There is a highly sophisticated worm spreading via AOL Instant Messenger that researchers are saying is extremely difficult to put down.
Called the W32.pipeline, it appears to have been sent via a buddy. A message appears saying: "Hey, would it be okay if I upload this picture of you to my blog?" Clicking on the link starts an executable file appears as if a JPEG file is downloading...but it is not.
From FaceTime:
Once the user's PC is infected, it becomes part of a botnet and is under complete control of the hacker to use for a variety of purposes that could include relaying SPAM, performing distributed denial-of-service (DDoS) attacks on other computers or committing financial fraud against online advertisers – commonly called click-fraud. In addition, the potential is high for loss of sensitive personal data stored on the user's PC.
Like many IM worms, W32.pipeline first appears as an instant message from a familiar contact, luring users into clicking on a link with a contextual phrase. The IM message "hey would it okay if i upload this picture of you to my blog?" downloads a command file called image18.com, which is disguised as a JPEG. Running the file results in csts.exe being created in the user's system32 folder, part of the Windows operating system.
No comments:
Post a Comment