A variant of the Bropia worm, Bropia.F attempts to send copies of itself to a user's IM contacts, disguising itself as a comical photo of a roasted chicken with a bikini tan line.

The worm also carries another threat, the Agobot worm, as part of its payload, which can open a backdoor on an infected system and facilitate remote code execution.

Although worm attack reports already have been seen globally, coming in from Taiwan, China, Korea and the U.S., Trend Micro has classified the variant as "medium risk."

Nasty Critter

Upon execution, Bropia.F puts a copy of itself in the Windows system folder, and then tries to propagate to other MSN Messenger users by sending a copy of itself using various filenames like Naked_drunk.pif, Webcam.pif, and ROFL.pif.

The worm also launches the Agobot worm, which puts a backdoor into the infected system, which may allow commands to be executed by a remote, malicious user.

The Agobot worm also can steal the Windows Product ID, as well as the CD keys of certain applications, Trend Micro reports.

Worm Turns The presence of a worm specifically designed to spread through instant messaging is not a surprise, F-Secure researcher Mikko Hypponen told NewsFactor.

"We've regularly seen small-case security problems with various IM systems," he said, adding that there has yet to be a major, wide-scale worm outbreak using the systems.

However, security firms anticipate that such an event could occur. "It's perfectly possible," said Hypponen. "We know it might happen in the near future."

Limited Corporate Spread

Trend Micro has noted that Bropia.F could affect home users more than enterprise users, because many corporations have been blocking the use of IM programs for employees out of productivity concerns.

Now many corporations also may cite security issues for limiting IM use among staff members, since a major IM worm would spread very quickly and could pose a significant threat, Hypponen said.

"IM worms wouldn't have to scan the network to find vulnerable hosts," he noted. "They would know them already, through the buddy lists. This would make them really fast in spreading."