Strange AIM worm going around. It apparently includes an interesting combination of rootkits, a rootkit detector, spyware/adware, and a specialized bittorrent client. The machines can then be controlled through IRC. Source seems to be the Middle East…
IM hackers then control a global botnet where their infections can be tested and payloads are pushed. Facetime traced these hackers to the Middle East.
The same IM hackers sent movies by way of IRC and their own version of BitTorrent, installing it without consent. Now the IM hackers are back with more, nastier malware, Rootkit Revealer and adware from 180solutions/Zango.
According to the Sunbeltblog it the tease come-on for AIM is the following:
The worm lures victims through the following AOL Instant Messenger with the following messages:
“great picture 🙂 http://www.picteurestrail.net/Mastermon/XXXXXX.JPGâ€, or“not a right time to take a picture haa 🙂 http://www.picteurestrail.net/Mastermon/XXXXXX.JPGâ€
“not a right time to take a picture haa 🙂 http://www.pictrail.net/Matelord/XXXXXX.JPG”
“not a right time to take a picture haa 🙂 http://www.picstrailx.net/Mateslord/XXXXXX.JPG”
Be suspicious of links.
Comments
One response to “AIM worm”
M Hackers Give Away Spyware and More…
Chris Boyd (aka Paperghost) talks more about it on Vitalsecurity and explains that the worm not only installs a number of rootkits, but also a rootkit remover (the screenshot is from his blog). The said rootkit remover is called Rootkit Revealer. Thi…