Users login

Create an account »


Users login

Home » Hacking News » AIM worm strikes again

AIM worm strikes again

by Nikola Strahija on November 19th, 2005 The W32/Sdbot-ADD worm which causes trouble for some users of AOL IM is more dangerous than previously thought, report Facetime Security Labs, who originally discovered the worm last month.

Facetime's newer research has found that lockx.exe is being actively used as a backdoor to install additional malware on systems. The additional malware can steal usernames, passwords and other information, and can be controlled via the IRC messaging system, Facetime said.

One of the files installed via lockx.exe, called ster.exe, specifically allows attackers to upload, download and monitor the infected PC, said Facetime. Other files allow theft of Outlook Express passwords, keystroke logging and launching additional attacks on Web sites or networks.

At least tens of thousands of systems appear to be infected, Facetime said. The company's president and chief executive, Kailash Ambwani, said that the network of infected machines could, like other large botnets, be used to carry out denial of service attacks against particular websites.

-We have delivered detailed research information to the US federal authorities and are fully cooperating with their efforts, Ambwani said in a statement.

A group in the Middle East appears to be behind the additional malware, according to Facetime. The group has compromised servers in various countries around the world to distribute the new malware.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »