AOL IM worm on the loose

Worm first appears as an instant message from a familiar contact, asking users to upload a picture.

A new AOL instant-messaging worm is making the rounds, carrying a malicious payload disguised as a JPEG, according to security researchers.

The worm provides a path for rootkits and Trojan horses to propagate on the computers of those listed on the user's buddy list, according to an advisory poublished Monday by FaceTime Security Labs. The Pipeline worm is one of a growing number of instant-messaging threats on the Internet.

Pipeline initially appears as an instant message from a familiar contact, according to FaceTime security. A message appears asking users to click on a link to upload a picture of themselves; instead, a command file, image18.com, is downloaded and disguised as a JPEG, according to FaceTime.

Once the user runs the file, a csts.exe executable program is created and installed in the user's system32 folder, as part of the Windows operating system. After a user's system is infected, it becomes part of a botnet--a group of computers controlled remotely to distribute such malicious attacks as viruses or Trojan horses.

"The emphasis for this latest worm is not so much on the files that are delivered to the users' computers, but rather on the way these files are deposited onto the system," Chris Boyd, FaceTime's research director for malicious software, said in a statement.

AOL has taken steps to block the impact of the malicious software. "This particular worm is no longer a threat on the AIM network, as we've been blocking IMs containing the URL to the hostile site since last Tuesday," AOL spokesman Andrew Weinstein said.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with hoarding photos on your phone

Do you have hundreds (or thousands) of photos on your phone? This one's for you.

by Sharon Profis