AIM worm is more dangerous than anticipated

AIM worm is more dangerous than anticipated Picture 1 Facetime security firm warns that the W32 / Sdbot-ADD type of worm is spreading rapidly among AOL's IM users and is far more dangerous than previous comments.

First discovered by Facetime in October, W32 worm automatically installed a rootkit (lockx.exe file) deep inside the hard drive of infected computers, allowing a hacker group to take . Middle East Can take control of the system. Once the PC has fallen into their hands, the hacker group will install additional spyware code, potentially stealing the user's personal information.

According to Facetime, at least there were tens of thousands of computers infected with W32. Now, they are like large botnets, exploited by hackers to launch denial-of-service attacks against certain websites.

Facetime CEO said the company has released a scanning tool that allows to detect and disable the aforementioned rootkit lockx.exe.

W32's destructive mechanism

W32 worm attacks through AOL's Instant Message line, disguising a name on the contact list to ask users to open an attached link. Obviously, consumers are easily fooled. Just click on this link, a series of adware and rootkit lockx.exe will automatically dump like rain into the computer.

AIM worm is more dangerous than anticipated Picture 2 As soon as they land on the computer, the malware-destroying software first closes the anti-virus program and installs software that allows hackers to remotely control the computer using IRC.

According to the latest research by Facetime, lockx.exe is very active in "opening the back door" for hackers to install other malicious software. These malware can steal user names, passwords, and sensitive information. The most dangerous of these is ster.exe, which allows an attacker to upload, download and closely monitor the infected computer. Some other files allow them to steal Outlook Express passwords, install keyboard monitoring software, collect email addresses stored on the computer, distribute spam and deny service attacks.

According to Facetime, the most likely behind W32 is a hacker group in the Middle East. The group has attacked servers in many countries around the world to spread new malware.

4 ★ | 1 Vote

May be interested

  • FBI fake virusPhoto of FBI fake virus
    the us federal bureau of investigation (fbi) has warned internet users about a form of e-mail spoofing the organization to trick users into opening malicious attachments.
  • Sober is the most dangerous virus of 2005Photo of Sober is the most dangerous virus of 2005
    the powerful explosion of the new sober virus variant last week was assessed as the most scalable attack by email path of dangerous parts in 2005. miko hyppönen, senior researcher of security firm f-secure, suppose this is the end
  • Nightmare named virusPhoto of Nightmare named virus
    already far away, the time when the author of the virus has shattered millions of computers is just a teenage hacker 'little pony', wants to prove the male character. now look back, it's still, anyway
  • RSS is the next target of the virusPhoto of RSS is the next target of the virus
    security research firm trend micro said that rss (really simple syndication) technology would be a powerful attack target for future attacks by computer worms.
  • New Trojan appeared to attack Internet ExplorerPhoto of New Trojan appeared to attack Internet Explorer
    microsoft's warning on november 30 said that windows users can lose control of the system if they only access a web site that stores 'malicious' code. security flaws in internet explorer (ie) are being exploited by a dangerous type of trojan, that is'
  • Top 10 most dangerous viruses in NovemberPhoto of Top 10 most dangerous viruses in November
    security firm sophos has just released a report on the top 10 most dangerous viruses in october. accordingly, netsky has officially become the 'former champion' after nearly four months of consecutive domination of the rankings to yield. location for one