Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading.
The worm is simple and doesn't exploit any vulnerability; instead it relies on social engineering.
The user will receive the following AIM message:
"This AIM user has sent you a Greetings Card, to open it visit: http://greetings.aol.com/index.pd?source=christmastheme?my_christmas_card.COM"
Instead of going to the AOLs site, this link actually points to a different site (http://<REMOVED>.<REMOVED>.134.156/My_Christmas_Card.COM) from which the user will download the worm.
This file is a SDBot variant and at the moment the most popular AV programs detect it generically.
Thanks to Joshua!
I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Brussels February 2020
Dec 5th 2005
1 decade ago