AIM worm plays nasty new trick

October 28, 2005

 

AIM worm plays nasty new trick | CNET News.com: "In addition to the 'lockx.exe' rootkit file, the new worm delivers a version of the Sdbot Trojan horse, said FaceTime, which sells products to protect instant-messaging traffic. Sdbot opens a backdoor on the infected PC. The worm also places several spyware and adware applications, including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway and SearchMiracle, the company added.

Worms on IM networks can spread rapidly. They appear as a message from a buddy with a link that looks innocent, but in fact points to malicious code somewhere on the Internet. Once the user clicks on the link, malicious code is installed and runs on the computer. The worm then spreads itself by sending messages to all names on the victim's contact list."

More ammo for the "Do Not Install IM Apps at Work" argument. I've personally had to clean some crap off of some computers recently as a result of an IM worm. The biggest issue with most users is that stuff like this, whether it be from IM or Email, is confusing when it looks like it's coming from a trusted source. This has been an issue ever since email viruses started appearing, and without proper education, they'll only continue to spread.

If you must use IM at work, look into hosting your own solution. Right now I'm testing Jive Messenger (Jabber) Server (has both linux and windows versions, plugin support, and a great admin interface) along with the Exodus client. It's still in the testing phase, so if anyone has any other Jabber/XMPP solutions I'd love to hear about them (I'm also looking for free or cheap). I've also tested the Pandion client and the Psi Client. Pandion looked good for end users (almost no options for them to customize) but had some issues on the admin side (still worth a look though). Psi reminded me of the old ICQ interface (haven't used it in years, the interface may be the same), which would be difficult for users to navigate. If some users need outside IM access, a client like Gaim (my current fav) will allow access to multiple networks via one interface. Training only a handful of users how to properly use outside IM networks is many times better than training the entire office. Again, if anyone has any good suggestions for my project, please drop me a email or comment.

2 comments:

Anonymous said...

Yo, you have a Terrific blog here! Lots of content means more readers, more readers means more Sales!
I'm definitely going to bookmark you!
I have a window xp pluswindow xp plus site/blog. It pretty much covers window xp plus Problems with your Windows Xp Computing !
Come and check it out if you get time We are just a Click Away ! :-)

Anonymous said...

Hey, you have a great blog here! I'm definitely going to bookmark you!

I have a automated system recovery disk site/blog. It pretty much covers ##KEYWORD## related stuff.

Come and check it out when you get time :-)