This week in security

Trend Micro is warning of a new variant of the Bropia worm that uses MSN Messenger to spread. Bropia.F is packaged with a second, more damaging worm that tries to exploit poorly patched computers, the antivirus company said Thursday.

The latest variant of Bropia was discovered Wednesday evening, Trend Micro said. It infects systems belonging to users of MSN Messenger by sending itself as a picture of a roast chicken with tan lines to all available or online contacts. It also releases a second, more dangerous worm, called Agabot.ajc, on the infected computer.

"The potential for damage is quite high, because it drops another worm on your machine that is quite nasty and can spread through a network by taking advantage of unpatched desktops and servers," said Adam Biviano, a senior systems engineer at Trend Micro.

Sophos warned Thursday that photos of a "dead" Saddam Hussein are the lure for a new mass-mailing worm, in the latest instance of attackers using well-known figures as bait. The Bobax.H worm purports to offer photos that show that the former Iraqi leader was killed while attempting to escape from custody, the antivirus company said.

"It's a brand new virus that converts users' PCs into spam factories," said Graham Cluley, a Sophos senior security consultant. "Although it hasn't reached epidemic proportions yet, it is spreading."

Meanwhile, another new e-mail contains a picture of an old man pulling faces--and a dangerous Trojan horse. This worm, dubbed Wurmark-F, travels as an e-mail attachment and affects systems running Microsoft Windows. When opened, it displays a photo of a man "gurning"--a British tradition of making silly faces.

Sophos reported that when run, the worm installs a Trojan that allows hackers to take control of infected computers and capture information.

Worm authors are notoriously difficult to track down, but at least one has been captured and sentenced. In a poll from Sophos, a majority of respondents said the teenager--19-year-old Minnesota resident Jeffrey Lee Parson--got off easy when he was sentenced to 18 months in prison for unleashing a variant of the MSBlast worm.

A federal district court in January found Parson guilty of modifying the original MSBlast worm, also known as Blaster, and releasing the variant onto the Internet.

About 53 percent of the 250 business PC users responding to the poll said the sentence was too lenient. Only 14 percent believed the sentence should have been less harsh, and 12 percent said the most appropriate punishment was community service.

On the Microsoft front, the software giant downplayed the significance of a reported flaw in its latest update to Windows XP.

Responding to a Russian security company's claim that it found a way to beat a protective element of Microsoft's Windows XP Service Pack 2, Microsoft said it does not believe the issue represents a vulnerability. In fact, the company said the technology highlighted by Moscow-based Positive Technologies was never meant to be "foolproof" and added that the reported flaw does not, by itself, put consumers at risk.

A bumper crop of Microsoft patches will be released next week, including nine fixes for Windows flaws. The forewarning is part of the company's program to give regular computer users notice of monthly security bulletins before the patches themselves are released.