The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

SANS – Internet Storm Center – New AIM worm

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System

Handler’s Diary December 5th 2005

New AIM worm (NEW)

Published: 2005-12-05,
Last Updated: 2005-12-05 21:29:58 UTC by Bojan Zdrnja (Version: 1)

Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading.
The worm is simple and doesn’t exploit any vulnerability; instead it relies on social engineering.

The user will receive the following AIM message:

“This AIM user has sent you a Greetings Card, to open it visit: http://greetings.aol.com/index.pd?source=christmastheme?my_christmas_card.COM”

Instead of going to the AOLs site, this link actually points to a different site (http://<REMOVED&gt;.<REMOVED>.134.156/My_Christmas_Card.COM) from which the user will download the worm.
This file is a SDBot variant and at the moment the most popular AV programs detect it generically.

Thanks to Joshua!

Advertisements

December 5, 2005 - Posted by | Virus Outbreaks

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: