|
|
|
Researchers Say Automated IM Worm Is Inevitable
By: Ryan Naraine
2005-10-31
Article Rating: / 0
There are 0 user comments on this Network Security & Hardware story.
Researchers Say Automated IM Worm Is Inevitable (
Page 1 of 2 ) The increased sophistication of instant messaging worm attacks has triggered fears of the possibility of fully automated attacks that do not require user action.The sudden appearance of a rootkit file in a spyware-laden IM worm attack has set off new fears that malicious hackers are sophisticated enough to launch a fully automated worm attack against instant messaging networks.
In the most recent attack aimed at users of America Online Inc.s AIM network, the "lockx.exe" rootkit file was bundled with a new variant of the W32/Sdbot Trojan to create a nasty mix of hidden malware.
 Read more here about the rootkit attack on AOLs Instant Messenger.
This is the first detection of SDBot squirming through IM chat windows, and the addition of a rootkit program is causing raised eyebrows among security researchers and worm watchers.
"The situation is ripe for a fully automated worm to cause some serious damage," said Jose Nazario, senior software engineer at Arbor Networks Inc., a network security firm based in Lexington, Mass.
Nazario, a worm researcher and author who tracks malicious activity on the Worm Blog, said the appearance of SDBot in an IM attack highlights a rapidly emerging trend for malware: Bootstrap onto the system, download a number of tools including a rootkit and spyware, use an IRC (Internet Relay Chat) network to control the botnet, and continue propagating.
"Im really surprised we havent seen a fully automated worm on these IM networks. To me, its begging to happen," Nazario said in an interview with Ziff Davis Internet News. "Pretty soon, someone will find a way to package one of these attacks with an unpatched vulnerability to cause some real problems."
For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.
Nazario said the IM worm writers have mastered the art of commandeering a users buddy list to spread the malware bundles via URLs that must be clicked.
"Once we start seeing AIM or MSN Messenger exploits packaged into these, well see a fully automated IM worm. But, so far that hasnt yet happened on a large scale, and I dont know why. I think its only a matter of time before some enterprising malware author decides to break down that barrier," Nazario added.
Chris Boyd, who broke the SDBot code and discovered the hidden rootkit for FaceTime Communications Inc., echoed Nazarios fears.
"Before long, someone will come up with something capable of doing massive damage. There are some pretty horrific rootkits out there at the moment that are completely undetectable. Were now seeing them all coming together and its not looking good," said Boyd, a well-known security researcher who uses the "paperghost" moniker.
"Ive noticed over the past six months or so, the malware writers are moving away from the standard Web page drive-bys and finding new avenues to deliver the nasties. Weve seen it with BitTorrent and were seeing it more and more with IM," Boyd added.
Boyd said he believes the inclusion of a rootkit file in the spyware bundle was a deliberate "sleight-of-hand tactic" to drop the backdoor Trojan on compromised machines.
"Its a very slick move. While were all complaining about the pop-ups and spyware, no one notices the nasty rootkit that puts your entire computer in the hands of someone on IRC," he added.
Next Page: Increased multimedia functions mean IM danger.
