Computer security analyst FaceTime has found a nasty hack that uses AOL Instant Messenger to install malware on targeted computers.
The worm, called W32.pipeline, conceals itself by looking like a harmless Jpeg that a known online buddy sends with the message, “hey would it be okay if I upload this picture of you to my blog?”. If the user accepts, then it asks him or her to click on an upload link, but a command file, image18.com downloads itself.
If the user runs the file, thinking it’s an innocent JPEG, a file called csts.exe is created and installs inself in system32. The computer then becomes part of a botnet, or group of computers remotely controlled to distribute further attacks. After a number of computers have been harnessed, the hacker can launch a DoS attack or click fraud operation.
Antivirus programs have yet to catch up with the growing sophistication of instant messaging attacks, and hackers are becoming bolder. A FaceTime spokesperson commented on the particular sophistication of this attack, which focuses on lining up a chain of PCs to create a pipeline that can be controlled by the botnet.