AIM Worm Installs Rootkit
FaceTime Security Labs reported on Friday that a variant of the Sdbot worm has been making it's way around the AOL Instant Messenger network (AIM) via chats and instant messaging.
Symptoms of an infected machine can include:
? A running process named lockx.exe which is a rootkit that connects to an IRC server and awaits remote commands from an attacker
? Users default search page may be changed to http://www.eza1netsearch.com/sp2.php
? CPU utilization may be abnormally high, even running at 100%
? Download and / or installation of spyware and adware applications such as 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway, and SearchMiracle.
AIM PC users should make sure that their antivirus software has been updated with the latest virus definitions available.
Posted by - DoDgEtHiS
November 1, 2005, 10:20 am
News Source - Facetime Security Labs
Go Back to main News
