We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
AOL chat worm
deary65
Posts: 818 Forumite
in Techie Stuff
New IM worm chats with intended victims
By Joris Evers
Staff Writer, CNET News.com
Published: December 6, 2005, 5:43 PM PST
A new worm that targets users of America Online's AOL Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload...According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded...asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus"...
The malicious file disables security software, installs a backdoor and tweaks system files...Then it starts sending itself to contacts on the victim's buddy list.
http://news.com.com/New+IM+worm+chats+with+intended+victims/2100-7349_3-5984845.html?tag=cd.top
By Joris Evers
Staff Writer, CNET News.com
Published: December 6, 2005, 5:43 PM PST
A new worm that targets users of America Online's AOL Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload...According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded...asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus"...
The malicious file disables security software, installs a backdoor and tweaks system files...Then it starts sending itself to contacts on the victim's buddy list.
http://news.com.com/New+IM+worm+chats+with+intended+victims/2100-7349_3-5984845.html?tag=cd.top
Any posts by myself are my opinion ONLY. They should never be taken as correct or factual without confirmation from a legal professional. All information is given without prejudice or liability.
0
Comments
-
Thanks, I don't use AOL Messenger myself, but I know of someone who does.0
-
Also keep an eye out for this one:tigermatt wrote:Thanks, I don't use AOL Messenger myself, but I know of someone who does.
New AIM worm
Published: 2005-12-06,
Last Updated: 2005-12-06 01:55:38 UTC by Bojan Zdrnja (Version: 2(click to highlight changes))
Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading. The worm is simple and doesn't exploit any vulnerability; instead it relies on social engineering.
The user will receive the following AIM message:
"This AIM user has sent you a Greetings Card, to open it visit: http://greetings.aol.com/index.pd?source=c..._card.COM"
Instead of going to the AOLs site, this link actually points to a different site (http://<REMOVED>.<REMOVED>.134.156/My_Christmas_Card.COM) from which the user will download the worm.
This file is a SDBot variant and at the moment the most popular AV programs detect it generically.Any posts by myself are my opinion ONLY. They should never be taken as correct or factual without confirmation from a legal professional. All information is given without prejudice or liability.0 -
And this:
Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes
By Ryan Naraine
December 6, 2005
More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.'s security unit.
Jason Garms, architect and group program manager in Microsoft's Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted by the free Windows worm zapping utility. "I can tell you that FU is the fifth most removed piece of malware. We're finding the FU rootkit in many different versions of Rbot," Garms said, referring to the IRC controlled backdoor used to illegally infect Windows PCs with spyware.
In addition to the FU rootkit, Garms said the WinNT/Ispro family of kernel mode rootkits features in the top-five list every month. WinNT/Ispro, like FU, is often bundled with illegally installed spyware to allow an attacker to modify certain files and registry keys to avoid detection on an infected machine.
Garms shared statistics culled from the worm cleansing tool in an interview with Ziff Davis Internet News and warned that the high rate of rootkit infections confirm fears that virus writers are using the most sophisticated techniques to hide malicious programs.Any posts by myself are my opinion ONLY. They should never be taken as correct or factual without confirmation from a legal professional. All information is given without prejudice or liability.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.5K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.5K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.4K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards