Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pipeline Worm Floods AIM With Botnet Drones

Posted by ryuzaki0 on from the now-that's-a-worm dept.

Several reader write about a new AIM threat dubbed the "AIM Pipeline Worm" that uses a sophisticated network of "chained" executables to attack the end user. Security Focus has a brief note. One anonymous reader writes: "Using this method, there is no starting point for the attack — a malicious link via IM can send you to any given file, at which point the path of infection you take depends entirely on the file you start off with. The hackers can then decide which order to install malicious software, depending on their needs at the time. At a bare minimum, you will become a Botnet Zombie — if you're really lucky, you might be Trojaned, have a Rootkit installed on your PC, and be used for spam, file storage, and DOS attacks. Unlike similar attacks that have been attempted in the past, the removal of a file from the chain will not stop the attack — you will simply end up with something else installed instead, in the form of a randomly named executable dumped in your system32 folder. You'll still spam an infection link to all your contacts."

3 of 196 comments (clear)

  1. i love it... by 0110011001110101 · · Score: 5, Funny
    when I get free trojans... it's so embarassing to buy them in the store...

    the internet is a wonderful place

    --
    Don't anthropomorphize computers: they hate that.
  2. Not to Worry by Aqua_boy17 · · Score: 5, Funny

    It's a Pipeline Worm. It's a good thing the internet is made up of tubes instead of pipes or we'd all be screwed!

    --
    What if the Hokey Pokey really is what it's all about?
  3. Re:Good thing it's AIM ... by russ1337 · · Score: 5, Informative
    This worm spreads by getting users to run a .com file which is disquised as a .jpg.
    I was surfing pr0n^H^H^H^H^H the Internet the other night and mining some sites... I saw very clever(?) URL's on a couple of websites... they were along the line of:

    www.dodgywebsite.com/really_interesting_picture.jp g_/session_ID=2383/wwwdodgywebsite.com

    Note that the last part of the URL was ".com" .. not part of the website, but the suffix to the file - a COM file!!

    You gotta watch yourself