AOL IM users at risk from botnet-building attack.
Instant messaging security firm
FaceTime Communications
has issued an alert on a highly sophisticated blended attack targeting users of
AOL Instant Messaging
(AIM).
The initial vector of the attack is a worm spreading via AIM buddy lists, persuading recipients to run one of several programs, disguised as an image file. Once on the host machine, downloader trojans are dropped and run to bring in more malicious software, rootkits are installed to mask activity, backdoors are opened to allow the machine to control IRC channels, and buddy lists are harvested and links sent out to more potential victims.
FaceTime
researchers were particularly interested to have caught the botnet at an early stage of being built, and to be able to follow the spreading of the attacks. Details of their findings can be found on their blog,
here
, and in a press release,
here
.
Posted on 19 September 2006 by
Virus Bulletin
Leave a Reply