WHAT: Industry leader IMlogic (www.imlogic.com) is warning customers that a new breed of malicious IM bots are duping users into activating and spreading IM worm payloads. One such instance, IM.Myspace04.AIM, is being broadcast over the AOL Instant Messaging network. Once a user is infected, the Bot sends users new messages that appear to come from the infected user and attempts to persuade the message recipient to download malicious content. This sophisticated Bot attack is programmed such that infected users cannot see the messages the worm is sending on their behalf. When recipients of the malicious message reply to the infected user, the Bot running on the infected machine sends follow-up messages that include "lol no its not its a virus." While IM.Myspace04.AIM leverages similar social engineering techniques as other IM worms, this new breed of malicious Bot attacks represents a shift toward interactive communication with intended targets, more effectively simulating a live user and thereby increasing infection rates. As consumer Bots such as the recently released AOL MovieFone and ShoppingBuddy Bots gain popularity, hackers have also recognized the potential for Bot technology to assist in their attacks on unsuspecting users. The IMlogic Threat Center automatically detected, quarantined and blocked this latest attack using the IMlogic Real-Time Threat Protection System (RTTPS). RTTPS automatically protects against these new, previously unknown IM threats by providing in- depth analysis of client and message structure, network anomalies, and message content to identify IM threat propagation behavior and signatures. This in-depth, real-time analysis enables predictive blocking and validation of potential threats, while immediately protecting the IMlogic Threat Center community. IMlogic recommends organizations strengthen additional security protection by ensuring all desktop antivirus solutions are updated and that the latest security patches have been applied in addition to ensuring that all out-of-date IM clients have been blocked from accessing relevant IM networks. WHO: Experts from the IMlogic Threat Center can speak with technology and business reporters, industry analysts, enterprises, partners or anyone concerned about the impact of this threat. IMlogic can also offer commentary involving increased risk from IM worms, malicious Bots, phishing attacks and other security threats related to the growing popularity of IM use within enterprise. MORE INFO: Learn more at IMlogic's Threat Center: http://www.imlogic.com/im_threat_center/index.asp.
Disclaimer
“lol no its not its a virus.”
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
IMlogic, IMlogic products and IMlogic IM Manager are trademarks of IMlogic Corporation and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.
Facebook
Twitter
LinkedIn
Delicious
Reddit
StumbleUpon
Digg
MySpace
Newsvine
Google Bookmark
Yahoo! Bookmark
Email
Email 
