my_christmas_card.COM" Instead of going to the AOLs site, this link actually points to a different site (http://..134.156/My_Christmas_Card.COM) from which the user will download the worm. This file is a SDBot variant and at the moment the most popular AV programs detect it generically." />

New AIM worm: Another SDBot Variant


Malware authors just opened their own holiday season. We received couple of reports of a new AIM worm spreading. The worm is simple and doesn't exploit any vulnerability; instead it relies on social engineering.

The user will receive the following AIM message:

"This AIM user has sent you a Greetings Card, to open it visit: htxp://greetings.aol.com/index.pd?source=christmastheme?
my_christmas_card.COM"

Instead of going to the AOLs site, this link actually points to a different site (http://..134.156/My_Christmas_Card.COM) from which the user will download the worm. This file is a SDBot variant and at the moment the most popular AV programs detect it generically. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Tuesday, 6th December 2005 9:23PM