Links leading to a worm that eventually implants a nasty rootkit on a user's computer are popping up on America Online Inc.'s (AOL) Instant Messenger network, security researchers are reporting.
The URL is passed through instant messages on a person's Buddy List and in AOL chat rooms, Websense Inc. reported. Some versions of the URL have been taken down, and all were hosted on personal Web pages, the company said. Users see an IM (instant message) that says "see thing!!" or "hilarious," followed by a URL.
Clicking on the link starts a known worm, W32/Sdbot-ADD, which then transmits the lockx.exe rootkit, according to an advisory posted Friday by FaceTime Communications Inc., which is based in Foster City, California. The code allows an attacker to monitor the computer and upload or download files.
It also attempts to shut down antivirus programs in addition to installing a backdoor that could be used to install more software. The lockx.exe rootkit connects to an IRC (Internet relay chat) server and waits for remote commands.
Additional annoyances include changing the home page on the Internet browser and downloading applications from vendors such as 180solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway and SearchMiracle, FaceTime said.
Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »
Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »
This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »
Recommend This
