Aqui os dejo un poco de informacion de lo que hace y como se puede medicar
Fuente: TrendLabs
Description:As of February 2, 2005, 6:55 PM (Pacific Standard Time/GMT -8:00), TrendLabs has declared a Medium-Risk alert to control the spread of this new WORM_BROPIA variant that is spreading in Korea, China, Taiwan, and the United States.
To get a one-glance comprehensive view of the behavior of this worm, refer to the Behavior Diagram shown below.
Malware Overview
This memory-resident worm propagates itself via MSN Messenger by sending a copy of itself using different file names to all available or online contacts. Thus, users of the said messaging program should not accept or open these files to avoid infection.
System administrators can also block MSN Messenger transfers to control the spread of this worm.
As a general rule, MSN Messenger users should avoid accepting file transfers coming from an untrusted source.
This worm also drops and executes the file SEXY.JPG in the root folder. This normal .JPG file displays the following image:
It also attempts to drop and execute a bot program, which Trend Micro detects as WORM_AGOBOT.AJC.
Unlike its previous variants, this worm also has an anti-debugging technique. That is, this worm will not run if any of the following debugging applications are currently running on the affected system:
- NT-ice
- Softice
It is also capable of setting the affected system's volume levels to zero, which may be used to prevent users from hearing any sound prompts, especially those that may be coming from antivirus and security applications.
