AIM worm is more dangerous than anticipated

Facetime security firm warns that the W32 / Sdbot-ADD type of worm is spreading rapidly among AOL's IM users and is far more dangerous than previous comments.

First discovered by Facetime in October, W32 worm automatically installed a rootkit (lockx.exe file) deep inside the hard drive of infected computers, allowing a hacker group to take . Middle East Can take control of the system. Once the PC has fallen into their hands, the hacker group will install additional spyware code, potentially stealing the user's personal information.

According to Facetime, at least there were tens of thousands of computers infected with W32. Now, they are like large botnets, exploited by hackers to launch denial-of-service attacks against certain websites.

Facetime CEO said the company has released a scanning tool that allows to detect and disable the aforementioned rootkit lockx.exe.

W32's destructive mechanism

W32 worm attacks through AOL's Instant Message line, disguising a name on the contact list to ask users to open an attached link. Obviously, consumers are easily fooled. Just click on this link, a series of adware and rootkit lockx.exe will automatically dump like rain into the computer.

As soon as they land on the computer, the malware-destroying software first closes the anti-virus program and installs software that allows hackers to remotely control the computer using IRC.

According to the latest research by Facetime, lockx.exe is very active in "opening the back door" for hackers to install other malicious software. These malware can steal user names, passwords, and sensitive information. The most dangerous of these is ster.exe, which allows an attacker to upload, download and closely monitor the infected computer. Some other files allow them to steal Outlook Express passwords, install keyboard monitoring software, collect email addresses stored on the computer, distribute spam and deny service attacks.

According to Facetime, the most likely behind W32 is a hacker group in the Middle East. The group has attacked servers in many countries around the world to spread new malware.