Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pipeline Worm Floods AIM With Botnet Drones

Posted by ryuzaki0 on from the now-that's-a-worm dept.

Several reader write about a new AIM threat dubbed the "AIM Pipeline Worm" that uses a sophisticated network of "chained" executables to attack the end user. Security Focus has a brief note. One anonymous reader writes: "Using this method, there is no starting point for the attack — a malicious link via IM can send you to any given file, at which point the path of infection you take depends entirely on the file you start off with. The hackers can then decide which order to install malicious software, depending on their needs at the time. At a bare minimum, you will become a Botnet Zombie — if you're really lucky, you might be Trojaned, have a Rootkit installed on your PC, and be used for spam, file storage, and DOS attacks. Unlike similar attacks that have been attempted in the past, the removal of a file from the chain will not stop the attack — you will simply end up with something else installed instead, in the form of a randomly named executable dumped in your system32 folder. You'll still spam an infection link to all your contacts."

4 of 196 comments (clear)

  1. And the lesson is... by d3ac0n · · Score: 4, Insightful

    Don't use IM software unless it's part of a closed, managed network. For example: www.omnipod.com is what we use for inter-office IM here. It's a closed network, and all files sent are automatically virus scanned before they can be received. Safe and effective, and keeps our employees from IM-ing with people outside the company.

    --
    Official Heretic from the "Church of Global Warming". Proven right thanks to whistle blowers. AGW = Flat Earth Theory
  2. I am sorry if I don't yawn by aepervius · · Score: 4, Insightful

    QUOTE (emphasis mine): How does this infection start off? As always, it begins with a seemingly innocent web address passed to you via Instant Messaging. Click the link and allow the file to execute and your day will quickly go bad."

    The method used after that sound interresting, but nothing beat "trusting" executable being sent by any source, anonym or not , on email or AIM. Do that and SOONER or later your day will turn bad.

    --
    C. Sagan : A demon haunted world:
    http://www.amazon.com/gp/product/0345409469/
    visit randi.org
  3. Re:Simple risk mitigation by (54)T-Dub · · Score: 3, Insightful
    1- Don't run as an administrator.
    Have you ever done this on a windows machine for an extended period of time? I did it for about a week before I gave up. Some programs don't even run unless you are administrator.

    Now if we are talking about a work enviornment then sure, give everyone in the building (except engineering) non-admin accounts, but I would never recommend doing it to someone who didn't have a high level of computer knowledge and patience or an equivalant IT staff on hand to help out with any issues.
    --

    "I can not bring myself to believe that if knowledge presents danger, the solution is ignorance" - Isaac Asimov
  4. And the lesson is, don't use omnipod, use jabber by spun · · Score: 4, Insightful

    It's free and open source. It's scaleable. It's easy to install and manage. It runs entirely on your own infrastructure so your messages aren't vulnerable to prying eyes and bored sysadmins of some other company. You can set it up to interoperate with any other IM system if you want to. There's a ton of open source clients available. Safe and effective, and keeps people from spending money on crap "solutions" that aren't.

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton