Attackers Take Aim at AOL Instant Messenger.

By at 31 October, 2005, 11:40 am

eWeek.com is reporting that a rootkit has targeted and is being spread by AOL’s Instant Messenger Service (Read the Article Here). According to eWeek:

Bundled within the previously identified W32/Sdbot-ADD worm, the lockx.exe rootkit file is installed when users click on the file link within the IM window. Though neither the worm nor the rootkit file are new, it appears to be the worm’s first foray into the AIM (AOL’s Instant Messenger) network. What’s more troubling is that rootkits haven’t previously been spread via IM.

“This is the first instance of a rootkit coming through the IM vector,” said Tyler Wells, senior director of engineering for FaceTime Communications.

The concern is that this can give a bad guy access to your computer including remote control. However, the potential threats are even greater:

Attackers can automatically pass the worm along to users on the Buddy List. Additionally, the rootkit can shut down anti-virus software, alter the users’ search page, run CPU usage to 100 percent and automatically download unwanted programs such as 180Solutions, Zango, MaxSearch and others.

Rootkits provide an attacker with the ability to hide the malicious operations from the user, making it even more insidious since it is actively covering its tracks. As with any file or attachment from an unknown or trusted source, you shouldn’t download it without being absolutely sure that it is a legitimate item.

Categories : Hmmm! | Non-Legal Software | Software


No comments yet.

Leave a comment