Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pipeline Worm Floods AIM With Botnet Drones

Posted by ryuzaki0 on from the now-that's-a-worm dept.

Several reader write about a new AIM threat dubbed the "AIM Pipeline Worm" that uses a sophisticated network of "chained" executables to attack the end user. Security Focus has a brief note. One anonymous reader writes: "Using this method, there is no starting point for the attack — a malicious link via IM can send you to any given file, at which point the path of infection you take depends entirely on the file you start off with. The hackers can then decide which order to install malicious software, depending on their needs at the time. At a bare minimum, you will become a Botnet Zombie — if you're really lucky, you might be Trojaned, have a Rootkit installed on your PC, and be used for spam, file storage, and DOS attacks. Unlike similar attacks that have been attempted in the past, the removal of a file from the chain will not stop the attack — you will simply end up with something else installed instead, in the form of a randomly named executable dumped in your system32 folder. You'll still spam an infection link to all your contacts."

17 of 196 comments (clear)

  1. i love it... by 0110011001110101 · · Score: 5, Funny
    when I get free trojans... it's so embarassing to buy them in the store...

    the internet is a wonderful place

    --
    Don't anthropomorphize computers: they hate that.
    1. Re:i love it... by Kesch · · Score: 2, Funny

      It's not that. It's that he's buying the 'Extra Small' ones. (Sorry, I couldn't help it. It was too good an opportunity to pass up.)

      --
      If this signature is witty enough, maybe somebody will like me.
    2. Re:i love it... by sfeinstein · · Score: 2, Funny

      Heh. And I can't help pointing out that you are most certainly NOT A MARKETER. Can you imagine Trojan or any condom company selling "Extra Small"? Yeah, I'm sure they'd fly right off the shelves.

      It would have to be marketed as "Tight-fit Performance Pro" or hidden in with macho words like "Maximum Super-Shrunk Thunderbolt" or something like that!

      --
      "Whether or not you believe me, I'm right" -RWF
    3. Re:i love it... by inviolet · · Score: 3, Funny
      True that, I buy condoms with a big grin on my face. "Yes ma'am, I AM getting some tonight and for the forseeable future. I'll take the economy pack please."

      Ah, the 36-count jumbo box... I believe the name for that sized box is "The don't-have-a-Family Pack".

      --
      FATMOUSE + YOU = FATMOUSE
    4. Re:i love it... by Dog+Chapman · · Score: 0, Funny

      Here's a tip - your grandmother has been fucked before

      --
      Born on a mountain, Raised in a cave!
  2. Good thing it's AIM ... by (54)T-Dub · · Score: 2, Funny

    ... because it's a well known fact that most AOL users have higher than average internet savvy.

    Now I have more reason than ever to install trillian/gaim on newb computers.

    --

    "I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
    1. Re:Good thing it's AIM ... by fr175 · · Score: 3, Funny
      ... because it's a well known fact that most AOL users have higher than average internet savvy.
      Me too!
  3. Not to Worry by Aqua_boy17 · · Score: 5, Funny

    It's a Pipeline Worm. It's a good thing the internet is made up of tubes instead of pipes or we'd all be screwed!

    --
    What if the Hokey Pokey really is what it's all about?
    1. Re:Not to Worry by revery · · Score: 2, Funny

      It's a Pipeline Worm. It's a good thing the internet is made up of tubes instead of pipes or we'd all be screwed!

      Senator Ted Stevens responds:
      Yes, but you see, the tubes are connected to pipes, and those pipes are connected to larger pipes, and then there are canals, and dams and reservoirs, and other things that are even more complex and convoluted. So you can see by my use of the words "complex" and "convoluted", that it's all terribly complicated. But you are right about one thing: thank God it's not a tube-line attack - I don't know if that's the right word or not - but the tubes, they are the most important part of all the Internets, because that's where we access them, and by "we", I mean me and you.

      Next question?

  4. Re:Simple risk mitigation by russ1337 · · Score: 3, Funny
    Try explain that in terms that the average user will be able to understand.
    CLICK HERE
  5. Re:And the lesson is... by OECD · · Score: 2, Funny

    ... and keeps our employees from IM-ing with people outside the company.

    Which company is that? I just want to be sure to avoid working there ever.

    --
    One man's -1 Flamebait is another man's +5 Funny.
  6. using aim by thedrunkensailor · · Score: 2, Funny

    using aim is like being kicked in the balls

    --
    i support the right to offend.
  7. Re:I am sorry if I don't yawn by $RANDOMLUSER · · Score: 3, Funny
    ...downloads the image18.com file (disguised as a jpeg). Running the file...
    User clicks on .JPG file. Operating system (no names, please) looks at file, says "Oh, that's really an .EXE file, I'll just execute it without asking...".
    Sounds perfectly sane to me.
    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  8. I love these kinds of attacks by JoeyJoeJo · · Score: 2, Funny

    I'm a student employed by the university to fix students' computers in my dorm building. Everyone will click on these links, some more than once. But why do I love these attacks? The hot chicks that will inevitably click the link. I love this job.

    1. Re:I love these kinds of attacks by JoeyJoeJo · · Score: 3, Funny

      Dear Penthouse, I never thought it would happen to me....

  9. fuckers stole my system32 folder by quonsar · · Score: 2, Funny

    lessee... /, bin, boot, debootstrap, dev, etc, home, initrd, lib, media, mnt, opt, proc, root, sbin, srv, sys, tmp, usr, var - nope, it's GONE!

    --

    Sacred cows make the best burgers.

  10. Re:And the lesson is... by djradon · · Score: 2, Funny
    Yeah, if an employee had the card info and the willingness to pass it on, lack of IM is not going to deter him. But there are legit reasons for wanting to block AIM. For one, your unwitting users, some of whom are probably administrators on their local machines, could be exposing sensitive information stored on their local hard drives. I'm going to send a friendly reminder to my AIM/Trillian userbase this morning:

    There's another AIM worm "on the loose" this morning:

    http://blog.spywareguide.com/2006/09/aim_pipeline_ worm_uses_modular.html

    Please don't click on IM links, even if they appear to come from your friends unless you know for certain that you're not talking to an automated process.

    In this particular instance, you might get a message like "hey is it alright to put this picture of you up on my egallery album?" Clicking could induce a continuing "cycle of infections" that would be unseemly given our upcoming Sarbox audit.

    Thanks!

    BTW, Does anyone know a way to block automated hyperlinking of URLs?