|
|
�������xr㶲0;; ʷ♵MR-Z,/K3^:U*$�ER�Ϯ��O7�t$_&}f���6ЍFh|Gއ�$\9дǤ�g�%Sg�>D{{}!�Ph�I-*rdxCrJ�Բ|W7�RՇnc3�P/W�a��W�0Q�Y|��vn=�2`V~�|%�k�`TCw-}~D�c�M-G ؓ�ۭ@x!�BP�#"F��τmݻ�H}H%�;qؓ:IuhlUD`iRi13<
L�5LÑcPp,ǃ)�TQ3#}jZ�3u-3G@ؾ!�#���3Eu��L_GBԿ$f�
0�R��̳X�#vR0w�cE[3Uֶg5�]�q?=<"3z7 �wZENX*�o�~�c> �S
xz`:v�xtTa_dY��f42M�ٰ5T:Ԫr\�ˇJY4[={2q*sܼL7jͻ_~^)eU�ݽn]H�QPw@�ږV�a(ڭNs#םOͫ�~@�{A~�$?Vj��}�&
D%\.�I&0h�5&6tt<_Bn
,:i#ty�[�n9,��4E;
KHr�])2���,�"'3Ҽ5oon[&5O/On[sdo̲5�JEӀ��Z�vb�!?>�WkYK;u"+|vf����p3�Z_Zr�`K['^OSr@k��FPY��D`6�R\� 9lb�)6B̄H )ƃwR<�?��z@@�ZR~nV(�U7$ٛ�"G��;�zl��r!DKI��88��c�^IR]E1\a>pYcŹr�vwެ,�U*մ[��ӢKsq}mMOf۸h�ǫ�g�",�$�
ꨦUʇ��,Vr*ǿ@8ʍ�??�2B��m�]ԇtϬ ϳ` 0h
�vz?S�OМMk�ݶ�OCGs�>H2胎6ml�-�$�
,70}HG:QI�4wX(x=�c�Og�v�/|�\1><�)ZN;��=H:6(Z�χ�$ǶCMߟ�L��s#08w�Ƀ 5�y0�ݻ�i`y1�&���բ� !Tgg ,z�z��C�
�X.'s
6G>0-0���g�%ɥ6A\IQ�o�g�dQJ
4$@�!��-i]�R@A�z6W?��-�8�,rr2����0#!bTLZ�'9Tv{B#�;}Tz*�gR1eb -d[b�~I�l�
eV&vϏaZLboD��6�]�,�S�mo�-m�u{��6
��z0�LBOؑaIQ���ңF +<�j)d6L9e<�p��2`�]?b�n;N %]&�^>99� �->ƘMG+{68D�&�f+Lo}}Т̇,d"[{nSӀ)4+��pPs�P�}�52{B{`a9.pwG!=?�p*JNC_jVzu}a7MAV?�T�y
v�|9�p��9E#rUϚX� 5<�.�&B#57�&�Q OzBnehJJ*$,�4�?gaE8F2�b5k%Ǿ>|^`�"3hqNNRЙB#@9z�Q��YWo%<4Hյ�$/gcP*�KúJ�jp ~�7�Bj^¢ym<2�D֑X`9HM^>�V�"f��ˣ(�e6LF%?Iok}�SsdҡmD
jrAi�#S�OodV-iV9ִrX,y|=,D0(2n( �MVRQy3�:z�As,0HGMg����\<<�f�q'��X�t+@�Zl&VUmTHbp=PF˸h�Fq,@XĞ]F��KǚO]S��EeH
w%jFd>m6 '�[ar�S��hfh:2-�5_G�Ow'��)7]ٰ\R
�~��j"�yd\s˰e0k-4fsF{d�E.;Դg*+&U$jl|T�`ZsnG<��7K�$�X�
�c4}�5��:*jAeoY+^�t�m(5#���#2��qg��rh)hgj*�v/�
h#�քX[ў#WX�
tV ЛiQ`V �Ն�yϤMvU)XW}Ӏ�eyM/ܛZI3=Я"JL7/�<�sƃ~�w"�Y@*N_g@ "BN�7x^ox
16U�m/PG]մR��!c2�
s*�nK5ѹtNcl s�ƻ~rn�Af �D�|��8 F�5`�?<�Y3GGu�"�M."8&́08h} 2"�_`n�~/I6�0�&|�N�:@"��c�]f.�k�<]٘Ʃ4>J>j˘G�2cdQ��hV�z\ 4�ix�N3 akc>�/��i�)T",߸X,W̱�^`�.
