A W32.pipeline worm sneakily implanted via AOL Instant Messenger (AIM) is making it’s way around the internet. The infected attachments are disguised as “JPEG” files and are distributed with AIM messages. The message reads : “hey would it (be) okay if i upload this picture of you to my blog?”. The worm then sends out copies of itself too all the contacts found in the AIM buddy list.
“FaceTime researchers believe that the ultimate goal of the W32.pipeline is to create a sophisticated botnet that can be used for a range of malicious purposes,” the Foster City, California, company said in a statement.
The worm distributes itself so fast that very soon, it would create this massive potentially evil ‘botnet’, which would be used to backdoor into desktops which would enable the download of other malicious software code. It could open up the e-mail port on the PC and send out spam messages. It can also install a variant of the “hacker defender” rootkit, which is widely deployed and difficult to remove.
Botnets under the control of hackers can be mined for personal information or used to send junk e-mail or overwhelm business websites with simultaneous requests in what are known as “denial-of-service” attacks.
Hackers could also use zombie machine armies to commit “click fraud” by having them repeatedly connect to Internet advertising for which businesses are charged per click.
One of the most dangerous aspects of this worm is that it can also connect to remote file upload sites, which the worm authors’ use as staging sites where they can continuously download new infections. Once a computer has been injected with the worm, the worm then would propagate itself out using the same method.
Threat Type: Worm / blended
Risk Level: High
How to protect against this threat
The initial file has the potential to infect AOL’s 80 million users, and users can protect themselves by not clicking on links sent to them by other users, even if users appear on their contact list. Currently, most commonly used anti-virus programs do not provide protection from W32.pipelineworm.
The only protection against this so far is the user not clicking on the link sent to them. So folks, please be wary of any instant messages your receive from here on forwards…