« Oracle Voyager Worm Mutated | Main | Updated Microsoft Malware Removal Tool (Jan, 2006) »
AIM users targeted again by IM worm, rootkit and adware
Via a ZDNet blog post, I came across this story. In a nutshell, it looks like a new IM worm is out there that not only installs bot software and a rootkit, but also a rootkit detection tool (Rootkit Revealer according to the reports). From the Vital Security weblog:
I think this is round 4 of the installs from these guys in the Middle-East - each one is a little more adventurous (and a little more scary) than the last. As for how you get nailed with this thing in IM, you're most at risk if you have already been infected with Lockx.exe or palsp.exe. That's not to say you're immune if those files aren't on board your PC - it's just that you would have to actively click the link in your chat client to get whacked. Anyone with Lockx.exe could find the bad guys have just sent it down the pipes anyway (like the BitTorrent installs). Of course, it goes without saying that they can control your AIM client and send messages to your buddy list too.
Source: IM Hackers distribute Rootkit and...Rootkit Revealer?!, Friday, January 06, 2006.
More information:
- Press Release: New IM Worm Targets AIM Users to Deliver Adware Payload, FaceTime Security.
- AIM users targeted again by IM worm, rootkit and adware, ZDNet blog, Friday, January 06, 2006.
The fact that someone is distributing an IM worm with an IRC bot and a rootkit should come as no surprise. This isn't new. What is odd, however, is the fact that it also comes with a tool to detect the rootkit. That's not something you see everyday.
If someone could send me a sample, I would happily post an analysis here.
January 7, 2006 in IM worms, new worms | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
