Greynets Galore Invade AOL IM & Pack a Spyware Punch

Old Milwaukee Beer used to say- It Doesn’t Get Any Better Than This! and now FaceTime Security Labs says it doesn’t get any greyer than this. I am talking about the Greynet from Hell. It’s a worm, it’s crude social engineering, it’s a rootkit and it packs a heavy adware payload-. If you get this on your system you might turn have to turn to Old Milwaukee Beer to alleviate the pain. Truly this is contextual marketing at its most creative and most disgusting.

It has been a busy day at FaceTime Security Labs and it can all be traced back tofinding a newly discovered worm making its way through Instant Messenging via AOL with rootkit in tow. Of course we weren’t shocked as worms crop up frequently, however it was the nasty riders attached to it that will make you shudder and hopefully it will make advertisers think twice because if you are using some of these companies to advertise you have hit a new low. I don’t know how you can sleep at night.

So rootkits aren’t new, nor are worms, but rootkits flying around IM land are new. To make matters worse this particular work of art packed a nice load of adware/spyware. Perhaps if you were bored with the worm you could take a break and play some games with Zango. I am sure this type of detective work is beyond most e-commerce managers and I would hazard a guess that Network Qualty teams would struggle with this one too.

Our IM HoneyPot and Spyware divisions have been working double time in taking this piece of artwork apart and it was a doozy. So without further waiting the envelope please- the companies who placed their software on your system through this new and novel fashion included:

- 180 Solutions
- Zango
- Search Miracle
- The Freepod Toolbar
- MaxSearch
- Media Gateway

For those of you not familiar with Root Kits let’s turn to the trusty Wikipedia.

A root kit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. Root kits exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows
….
A rootkit typically hides logins, processes, files, and logs and often includes software to intercept data from terminals, network connections, and the keyboard. In many sources, rootkits are counted as trojan horses. Rootkits are becoming popular additions to spyware programs.

A rootkit may also include utilities, known as backdoors to help the attacker subsequently access the system more easily. For example, the root kit may include an application that spawns a shell when the attacker connects to a particular network port on the system. Kernel rootkits may provide functionality that allows processes started by a non-privileged user to execute functions normally reserved for the superuser. Kernel rootkits are especially dangerous because they can be difficult to detect.

Recently, some spyware have started using rootkit technology to hide themselves from the anti-spyware software.

Additional coverage of the incident can be found here:

Worm With Rootkit Package Loose On AIM, Slashdot

Rootkit Takes Aim at AOL eWeek

Rootkit-Armed Worm Attacking AIM InformationWeek

Rootkit-Wom Hitting AOL’s IM Network InternetNews.com

AIM worm plays nasty new trick ZDNET

For the official release and media contacs see the FaceTime Press Release.

• We Support New York Affiliates

  

• Subscribe to ReveNews

  • Get ReveNews Updates in Your Reader
  • Get ReveNews Updates in Your Email

• The Latest Comments

  • Wayne Porter on When you should Drop an Advertiser
  • Wayne Porter on Reason #4837 Why This Industry Needs an Association
  • Jonathan (Trust) on Reason #4837 Why This Industry Needs an Association
  • Wayne Porter on Reason #4837 Why This Industry Needs an Association
  • Carsten Cumbrowski on When you should Drop an Advertiser
  • Carsten Cumbrowski on When you should Drop an Advertiser
  • Pat Grady on When you should Drop an Advertiser
  • Jimmy Daniels on When you should Drop an Advertiser
  • Jonathan (Trust) on When you should Drop an Advertiser
  • Carsten Cumbrowski on When you should Drop an Advertiser

• ReveNews Readers

• Archives

  Select Month October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004

• ScratchBack Widget