer Technology, Business & Finance, Computing & Telecoms, for more information visit