JU-��A^Mo6=ITRGQ�>=}Hc#&�ajxmb_z(uϵ(�Eō:k0R�BE-) B^D�D\w
Zlm7,��:
�/<6" ތb��l{
e|פ|X+�G;"ʌg�b|�p{>'F{�z�Ȑ4PG���eWՄθ�4;f̬9[IfYy�Vum4uH�"5H�e^V5XI0iUI+T�Z}�����2a.U}7*\&�IvSf
t�GD�o0|=>0�Jj$�RiE�mT)玿ߓN�p��( rI-��ã,z(�d�0rY��+`7�'�ɠ��K=� �j ;!�O}+�&<�
�Rٟ8sɖB�x_�K�(jT�xϰLc
V(YŵyAhhqL�o|?؇^?iUeqb��sE1 7cyJ�~��Zg�^�pR�t(+?k.HActh>�!L�8~xmZ# {L.^"�}ܧ,5.i��J濎H䗋3n\4p��-�z_5>6�
�`i0~L(}�7{9EMu}!w�ᳫy/`�yA�Ni�8EZ|IsչU)%{�un;�j��d�W#�O!yNFS�L�o2�X�Gzz��0\㵑a3�"A�Ky˙�c�ª9�kI.Dzd_5�g0�
x-� ېco#8
V�`!�
�bB!|Jj��2'|��@X�d1ҷ6�P2�Y;pOҠc�m}d�<ݸ;g{f�1vn Pc�{~mI�.e~W�(TR��/dOk$J骇\�%��(S]MT--^\RK>^+���Uk@< b]_��I{O�z[��N
آw��gf73G?[4�
2�UCnK_�:Z1yE0pLa�~��o�[1 �Y�mi|o(o'xk5�)
[NW&6o)�.w?.AӞ
�_�'`65xf���gSgIaM
O>,0eRKӽQ^�''\/_z ?f2G�b9�
<�#�%7Ǎk@�_vZ~��O}�=Vw��֓��gk[vQ�q�/c�,�_JMqLr<
3ҐSgr��jLk
xx'�\�+U*/^qIL��O\F!,��~oʛ�S֪IP{
���6�0nr]�Iޝ�s�o��3 �1�фaR
9�~v&�V'];�$f}̏'L~P0n!S렳.:a/G,�+YMh�hc^�*n_g34c:&��Ŗő0,(+�}(b�s"66�*�/9L1V.,V�bg&MdhJ^I?yxGV�^\V�k{�܂�J,�[3*U�j)N4{Nkҹ1"$wyv7�9R'rBy�d�}� �*N�h#<�S(˺Eo��]{�'W,V&B\�$�%�z�\x�W��^� D�yCW�$Obd9
'PBbS�'A<��[Ӫ�6Q�;A/�ˬi
ԥ�aJ4;��.|Ky2#<~
(�R���XAj���I��Ld!bk��Q��a@�BZm��d!�#
Kd͗E>{�\]4aU~��WYRJRx<4ګ3n�f��s)|IZe0R�p$���uFD��8�ோ^J>/IeȘ*m�|[!0�F:<"fY"qP�o*�K]}D' x>�D�X37aPt��a}�p�0[qkR%$.wӴm��/Hˉ�Rã0e1C�z=Ň@2]����O$Uv�V�_{ yBʼ�++ۚ�KΊ�"@0Q&�2{�N�.F�q8$C���!�����|]# "ݾ�C�I$-�C阶�Q1�W�7(&N�|H�:S�r&Zy�AC�A�[͋�1�:;1GQmFa ;W9G-\Х��ԛK>K[ZR)����)
,)�#�[S'̮�®aZ�2�ϫ8�� ��s~s~s~s~y'lY-�ԗ;ac}XdTb{CS%^o)^N]f,-$1GO�a�鮛>=�@�bY8&^Yh7Tr�_7�ے=u,$�~7:i�
�OY&T%* ~%C;�
