Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pipeline Worm Floods AIM With Botnet Drones

Posted by ryuzaki0 on from the now-that's-a-worm dept.

Several reader write about a new AIM threat dubbed the "AIM Pipeline Worm" that uses a sophisticated network of "chained" executables to attack the end user. Security Focus has a brief note. One anonymous reader writes: "Using this method, there is no starting point for the attack — a malicious link via IM can send you to any given file, at which point the path of infection you take depends entirely on the file you start off with. The hackers can then decide which order to install malicious software, depending on their needs at the time. At a bare minimum, you will become a Botnet Zombie — if you're really lucky, you might be Trojaned, have a Rootkit installed on your PC, and be used for spam, file storage, and DOS attacks. Unlike similar attacks that have been attempted in the past, the removal of a file from the chain will not stop the attack — you will simply end up with something else installed instead, in the form of a randomly named executable dumped in your system32 folder. You'll still spam an infection link to all your contacts."

3 of 196 comments (clear)

  1. Simple risk mitigation by LinuxIsRetarded · · Score: 3, Informative

    1- Don't run as an administrator.
    2- Back up your profile regularly.

    If you ever get bitten by something like this, it's easy to recover from.

  2. Re:Good thing it's AIM ... by russ1337 · · Score: 5, Informative
    This worm spreads by getting users to run a .com file which is disquised as a .jpg.
    I was surfing pr0n^H^H^H^H^H the Internet the other night and mining some sites... I saw very clever(?) URL's on a couple of websites... they were along the line of:

    www.dodgywebsite.com/really_interesting_picture.jp g_/session_ID=2383/wwwdodgywebsite.com

    Note that the last part of the URL was ".com" .. not part of the website, but the suffix to the file - a COM file!!

    You gotta watch yourself
  3. Solutions by Beryllium+Sphere(tm) · · Score: 3, Informative

    Within the reach of a normal person, shift-right-click and Run As... will get you temporary and per-process administrator privileges without the insanity of running Internet Explorer as root.

    Within the reach of an expert, RegMon and FileMon can point you to the isolated places where changing ACLs will allow the stupid program to run. The most frequent bug is for a program to try to write to one or a few protected locations.