New Worm AIMed at Computer Users

by Michael on September 20th, 2006 in Industry and Security News, Security Alerts.

Just when you thought you knew how to protect yourself from online threats, we have another warning for you.

A new worm, known as Win32.Pipeline, has been identified and is spreading over AOL Instant Messenger. Security researchers think the goal of the worm is to create a sophisticated botnet, used for a variety of malicious intent.

The new worm is showing behavior that's typical of one of the many variants of "AIM virus": appearing as an instant message from someone you know in order to get you to click a link. The file is then capable of downloading rootkits and Trojans that could spread the worm through your Buddy List, infecting your friends.

What's not so typical, though, is the way that files are deposited onto your computer. According to the research guys at FaceTime Security Labs who first discovered the threat, their goal is to line up as many "install chains" as possible to make sure there is a pipeline that can be controlled by their rogue botnet.

In a recent article, PC World tells us that the worm is unique because the program is able to randomly contact many different sites around the globe. Usually when one file is pulled or removed, the entire chain collapses. But this one is smarter and just calls another file if one of theirs goes missing.

What should you watch out for? The worm sends a message with wording like, "Hey, is it alright with you if I put this picture of you on my blog?!?" If the link is clicked, it delivers an executable file, which is disguised as a JPEG image.

What do you need to know if you've been infected? First off, this is serious malware. Once your PC is infected, it becomes part of a botnet and is under the control of the hacker who infected you. Because your computer has been compromised by a remote attacker, you can't be sure if other malware was planted by the attacker when your PC was compromised.

This could just mean infecting your computer with additional annoying malware, but can also include more serious problems. You need to watch out for identity theft. Take extra precautions to ensure that any data passwords that exist on your PC are protected: change accounts, passwords, etc. The rootkit makes the scope of the problem even worse, because it can hide the malware from the user and from Windows itself, allowing it to exist for some time without being detected.

In order to ensure the integrity of your PC once infected, we recommend reformatting and reinstalling; if that's not possible, a thorough cleaning is necessary, but keep in mind that, regardless of the infected files being removed, your computers overall system security might be damaged.