Contact Us divider Newsletter Signup divider How to Buy dividerFaceForward Blog
Home | Press Release
Contact Sales

Press Release

Worm Propagating On AOL Instant Messenger Installs Rootkit

FaceTime Security Labs Warns Organizations Against Malicious Executable

FOSTER CITY, CALIF - October 28, 2005 - FaceTime Security Labs identified and reported a new threat being propagated through the AOL Instant Messenger (AIM) network. The worm is being passed through instant messages from members on a user's Buddy List and within AOL chat rooms. FaceTime researchers confirmed today that the W32/Sdbot-ADD - identified previously by including an adware bundle - also includes the lockx.exe rootkit file. The executable provides an attacker with the capability to upload, download and monitor the infected host. Furthermore, the executable attempts to shut down anti-virus programs and leaves a backdoor on the host PC to install additional software.

Who is affected: All AIM PC users are at risk by new IM exploit.

Description: New IM exploit launched through AIM, that:

  • Adds a lockx.exe rootkit that connects to an IRC server, awaiting remote commands from an attacker. Rootkits may be used by an intruder after cracking a computer system and often hides logins, processes, files, and logs. It may include software to intercept data from terminals, network connections, and the keyboard
  • Acts as a vector for additional adware, worms and viruses
  • Changes a viewer's original search page to http://www.eza1netsearch.com/sp2.php
  • Often increases the CPU usage to 100 percent after the malware is installed
  • Downloads other applications, including 180Solutions, Zango, the Freepod Toolbar, MaxSearch, Media Gateway, and SearchMiracle
FaceTime Enterprise Edition and IMAuditor customers can proactively block these malicious threats and prevent infections before they happen by blocking downloads of the specific executable files associated with the threat. For more information, visit FaceTime Security Labs' reference site at http://www.facetime.com/securitylabs/imp2pthreats.aspx

About FaceTime Communications
FaceTime Communications enables the safe and productive use of instant messaging, Web usage and Unified Communications platforms. Ranked number one by IDC for four consecutive years, FaceTime's award-winning solutions are used by more than 900 customers – including nine of the 10 largest U.S. banks – for security, management and compliance of real-time communications. FaceTime supports or has strategic partnerships with all leading public and enterprise IM network providers, including AOL, Google, Microsoft, Yahoo!, Skype, IBM, Reuters and Jabber.

FaceTime is headquartered in Belmont, California. For more information visit http://www.facetime.com or call 888-349-FACE. The FaceForward blog, at http://blog.facetime.com, offers thoughts and opinions about the changing nature of Internet communications.

PR Contact:

Emily Chamberlin
650-762-2945
echamberlin@ar-edelman.com


Current Press Releases

Press Release Archives
2007 | 2006 | 2005 | 2004
2003 | 2002 | 2001

In the News Archives
2007 | 2006 | 2005 | 2004
2003 | 2002 | 2001

Customers

Awards & Certifications

Sign up for FaceTime's eNewsletter: The FaceTimes

The FaceTimes Archives

FaceTime Security Labs
Get information on the latest IM, P2P and spyware threats
 
Home  | Company  | Solutions  | Products  | Partners  | Support  | News & Events  | Security Labs  | Site Map  | RSS Feeds  | Contact Us
© Copyright 2003-2008, FaceTime Communications, Inc. All rights reserved.   Privacy Policy