Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: New AIM worm - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New AIM worm
Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading.
The worm is simple and doesn't exploit any vulnerability; instead it relies on social engineering.

The user will receive the following AIM message:

"This AIM user has sent you a Greetings Card, to open it visit: http://greetings.aol.com/index.pd?source=christmastheme?my_christmas_card.COM"

Instead of going to the AOLs site, this link actually points to a different site (http://<REMOVED>.<REMOVED>.134.156/My_Christmas_Card.COM) from which the user will download the worm.
This file is a SDBot variant and at the moment the most popular AV programs detect it generically.

Thanks to Joshua!

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Munich July 2019

Bojan

379 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!