Rootkit worm linked to hacker group in Middle East
Security firm says bad guys are using BitTorrent to pilfer files from 17,000 PCs. Worm began spreading via AIM last month.
"The fact that they are using instant messaging is a disturbing trend," Wells said. "These guys are using BitTorrent...and that is getting a bit scary. They are using IRC-enabled spyware to control PCs."
BitTorrent is a freely available file-sharing network that hackers have been using to move large files more easily, Wells said.
On Oct. 28, FaceTime identified a worm that delivers a rootkit designed to go undetected by the security software used to lock down control of a computer after an initial hack.
Subsequent research has revealed that the rootkit worm piggybacking on AOL Instant Messenger acts as a back door for adding spyware, which can be used to pilfer usernames, passwords and other personal information.
A hacker can control this process through IRC, or Internet Relay Chat, communications.
Wells said FaceTime traced specific signatures within various code associated with the exploit. This gave them the ability to resolve where the exploits originated.
The FBI did not immediately respond to a request for comment.