AIM Worm Installs Rootkit

    October 28, 2005
    WebProNews Staff

FaceTime Security Labs reported that a variant of the Sdbot worm has been making the rounds on AIM via chats and instant messaging.

You’ve got rootkit, and spyware, and a host of problems if your antivirus software isn’t up to date. A worm circulating through the AIM network can be a serious problem for PCs, FaceTime said in a release.

A machine victimized by the worm will experience a whole bunch of problems:

 • Adds a lockx.exe rootkit that connects to an IRC server, awaiting remote commands from an attacker.
 • Rootkits may be used by an intruder after cracking a computer system and often hides logins, processes, files, and logs. It may include software to intercept data from terminals, network connections, and the keyboard
 • Acts as a vector for additional adware, worms and viruses
 • Changes a viewer’s original search page to
 • Often increases the CPU usage to 100 percent after the malware is installed
 • Downloads other applications, including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway, and SearchMiracle

AIM PC users should verify with their antivirus companies that their virus signatures and scanning engines have been updated, as always.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.