Virus alert: AIM worm on the loose

20 09 2006

A new AOL instant-messaging worm is making the rounds, carrying a malicious payload disguised as a JPEG, according to security researchers.

The worm provides a path for rootkits and Trojan horses to propagate on the computers of those listed on the user’s buddy list, according to an advisory issued on Monday by FaceTime Security Labs. The W32.pipeline worm is one of a growing number of instant-messaging threats on the internet.

W32.pipeline initially appears as an instant message from a familiar contact, according to FaceTime security. A message appears asking users to click on a link to upload a picture of themselves; instead, a command file,, is downloaded and disguised as a JPEG, according to FaceTime.

Once the user runs the file, a csts.exe is created and installed in the user’s system32 folder, as part of the Windows operating system. After a user’s system is infected, it becomes part of a botnet – a group of computers controlled remotely to distribute such malicious attacks as viruses or Trojans.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: