Feeds

Botnet creators AIM high

Pipeline

Intelligent flash storage arrays

A new worm spreading over AOL Instant Messenger seeks to built a botnet of zombie Windows PCs. The Pipeline worm packs an executable file disguised as a JPEG, which if executed, tries to download other strains of malware rootkits and Trojans. Pipeline uses the AIM Buddy List on infected computers to target other prospective marks.

Like many instant messaging worms, Pipeline appears as an instant message from a familiar contact, luring users into visiting malware-infested websites. The IM message “hey would it okay if i upload this picture of you to my blog?” downloads a hostile file called image18.com, disguised as a JPEG. Running the file results in infection.

Once compromised, infected PCs join a botnet under the control of hackers, who may use it for malign purposes include relaying spam, performing distributed denial-of-service (DDoS) attacks or committing click fraud. Hackers can also gain access to personal data stored on infected PCs.

The botnet established by Pipeline is sophisticated, according to researchers with IM security firm FaceTime. Features include the ability to authorise only specific IRC clients to log in and manipulate the botnet. The Pipeline worm is different from most previous IM worms because it features multiple waves of attack.

Chris Boyd, director of malware research for FaceTime Security Labs, said: "Previous IM attacks have tended to focus on the damage done by the files, with little thought on the method of delivery, save for the quickest way to get those files onto a PC. Here, the motivation for the bad guys seems to be in lining up as many 'install chains' as possible to insure a consistent pipeline that can be controlled by their rogue botnet." ®

Remote control for virtualized desktops

More from The Register

next story
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.