Question:
New IM worm chats with intended victims
By Joris Evers
Staff Writer, CNET News.com
Published: December 6, 2005, 5:43 PM PST
A new worm that targets users of America Online's AOL Instant Messenger is believed to be the first that actually chats with the intended victim to dupe the target into activating a malicious payload...According to IMlogic, the worm, dubbed IM.Myspace04.AIM, has arrived in instant messages that state: "lol thats cool" and included a URL to a malicious file "clarissa17.pif." When unsuspecting users have responded...asking if the attachment contained a virus, the worm has replied: "lol no its not its a virus"...
The malicious file disables security software, installs a backdoor and tweaks system files...Then it starts sending itself to contacts on the victim's buddy list.
Answers:
Thanks, I don't use AOL Messenger myself, but I know of someone who does.
Answers:
Thanks, I don't use AOL Messenger myself, but I know of someone who does.
Also keep an eye out for this one:
New AIM worm
Published: 2005-12-06,
Last Updated: 2005-12-06 01:55:38 UTC by Bojan Zdrnja (Version: 2(click to highlight changes))
Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading. The worm is simple and doesn't exploit any vulnerability; instead it relies on social engineering.
The user will receive the following AIM message:
"This AIM user has sent you a Greetings Card, to open it visit: http://greetings.aol.com/index.pd?source=c..._card.COM"
Instead of going to the AOLs site, this link actually points to a different site (http://<REMOVED>.<REMOVED>.134.156/My_Christmas_Card.COM) from which the user will download the worm.
This file is a SDBot variant and at the moment the most popular AV programs detect it generically.
Answers:
And this:
Microsoft: Stealth Rootkits Are Bombarding XP SP2 Boxes
By Ryan Naraine
December 6, 2005
More than 20 percent of all malware removed from Windows XP SP2 (Service Pack 2) systems are stealth rootkits, according to senior official in Microsoft Corp.'s security unit.
Jason Garms, architect and group program manager in Microsoft's Anti-Malware Technology Team, said the open-source FU rootkit ranks high on the list of malicious software programs deleted by the free Windows worm zapping utility. "I can tell you that FU is the fifth most removed piece of malware. We're finding the FU rootkit in many different versions of Rbot," Garms said, referring to the IRC controlled backdoor used to illegally infect Windows PCs with spyware.
In addition to the FU rootkit, Garms said the WinNT/Ispro family of kernel mode rootkits features in the top-five list every month. WinNT/Ispro, like FU, is often bundled with illegally installed spyware to allow an attacker to modify certain files and registry keys to avoid detection on an infected machine.
Garms shared statistics culled from the worm cleansing tool in an interview with Ziff Davis Internet News and warned that the high rate of rootkit infections confirm fears that virus writers are using the most sophisticated techniques to hide malicious programs.