[ZEΥ.�ԓ̱/gixҭ�f�0x� HE� �I6ƳFl9/ډC~�E8A��chB7�L=Xį�TV�mkth��_��e U__ؽ�v|/Ddef1*�_aPA�*R�`1aQq/G�T`Dw�İZ�(s=<���7&az@ْK˯6۳l"K_>"(s���y)];, L��%R(��q�SBΔM�C"����U��b'�w%T^ݺ�ˣTV$v
�f\R�kx'B��_`5|mD�f!R�חC}tD�oooo=�T*(_'j�GU�'i3/�`�ݵ`IY1�
X?m_r�g��CbT_W=O¾q݅�GEae�3AÇ��bĢ0��7�8/=B{[\Ϋuy`oI H\G�\-|���� j8
T�#NٯK-MMW�Nj�gh~p�ޱGxφo�
��њ%zzR�agd8r㕖,_f�$U6(جDv�Eӏpt^2)�RxqB
�C�|}k�~�Uח}i��.m2Ix2%^"K_p
![U=x&́��:�@�Z4*/�ws�ty/0;JI+�9.��X1 rϖW8�nɸ+g븺e)7|M�\"W{cPh/?�]qڿ
�yummo
Q&Dӽ6w�*vjmm�嵙v�m{�ŷi�Ϻc�W۲:pX�Ejˏ0m-m,ѩ@1*eX
-}-$�ǒ �>Kw�=W7�%4�C2Ě-Ub1DKb��@/_j�d}LߋH0&PS�}̳�^\h?�T60.Ndã�E"rU����POo|֊�[NiΞCm�%��\k66m�ͨ4$}��:-F�?ߨ}ȼ/RCas�0.$,SeH�ͦ���0a���:6M]8��z@~��S^MT{5��s:�:~/H"�&�>y|� [D��pS/�\x?��*n{Ɲ@ n.�o��F�aw�Ƕ�%VG˸0�cM[,zmKp�BYW�P�18!0"�9pElؖyy5F?P9E={ѭ/D�NtU�Q+"J]�PVôL��cW�F�%5z�J�0iCX�^qSL<2&9~��FX�Z���a0_-�1V&G�B�A8A�XJ�o,"�xa�C�c8(Ґ�"4HFpxAҲ�z-ls�h*b4�B�M;'5}L1�F�%�>%�Zk�^�YR+Ȉzqb�]!1c}TA9=�Q�5���RU
BI��?��ZjA;T76�/j���b^�xc;XeC�a^�ShS;Xifkyb+n'-;3@�ܬDM�n߯G܀��e�mQ�Na)�c,d7w,n|� Э%i�;ᆔhd9_K>HP*$�{��@�
eˡ7�qb\�j�0=
^ڨ]{L9�
H:@�7�x.%5&o[I{e
�>b:�]w:a0�9S
F;6vCW5ATJ{;�UJMh>#~0=ǎQ_uyZ~\`{Qh�EZ`3+n{lKZIȶ8+il�wAQg)q|�KmS?�� �7сH.5L�?_J }+Q�^_�f�VܞVk��*x�G%\0]i�rBGیh%=Q�/<�OcB|2X8�_��_!߰�,VI�m{7�R[�Eꊍ\D��Q��+�B�p�כw/��nu^��V�<3C}m"����<�yS]\y
hs>(4xa <
ߣ�~ 'l�I<�R+�vfA��-=2&�V>�{��\o|J��"ķ�5|$rkqC9ҔY?�/]P)`�#u~���f�6L-�
Dָ"c�*41GJ[!�}&�nI79o6�-i`I; aN���J���xxe9Sۈ"e0�0mÚ
=VẘwUJ(�i01Faŷn(�l�;b21#|>Oc�x�ɗ�Hg�U,%+A�s
"P�V:�
�G�(�nbJ ͍$$\��kfa�)
&�X`�,2E<�ex?,�GAq2?5:�`�f�`�\�N���*r ��@�:ς=d9s!aZ;<
Q�7IB�u�XRFB(6s�
���O�gu;1
_F`����3�W�VjE)OBӾRs]��j)qL\]�{}
YV^*ӄ^I+�L
