Posted by Virus Bulletin on Sep 19, 2006
AOL IM users at risk from botnet-building attack.
Instant messaging security firm FaceTime Communications has issued an alert on a highly sophisticated blended attack targeting users of AOL Instant Messaging (AIM).
The initial vector of the attack is a worm spreading via AIM buddy lists, persuading recipients to run one of several programs, disguised as an image file. Once on the host machine, downloader trojans are dropped and run to bring in more malicious software, rootkits are installed to mask activity, backdoors are opened to allow the machine to control IRC channels, and buddy lists are harvested and links sent out to more potential victims.
FaceTime researchers were particularly interested to have caught the botnet at an early stage of being built, and to be able to follow the spreading of the attacks. Details of their findings can be found on their blog, here, and in a press release, here.
Posted on 19 September 2006 by Virus Bulletin
