Full
Name: |
W32/AIM.552-B |
Type: |
Worm |
Also Known As: |
W32/Opanki-K (SOPHOS)
W32/AIM.552-B
Lockx |
Danger Level: |
8 |
Category Description: |
Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.
Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files. |
Comment: |
Instant messaging worm that attempts to spread by sending a message containing a link to the worm to all users on the contact list. Allows remote control of computer by a backdoor via IRC channels.
This particular variant starts with an AOL Instant Messenger (AIM) user being asked to open a link, apparently at the request of an AOL contact. Clicking on this link initiates the infection sequence, which may or may not start with the dropping of a number of adware files, and the rootkit software itself, lockx.exe.
Once on the computer, the malware attempts to shut down active antivirus software and then installs software that allows the computer to be remotely controlled by IRC, and open a backdoor for future attack. It also contains an SMTP engine which can be used to collect e-mail addresses.
Of significant note is this has been classified as being the first rootkit spread via IM because of the way it attempts to hide traces of its existence. The rootkit file's use of IRC is also considered especially dangerous because it allows attackers to execute remote commands. |
|
|
Properties: |
|
Back to the list of products removed by X-Cleaner
|