Pipeline Worm Floods AIM with Botnet Drones

Jeff · #1 (**permalink**) 09-19-2006, 09:55 AM

Proactive research on security threats is the key to catching hidden threats before they can collect confidential data, deliver adware, or take down a network. When researchers grab a threat, it's usually been doing the rounds for some time. Here, we've caught them in early in the act of assembling what looks like a very sophisticated operation - in fact, we've caught it so early that many of the domains called by the first infection file aren't hosting infectious files yet.

How does this infection start off? As always, it begins with a seemingly innocent web address passed to you via Instant Messaging. Click the link and allow the file to execute and your day will quickly go bad...

Read more at The SpywareGuide Greynets Blog

Here are the basics
This nasty worm begins, as most do, as a seemingly innocent request designed to trick you into clicking a link in an AIM message. The two identified by Facetime include:

"hey is it alright if i upload this picture of you to my blog?" and
"hey is it alright if i put this picture of you on my egallery album?"

Both are linked to nasty stuff. And so, repeat after me "I will not click on links I get via IM..."

The thing is, if you get a message like this from a friend in your buddy list, you feel it's "safe" to click. The bad guys who wrote this nasty know this. That's why they use AIM to send out their worm. Once a friend is infected, their AIM program will send out messages to people on their contact list without their knowledge. So you may get that message from a friend, but they didn't knowingly send it.

So always, always, check before you click that link. When I get a link from someone--even a friend--I ask them what it is first. If they respond with something like "what are you talking about?" then you know they didn't send it to you, and you can break the bad news to them: they've been infected.

Jon8RFC · #2 (**permalink**) 09-19-2006, 08:19 PM

If you suspect that you or a friend has been infected, download and run AIM Fix. AIM Fix is the best and only tool specially designed to remove viruses associated with AIM. It's an excellent tool to run even if you don't have AIM installed!

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
active update-aol core services - software update -Is this from AIM?	changejobs	AIM Support	55	06-21-2009 08:42 AM
Happy 10th Birthday to the AIM Buddy List	Jeff	AIM News	4	11-09-2008 10:28 PM
AIM clients - How to put the lockdown on security!	WhiteMateria	AIM Support	14	08-02-2008 06:05 PM
Skimming AIM 5.5 (What to remove!)	WhiteMateria	AIM Support	37	11-11-2006 02:33 PM
AIM Worm Plays Nasty New Trick	Jeff	AIM News	0	10-31-2005 11:34 AM

THE BASICS About us BigBlueBall Blog Contact us	NEWS & REFERENCE Instant Messaging Social Networks Mobile Tech View all categories	DISCUSSION FORUMS Instant Messaging Social Networks Mobile Tech Computer Support View all forums	COMMUNITY Fan us on Facebook Follow us on Twitter Bookmark us on Delicious Subscribe to our RSS feed BigBlueBall badges	CONTRIBUTE Advertise on BigBlueBall Write for us Report a site bug
	Copyright © 2000-2009 BigBlueBall · All rights reserved · Privacy Powered by vBulletin® Copyright ©2000 - 2009, Jelsoft Enterprises Ltd. · Search Engine Friendly URLs by vBSEO 3.2.0

Currently Active Users Viewing This Topic: 1 (0 members and 1 guests)