This post was published 3 years 1 month 17 days ago which may make its actuality or expire date not be valid anymore. This site is not responsible for any misunderstanding.

There is a highly sophisticated worm spreading via AOL Instant Messenger that researchers are saying is extremely difficult to put down.

Called the W32.pipeline, it appears to have been sent via a buddy. A message appears saying: “Hey, would it be okay if I upload this picture of you to my blog?” Clicking on the link starts an executable file appears as if a JPEG file is downloading…but it is not.

From FaceTime:

Once the user’s PC is infected, it becomes part of a botnet and is under complete control of the hacker to use for a variety of purposes that could include relaying SPAM, performing distributed denial-of-service (DDoS) attacks on other computers or committing financial fraud against online advertisers – commonly called click-fraud. In addition, the potential is high for loss of sensitive personal data stored on the user’s PC.

Like many IM worms, W32.pipeline first appears as an instant message from a familiar contact, luring users into clicking on a link with a contextual phrase. The IM message “hey would it okay if i upload this picture of you to my blog?” downloads a command file called image18.com, which is disguised as a JPEG. Running the file results in csts.exe being created in the user’s system32 folder, part of the Windows operating system.

Jack Cook (2689 Posts) - Website | Twitter | Facebook