Eccovi alcuni link ed articoli
--------
Calcutta Telegraph

Worm on MSN Messenger detected

Posted online: Tuesday, February 08, 2005 at 0032 hours IST

CHENNAI: A new computer worm that spreads through the MSN Messenger, an instant messaging platform, is likely to tempt Internet chat users with “sexy” images, an anti-virus software firm warned on Monday.

“The worm attempts to send copies of itself in different file names to all online contacts, pretending to be alluring images,” said Trend Micro, an Internet security software and anti-virus firm, in a press release here. “MSN Messenger users get comical photo of a roasted chicken with a bikini tan line. The worm also bears the AGOBOT worm as part of its payload, capable of opening backdoor on infected systems,” Trend Micro said.

The sightings of the worm have been reported in Taiwan, China, Korea and the US, it said. Upon execution, the memory resident worm (WORM—BROPIA.F) drops a copy of itself in the Windows system folder, and then tries to propagate to other MSN Messenger users by sending a copy of itself under other file names. —PTI

----

Neowin, Boston
MSN Messenger Service Experiencing Outages
Posted by Tom Warren on 08 Feb 2005 - 05:49 | 77 comments

For the second time in two weeks, the MSN Messenger Service is experiencing worldwide sporadic problems.

Some users are still connected but many have been forced off the Messenger Service. MSN's status page which provides updates to customers about any service problems is currently experiencing "Server is too busy" errors and ASP errors.

On the 23rd of January the MSN Messenger Service was down for around 5 hours before service was restored.

An MSN Spokesperson confirmed the following last time "The MSN Messenger service experienced a hardware issue that resulted in a disruption of service for some customers this weekend. We identified the issue and worked to resolve it as quickly as possible. We apologize to any customers who were inconvenienced."

It's possible that this could be the issue again and we are awaiting Microsoft's response to this. Meanwhile a Neowin member, Dom, believes he knows the true reason as to why MSN Messenger is down..."I have official word of why MSN is down, one of the cleaners unplugged the plug to the 4 way which has the 2 MSN Messenger servers and the 2 routers on it so she could hoover the server room". You never know huh

Update: MSN Messenger seems to be stable for now. An MSN Spokesperson said that "MSN has identified an isolated issue within our datacenter and are taking the appropriate steps to restore full operation to all of our customers".
--------------

Core Securities Technologies

Core Security Technologies Announces Vulnerability in Microsoft’s MSN Messenger
Posted on 08 February 2005 | Other CREDANT Technologies releases at HNS

Critical Flaw Could Potentially Affect Over 130 Million Users Worldwide

BOSTON, MA: FEBRUARY 8, 2005 – Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, today published a vulnerability in Microsoft’s MSN Messenger, an instant messaging program currently used by over 130 million people worldwide. Core researchers discovered that by selecting a specially-crafted graphic as the user’s display picture in MSN Messenger, an attacker could trigger a buffer overflow vulnerability on the chat partner’s computer and surreptitiously take over machines running instant messaging software. The attack would travel through the established chat session and would pass unnoticed by firewalls, network intrusion detection systems and even host-based personal firewalls and antivirus software. According to the vendor, Windows Messenger and Windows Media Player are also affected by this vulnerability.

“This is a critical security flaw since it directly affects more than 130 million users and because the attack is very likely to go unnoticed by the several layers of security countermeasures commonly used today,” said Ivan Arce, CTO at Core Security Technologies. “Since initially reporting the flaw, we have been working closely with the vendor and we are pleased to see that a fix is now available.”

Vulnerability Specifics: The MSN Messenger protocol allows for the transmission of images between users during electronic conversations. The image format used to transfer those images is called Proprietary Network Graphics (PNG). When a user selects a picture to be displayed, Messenger converts it to the PNG format, with a fixed size and encoding characteristics. These images are then transmitted over the same communication channel used to exchange text messages. By sending a specially crafted PNG image, an attacker can trigger a buffer overflow and execute arbitrary code on the chat partner’s machine.

Other Vulnerability Related Facts:

Microsoft estimates the number of MSN Messenger users to be around 130 million worldwide (http://www.microsoft.com/presspass/press/2004/jul04/07-08FlirtingPR.asp).
Systems running vulnerable MSN Messenger clients on Windows XP with Service Pack 2 installed are also exploitable.
The vulnerability is exploitable in MSN Messenger client software up to version 6 including binary files compiled with the Visual Studio GS stack overflow protection mechanism. MSN Messenger 7 (beta) clients are not vulnerable.
Exploitation of the vulnerability can be carried out though the same communications channel used by legitimate users for normal chat sessions, therefore it is very difficult to differentiate attacks from normal traffic.
A similar vulnerability in the open source libPNG image-processing library was discovered by Chris Evans and fixed in August 2004.

For more information on the vulnerability, please go to:
http://www.coresecurity.com

For a Link to Microsoft’s patch, please go to: www.microsoft.com

--------------
Computerworld, by IDG

MSN Messenger worm raised to medium threat
The Bropia.F worm is spreading through Taiwan, Korea, China and the U.S.

Related to this topic

> Teen sentenced for unleashing Blaster worm
> Sidebar: Intelligence Providers' Methods Explained

> Heading off hackers

> Open-Source Foes

Other resources

> New webcast: - Enforcing enterprise security compliance with TAP.

News Story by Scarlet Pruitt

FEBRUARY 04, 2005 (IDG NEWS SERVICE) - Security experts have raised the warning level on a worm that spreads via Microsoft Corp.'s MSN Messenger, in an effort to slow its crawl through Taiwan, Korea, China and the U.S.
The Bropia.F worm, a variant of the Bropia.A worm detected last month, was raised to a medium-risk threat this week by antivirus firm Trend Micro Inc.

The worm propagates by sending a copy of itself under different file names -- including "bedroom-thongs.pif," "hot.pif" and "naked-drunk.pif" -- to all available or online contacts on an infected user's MSN Messenger list. It also sends and executes a file titled "sexy.jpg," which carries the image of a headless, plucked chicken sunbathing, replete with pronounced bikini tan lines.

The variant also attempts to drop and execute a bot program, which tries to copy itself into network shared folders and has an antidebugging feature, Trend Micro said. The worm will not run on an infected system if the NtIce and SoftIce debugging applications are running.

In addition, the worm attempts to lower the volume on infected users' machines so they cannot hear audio security threat warnings, according to the antivirus company.

Trend Micro recommended that MSN Messenger users block file transfers to slow the worm's spread.