Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs
 

Worm Propogates via AOL IM Installs Rootkit & Adware

by FaceTime Security Lab Staff

Foster City, CALIF ? October 28, 2005 - FaceTime Security Labs identified and reported a new threat being propagated through the AOL Instant Messenger (AIM) network. The worm is being passed through instant messages from members on a user?s Buddy List and within AOL chat rooms. FaceTime researchers confirmed today that the W32/Sdbot-ADD - identified previously by including an adware bundle ? also includes the lockx.exe rootkit file. The executable provides an attacker with the capability to upload, download and monitor the infected host. Furthermore, the executable attempts to shut down anti-virus programs and leaves a backdoor on the host PC to install additional software.

Who is affected: All AIM PC users are at risk by new IM exploit.

Description: New IM exploit launched through AIM, that:

  • Adds a lockx.exe rootkit that connects to an IRC server, awaiting remote commands from an attacker. Rootkits may be used by an intruder after cracking a computer system and often hides logins, processes, files, and logs. It may include software to intercept data from terminals, network connections, and the keyboard

  • Acts as a vector for additional adware, worms and viruses

  • Changes a viewer?s original search page to http://www.eza1netsearch.com/sp2.php

  • Often increases the CPU usage to 100 percent after the malware is installed

  • Downloads other applications, including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway, and SearchMiracle

FaceTime Enterprise Edition and IMAuditor customers can proactively block these malicious threats and prevent infections before they happen by blocking downloads of the specific executable files associated with the threat. For more information, visit FaceTime Security Labs? reference site at http://www.facetime.com/securitylabs/imp2pthreats.aspx

Unless otherwise noted this article is Copyright © 2012 by FaceTime Communications, Inc. This article may not be resold, reprinted, or redistributed for compensation of any kind without prior written permission from FaceTime Communications, Inc. For reprint or media inquires please contact us with the phrase "Spyware Guide Articles" in the subject line and we will by happy to assist you. Links to this article from other websites are appreciated and encouraged. Users are also encouraged to utilize our RSS system to provide unique content and extracts for their site.

Related Articles

Read other articles (back to full list)
Help with the BUST!
Become A Spyspotter!
Bust the Bad Guys!
Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
Recent Blog Posts
  • A Year In Security
  • Youtube Comment Bot Spams In Waves
  • VGA Awards Trailers Used As Bait For Spam Offers
  • Fake Visa Electronic Report Serves Up Zbot Data Stealer
  • Banned Console Owners Beat The System - With Stickers
  • Spot The Hack
  • The Futility Of EULAs
  • Auto Whaler Spears Phishers
  • Fake Porn Grabbers Snag Nothing But Malware
  • Console DDoS Botnets - A Thriving Industry
    • Recent Modifications
    2012-1-30  HostSeeker Toolbar
    2012-1-13  2000Cracks
    2012-1-13  7AdPower Dialer
    2012-1-13  Absolu-trans
    2012-1-13  AccessPlugin
    2012-1-13  AcidBattery
    2012-1-13  Acidoor
    2012-1-13  Active-X Dialer
    2012-1-13  Adcheat
    2012-1-13  Adh1_sexarea
     

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.