AIM Worm Linked To Middle East Group

The worm, linked to an unidentified group in the Middle East, has the potential to steal Microsoft Outlook Express e-mail passwords and log keystrokes.
A recently discovered worm that spreads through America Online Inc.'s instant messaging network has been linked to additional malware sent by an unidentified group in the Middle East, a security firm said Thursday.

Sdbot.add includes a Lockx.exe rootkit that hides the worm in a computer. Hackers can also use the rootkit to cloak their own malware.

FaceTime Security Labs, which identified the worm late last month, said it has found a rootkit-linked ster.exe file that contains six additional files that give the attacker the ability to upload, download, and monitor the infected host PC.

The software has been linked to a group in the Middle East and has the potential to steal Microsoft Outlook Express email passwords and log keystrokes. The infected computers can also be used as a platform for launching attacks on Web sites or networks, FaceTime said.

The attackers have compromised multiple servers hosted by Internet service providers worldwide to distribute the malware payload, FaceTime said.

The research group is a division of security firm FaceTime Communications, based in Foster City, Calif.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing