iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > AIM Flooding With Malicious Bots
Search:
[ news_security_news ]

AIM Flooding With Malicious Bots



David Utter
Staff Writer
2006-09-18

SecurityProNews: Insider Reports Insider Reports RSS Feed


FaceTime Security Labs have reported a worm traveling over the AIM network that will place bots on unsuspecting user PCs.

(UPDATE! AOL has advised me that their security team has put measures in place to block IMs containing the URLs used in the pipeline worm attack. They have been blocking these since September 12.)

We last mentioned Paperghost, better known as Chris Boyd, during his explorations into Zango and its MySpace adware placements.

Boyd recently posted about a new worm making the rounds via AIM. This "pipeline worm" asks the recipient, "hey would it be ok if i upload this picture of you to my blog?"

Clicking the link could trigger one of several actions. In one scenario, a file hidden in a downloaded jpg image creates a file called csts.exe on a PC. That in turn likely makes the PC part of a botnet, but not in all cases.

One person has already encountered the worm and required a lot of assistance to get it off of his system. The lengthy account of what happened as posted on the TechGuy forums showed the csts.exe executable present on that victim's machine.

Several other scenarios stemming from this new attack could take place. Their seriousness is reflected in the manner in which the attackers have set up the worm to get its files onto targeted systems:

Here, the thrill for the bad guys seems to be in lining up as many of these "install chains" as possible - I keep thinking of a ten move combo on a fighting game such as Tekken...not a bad way to describe it, actually.

What's smart about this attack is that it doesn't matter if you get a file "out of step" - if you start off with a particular file out of sequence, you'll just end up somewhere else in the chain instead. There is no right or wrong place to start with this one - the hackers will make sure you get your fill of infection files!

…We think this particular group have many more executable files ready and waiting to go live, so where this one will end up is anyone's guess.

---
Tags: , ,

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Get all the updates in RSS:




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds