The attack of automatic IM worms is hard to avoid

The sudden emergence of a rootkit in a computer worm that attacks via an instant messaging network (IM) has sparked fears that hackers have been able to organize worm attacks. Fully automatic calculation on IM networks.

In the latest IM network attack - for American AIM network online, rootkit lockx.exe has been 'embedded' with the W32 / Sdbot trojan that downloads and installs many dangerous software. hide face. This is the first time SDBot has been found to be used in attacks over an IM network.

'The situation shows us that the present time is ripe enough for automated computer worm attacks on IM networks. Usually these attacks will cause a lot of damage, "said Jose Nazario, Arbor Networks Inc's senior software engineer, a security firm.

Nazario - also a computer worm researcher - said the arrival of SDBot in the recent attack on the IM network pointed to the current trend of dangerous software - Once infected On a user's computer, he will download a variety of other tools including rootkits and spyware and then use an IRC network to control botnets and continue to spread.

According to Nazario, computer programmers who attack via the IM network have become experts in controlling computers as well as friends lists on users' instant messaging applications to distribute them. virus or dangerous software.

Chris Boyd, an expert at FaceTime Communications and who discovered the rootkit and SDBot in the last AIM network attack computer, also has the same view as Narario.

Boyd believes that embedding a rootkit into the ' virus spy application ' is a new attack method - a way to spread the backdoor trojans to take over the user's computer. For example, the ' lockx.exe ' rootkit is programmed to connect to the IRC server to execute commands of an attacker who wants to hide.

Earlier this year, Microsoft was also concerned about the company's MSN Messenger network being used for automated worm attacks. The company immediately had to fix any security flaws in the IM user application. At the time, the exploit codes in the MSN Messenger application were widely distributed before Microsoft patched the 24-hour security hole.

Tyler Wells, senior technical director at FaceTime Communications, thinks that the buffer overflow errors in IM applications are the recipe for disaster strikes. 'We have seen documents describing the exploitation of security flaws that allow remote code execution in IM applications. If put together, this is no different from automatic worm attacks. In addition to this attack, hackers don't have to trick anyone to click on a hypertext link.

'Attackers will first aim to exploit bugs inherent in IM applications. For example, AIM today has the ability to update avatar images before each ID on the user's friends list or play a song without clicking. All instant messaging applications today are a combination of applications like VOIP, file transfer, photo sharing or listening to the Internet radio. These additions are always a concern about security. Every time an IM application is added with a third-party feature, the good thing is that you have added a new and harmful feature that you must 'inherit' all of the application's security issues. '

Nazario adds that through detailed studies done, automatic worm attacks on IM networks will have a very rapid spread. 'The worst situation these studies have found is that every IM application that is online at the time of the attack will be infected and the problem is just time.'

'Automatic IM worm attacks are unavoidable and can happen at any time. I was surprised that until now no such attack had occurred. This is a very fast and dangerous method of spreading virus software. Users need more vigilance 'Nazario said.

HVD - ( eWeek )