��?$-GF쌆�xzi�$͈ɵ7���4nn>-ift?tOo[7V皜4:wx Zѷptԝs9|ڹ|nܶ{LG߲+}e |Q);KFY�n2;eFq(E1B*rK��xU�*
/W%L�qx&Jݞ?Vj�D(/�& Fޜ�&6)Cmղ�r�Z�j9ٙ%KNaS�M�/G��}*4]V0�8���SDny#f�n
*�(%W(5�oח6S���(d#֗�
Κ�P~�sA�EF/>B嗭\u2ʡuQ�oenK73^_~�2lWogO�og�,@v�}@v�}ڀ;�6g;?�D��(ˌ@?2P(�k����N~d��o2�.�w3�2/(_�3�*�>e )~wP~U�{w]Fww�$)c�F5npvJEsQ^O2T�}~�)�P�P
g��~-2&B�@n~} ks\W�KM0TntEճKVvZ1nv�d}חG{1*�,xW&I��
s hxVyd�b�
bye?VP�w;]�CҤ�]�j.�{%])W[O'i��kr(%s<2g!�gs=*
ͱ��#�{"Ե0Xϛ�QǒGЬ�W]#=D~(�s�җe&o�3?���`jE9~@' @9_Ew�[aw�nד7pK��SG0�U�75il�ŭhg?>/�ydֺWWVF+p'k͠~�%s"N^P3�l1@�Щ
zu�in2�&23�Mť{:�/q\x| "e*s`B`
�jϗ=3{n%c�$Q�#
Erly0�61wHZ�P,#V}�"0�;��Vӄ.L}MGlx6�,0�GIq1i����!�ՓZ�if�FxxjIb��f\ �)`7Hv͘ಓH_c'cE��wy&b�b P|_�|eڳ'v]��wyC͞�3%L$�&��~2�i�-}x�� {��;kh.Ψ�y
�0p{'�sr�&�S)��Y`�_GFb��3+M��
B8̈́d�N`'�8O=Ǧ eg@,��"s
k!v:�2=jQwh}rZ7+܉W]b?Wdeݙ
�BG#X/�t ,�Mav;
ă�V�n,='�ID/j���˦UMf@gQl)VxRD���szn%()%�y+L9(م��xU*HԴx*�Da�ip��O1S�u Ы�v�l>cx Lwᅮ��_��ԕU`g#�~"��V[��œA6�`0C3`�܀}lI���Ox�R}r:7�Y 7�%6[+-����`⎈me��iZ:DR�*,D&f
,����~sf㿞5%Q��.�9���^Bu6٠^|:y-�E�Of�ݍ2J7tlk%�!�XiW��e1RpCV)�tO�ĵ܋��BNt�HE}�k,^��zX�ѽ!P9N�Rjã
,c<=�ԭ<�P0��_C^&?c5Vqٮ�7GLcݰ+`�jk�7D]EtAw{C\7泌]e�#�FP1W9ov$п�9V0�|6,�l�p/>&G[�0tczz�oηp2$82��e�pCikZK�0Dq]�
�XǢȖWqTR:!�;
/D?8���ciL��;fcXJ
,�ozԛ'T�S*�4.v>σno�4�xDh\N�wL�x��%L+DvdzU.��Z-^cdX$֬�LE"�)u1�G�=��z��k|F�XK�LMhljc{pfi�#fS�S'�3�Gτ �ix�v�4<1�T<���nh1)�d'kI����'�R&la,�8�r3 Ej Z.�3��R0/yq�Ba��ʩȩ(v�}_|J�Ѭ�d�;j�+39ʧ=N�~p��lc\YG��7�nUsb�`!th>�JzC�*`.g�֯Ͱ>!2D!6�xfwsչ⿁�qm�VP�- Qs{L`��)XY"Y�/���~} Wha<�[Wy�&F�Ϧk�kV*w�N㛼VtƢ�I:�*P)V�[]jv[W셳Qbm٦4�*d.%r�R�⊫+EiQ}*'
CfgJ܄;6�6BKFslx�6�1��&��
|
Network Security & Hardware 
