Archive for the 'Instant Messaging' Category

New AOL IM Worm delivers Rootkit

Monday, September 18th, 2006

A new worm is propagating the AOL Instant Messaging Network. The worm called W32.pipeline was found by Security Experts over at Facetime Security Labs today. The worm arrives as what looks like a picture file but is actually an executable. When executed the worm downloads from a variety of other files including a Rootkit to hide itself. The worm then tries to propagate via the infected users Buddy List.

“Like many IM worms, W32.pipeline first appears as an instant message from a familiar contact, luring users into clicking on a link with a contextual phrase. The IM message “hey would it okay if i upload this picture of you to my blog?” downloads a command file called image18.com, which is disguised as a JPEG. Running the file results in csts.exe being created in the user’s system32 folder, part of the Windows operating system.”

Once installed the worm payload may include sending private information about the infected user back to the attacker, perform Distributed Denial Of Service attacks on websites or sending out spam messages to millions of users worldwide.

Facetime says that the attack seems to be carried out by individuals who want to create a Botnet, a network of computers “owned” by the attacker. Once a member of the Botnet the computer can carry out any operation that the attacker wants.

Keep Safe

regards
Steo
www.antirootkit.com

Trojan Exploits MS06-040 Windows Vulnerability, Drops Rootkit

Friday, September 15th, 2006

IM Worm On MSN, AOL, ICQ, & Yahoo Plants Rootkit

Monday, December 19th, 2005

‘Frankenstein’ rootkit hits AIM users

Monday, November 7th, 2005

Instant Messaging Worm Installs Rootkit

Thursday, November 3rd, 2005