Aliases: Win32.Brof.a [Kaspersky], W32/Brof.ow [McAfee]
Variants: N/A

Classification: Malware
Category: Computer Virus

Status: dormant
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 30 Sep 2004
Damage: Low

Characteristics: The W32.Brof program is a direct infector of Windows executables.

More details about W32.Brof

It is documented that the W32.Brof program affects all Windows Operating Systems such as, Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT and Windows XP. It also infects the root directory of the C drive and all of its subdirectories. It continuously creates a file the same as the target file. It includes a “_” sign added at the beginning of the filename. This will be an encrypted filename of the original file. This newly created file will be automatically decrypted and run. As such, it will overwrite the target file having a copy of itself. It also shows a message box containing “There was this boy who had two children with his sisters. They were his daughters. They were his favourite lovers. I got no lips, I got no tounge. Where there were eyes there’s only space. I got no lips, I got no tounge, I got a broken face.” This message was entitled as “Broken_Face.” You will just accept and press the ok button. If you see this message, it only means that your computer is infected.

As its name suggests, this program provides a communication port for the unauthorized access to the compromised machine. This backdoor opened in the system normally remains undetected by the user and other security components. It remains open and attempts to maintain an active Internet connection. The opened port is used by the attacker to retrieve collected information and send more instructions to the controlled machine. It also allows the attacker to use the infected machine as a tool for spreading more security threats.