Results 1 to 3 of 3

Thread: New (December) AIM Worm

  1. #1
    Senior Member genXer's Avatar
    Join Date
    Jun 2005

    Exclamation New (December) AIM Worm

    Hello all-

    Just saw this pop-up on the SANS Internet Storm Center, ISC, on news about a new AIM Worm - that supposedly uses Social Engineering.

    Link: http://isc.sans.org/

    Story so far:
    New AIM worm
    Published: 2005-12-06,
    Last Updated: 2005-12-06 01:55:38 UTC by Bojan Zdrnja (Version: 2(click to highlight changes))

    Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading.
    The worm is simple and doesn't exploit any vulnerability; instead it relies on social engineering.

    The user will receive the following AIM message:

    "This AIM user has sent you a Greetings Card, to open it visit: http://greetings.aol.com/index.pd?so...stmas_card.COM"

    Instead of going to the AOLs site, this link actually points to a different site (http://<REMOVED>.<REMOVED>.134.156/My_Christmas_Card.COM) from which the user will download the worm.
    This file is a SDBot variant and at the moment the most popular AV programs detect it generically.

    Thanks to Joshua!

    Update: Some readers have alerted us, and we have confirmed, that there is also a variant going around that redirects to the same IP, but downloads, My_Christmas_Card.SCR. Note, that many of the AV vendors identify this as a variant of SDBot.
    So the "Happy Holidays" are already starting! Woo-hoo.
    \"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club.

  2. #2
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    It seems like there are always more AIM worms being spread around this time of year for some reason. I've seen several in the past couple of weeks, but very few up until then. One girl managed to catch one that brought a bag full of goodies with it, and within a week's time it had butchered her hard drive. She brought it into on-campus tech support and we ran disk check...it ran for three days. It was insane.

  3. #3
    Join Date
    Apr 2003
    But, AOL says they have all this neat new security stuff that takes care of the user and prevents this kind of thing. How could this possibly happen?


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts