FaceTime Communications recently discovered a worm that uses America Online Instant Messenger, otherwise known as AIM, to create a network of controlled PCs or also known as a bot network. It’s called the “Pipeline Worm” and it is revolutionary.
Bot networks are networks of PCs controlled by an outside entity. This entity gains control of these PCs by infecting them by using one of several procedures such as Trojans or Worms. Attackers ideally want a large number of PCs under their control, which helps them to achieve their goal objectives faster and with less of a chance of getting caught.
AIM Pipeline Worm attempts to infect users’ systems with seemingly harmless instant messages containing some ploy with a link to an infected executable. Nothing here is out of the ordinary so far, but this is where the worm really singles itself out. You see, most of these types of infections are made up of only a few files. If any of the files fail, the bot network can become bottlenecked, which slows down its performance. The Pipeline Worm however, is modular and comprised of many different files that can perform different functions and work either with or without the aid of the other files. This basically means if one of the files in the infection fails, the other files just roll on without it, cutting their loss, in order to still continue the mission.
The good news in all of this is that FaceTime Communications caught the worm while it was still in the building stages, which should minimize the effect expected from this worm if unleashed unbeknownst to the public. From here, we will have to watch as this attack unfolds and inspires other attackers to implement these techniques into their own public assaults. So, until then, please don’t click on any hyperlinks in AIM or any other IMs. You should leave your e-mail alone for that matter as well. If you’re unsure of its origin, it can only lead to bad things.
On another note, Firefox, the very popular Internet browser, released a patch late Thursday. The patch addresses seven vulnerabilities, four of which have a critical rating from Secuna and Mozilla.
Firefox’s critical flaws include:
1. RSA signature forgery flaw.
2. Cross-Site Scripting.
3. Java expression heap corruption issue.
4. Memory corruption, which could lead to execution of codes.
The 126.96.36.199 patch for Firefox should be downloaded immediately if you haven’t updated already. You can check which version of Firefox you have by opening up the browser and going to Help, About and in the window that pops up, you will notice the version number as the last entry.
If you would like to download the update yourself, you can find it here.
Until next week, stay safe out there!
~ Chad Stelnicki