AOL IM worm roots around Windows
Under the radar
A worm propagating through AOL’s Instant Messenger network comes with rootkit technology designed to slip under anti-virus defences. The Sdbot-ADD worm is being passed through instant messages from members on a user’s Buddy List and within AOL chat rooms.
Sdbot-ADD, the latest variant of a family of worms that is continuously modified with new components by hackers, comes complete with an adware bundle and a rootkit file, lockx.exe. “The executable provides an attacker with the capability to upload, download and monitor the infected host. Furthermore, the executable attempts to shut down anti-virus programs and leaves a backdoor on the host PC to install additional software,” according to IM security firm FaceTime, which was among the first security firms to notify of the threat.
Full story: The Register