19 September 2006
AOL IM worm
A new worm has been released that attacks AIM and possibly other instant messaging applications. The worm begins by sending a message linking to what appears to be a JPEG file to the instant messenger which installs the worm (csts.exe) when allowed to execute.
The worm then calls a domain that offers free webhosting in exchange for putting an advert on the page. Eventually a executable placed in the System32 folder of Windows will be created and when a user runs AIM a message will be set to their contacts which passes the worm on.
So far all of the instant messages have the same message, "hey would it be ok if i upload this picture of you to my blog?". Of course that can change in the future. The best solution is to not click on any similar link or any link you're not sure about until you check with the friend who sent it.
More detailed information about the worm can be read here.
The worm then calls a domain that offers free webhosting in exchange for putting an advert on the page. Eventually a executable placed in the System32 folder of Windows will be created and when a user runs AIM a message will be set to their contacts which passes the worm on.
So far all of the instant messages have the same message, "hey would it be ok if i upload this picture of you to my blog?". Of course that can change in the future. The best solution is to not click on any similar link or any link you're not sure about until you check with the friend who sent it.
More detailed information about the worm can be read here.
Labels: AOL, IM, internet, worm
